trajik Posted May 21, 2022 ID:1516571 Share Posted May 21, 2022 hello, my cmd keeps opening and when it closes it also closes my google chrome, when chrome re opens it has added a weird looking "Properties" extension. it has caused me to switch to firefox. I am using the Malwarebytes Premium Trial and it has repeatedly told me that windows powershell.exe is riskware and i dont know how to get rid of it, i will include a scan of my computer below, please help, thank you. scan.txt Link to post Share on other sites More sharing options...
MKDB Posted May 21, 2022 ID:1516575 Share Posted May 21, 2022 Hello @trajik and My name is MKDB and I will assist you. Please follow the steps in the given order and post back the logs as an attachment when ready. Thank you very much for your cooperation. Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed. As English is not my native language, please do not use slang or idoms. It may be hard for me to understand. I will guide you along on looking for potential malware. Lets keep these principles as we go along. Searching, detecting and removing malware isn't instantaneous, please be patient. Please stick with me until I give you the "all clear". Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Step 1 Please download the suitable version of Farbar Recovery Scan Tool (FRST) and save it to your desktop: 32bit | 64bit Double-click to run it. When the tool opens, click Yes to disclaimer. Check the box in front of Shortcut.txt. Press the Scan button. FRST will create three logs (FRST.txt + Addition.txt + Shortcut.txt) in the same directory the tool is run. Please attach these logfiles to your next reply. Link to post Share on other sites More sharing options...
trajik Posted May 21, 2022 Author ID:1516588 Share Posted May 21, 2022 thanks and sorry for the late reply, im here now. FRST.txt Addition.txt Shortcut.txt Link to post Share on other sites More sharing options...
MKDB Posted May 22, 2022 ID:1516614 Share Posted May 22, 2022 No need to say "sorry"! Due to the time difference, we have to be patient. 😉 Thank you for those logfiles @trajik. We will use a FRST-Fix and Adwcleaner first. Step 1 Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\howtr\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. Step 2 Please download AdwCleaner and save it to your desktop. Double-click to run it. Accept the End User License Agreement. Click Scan Now. When finished, if items are found please click Next / Quarantine. Maybe your PC will be rebooted, AdwCleaner will be opened automatically. Click View Log File. AdwCleaner will open one log (AdwCleaner[Cxx].txt). Please attach the log to your next reply. fixlist.txt Link to post Share on other sites More sharing options...
trajik Posted May 22, 2022 Author ID:1516629 Share Posted May 22, 2022 Thanks again for the help, I have finished these steps my friend! @MKDB Fixlog.txt AdwCleaner[C00].txt Link to post Share on other sites More sharing options...
MKDB Posted May 22, 2022 ID:1516631 Share Posted May 22, 2022 Thanks @trajik. I will review your logfiles later and report back in about 3 hours when I have more time... I'm on the move... Thanks for your patience. Link to post Share on other sites More sharing options...
Solution MKDB Posted May 22, 2022 Solution ID:1516640 Share Posted May 22, 2022 We do another FRST-Fix (this should finish in a few seconds and will remove the malicious extension) and a new scan with FRST for check-up. Keep on the good work @trajik. 😉 Step 1 Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\howtr\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. Step 2 Run FRST again. Do not change any settings. Press the Scan button. FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run. Please attach these logfiles to your next reply. fixlist.txt Link to post Share on other sites More sharing options...
trajik Posted May 22, 2022 Author ID:1516646 Share Posted May 22, 2022 completed! @MKDB thanks for the help Fixlog.txt FRST.txt Addition.txt 1 Link to post Share on other sites More sharing options...
MKDB Posted May 22, 2022 ID:1516647 Share Posted May 22, 2022 Good job @trajik. How is your system running? A final check with MSS. Step 1 The Microsoft Safety Scanner (MSS) is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft. Please let me know the results of this scan. Run a Quick Scan. The log is named MSERT.log. The log will be at%SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log Please attach that log with your next reply. 1 Link to post Share on other sites More sharing options...
trajik Posted May 22, 2022 Author ID:1516651 Share Posted May 22, 2022 alrighty! happy to be making progress here :D msert.log Link to post Share on other sites More sharing options...
MKDB Posted May 22, 2022 ID:1516652 Share Posted May 22, 2022 Only one setting was restored, nothing to worry about. 🙂 Thank you for your cooperation, we're done @trajik. Final Step Right-Click on FRST64 and choose Rename. Rename FRST64 into Uninstall. Run Uninstall. FRST and it’s files/folders will be deleted. If the tool needs a restart, please make sure you let the system restarts normally. A few final recommendations: Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. 1 Link to post Share on other sites More sharing options...
trajik Posted May 22, 2022 Author ID:1516653 Share Posted May 22, 2022 thanks so much for your time and help, i truly appreciate it! Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 22, 2022 ID:1516674 Share Posted May 22, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts