TeaTreePlant Posted May 27, 2022 ID:1517357 Share Posted May 27, 2022 I rain Malwarebytes Anti-Rootkit and found 6 malware. They were are HKCR. Immediately after I clicked "clean" it told me to restart and so I did. I ran the Malwarebytes again and it said I am infected in 2 places. When I clicked next, it said "Scan Finished: No malware found!" The first 3 screenshots are when I ran it the first time, and the last 2 are from after I restarted my computer and ran it. (The images also may have uploaded backwards) Also, when I ran Malwarebytes the first time I accidentally closed the computer and when I opened it the scan was finished so maybe, there could've been more? I don't know. Also, sometimes my computer mouse doesn't move at all when I move it, and it clicks randomly, and sometimes it moves on its own. I used notepad to do my homework and my text kept on overwriting itself. I never clicked insert. Thank you!! Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 27, 2022 ID:1517368 Share Posted May 27, 2022 Hello I will guide you along on looking for remaining malware. Lets keep these principles as we go along. Removing malware can be unpredictable Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. I need more information from this machine. Close as many other apps as you can before running this report. I would like a report set for review. This is a report only. Please download MALWAREBYRES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Have patience till the run has finished. Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply The IP block actions by Malwarebytes are keeping the machine safe from potential threats. We do need the support zip reports to see more detail ( the screen grabs just do not have full details + those screens give no clue as to what processes are running. Link to post Share on other sites More sharing options...
TeaTreePlant Posted May 28, 2022 Author ID:1517526 Share Posted May 28, 2022 Hi, thank you. I had to run it twice because I didn't see I had to close all the apps. But I'm a little worried because when I ran it the first time it took a lot longer. I was gonna move the first zip but then I thought what if something happens if I do? And I'm thinking what if when I ran it the second time something happened? But here are the logs. mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 28, 2022 ID:1517561 Share Posted May 28, 2022 Take these actions so that Windows 11 is set to show all hidden files and folders. Open File Explorer from the taskbar. Select View > Show > Hidden items. * Thank you for the report file. Do not fret about running the support-tool twice. Know that I did not notice obvious signs of infection. You ran Rkill tool from Bleepingcomputer? You ran Hitmanpro ? Please do not run any further tools on your own. Do not make changes on your own without first checking with me. I will guide you along. This is a Windows 11 O.S. so I want to be sure it is set to Show all folders & hidden files ( like above). This next run is a custom run. This is just one procedure. We will do more later on. I will guide you. * This custom script is for TeatreePlant only / for this machine only. Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do checks & some cleanups. We will use FRSTENGLISH on the Downloads folder to run a custom script. The system will be rebooted after the script has run. NOTE-1: This script will check on Microsoft Defender & make sure it is up-to-date & do one Quick Scan. It will also get a status check on services. It will run Windows SFC & DISM to check integrity. It will rebuild the Winsock. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRSTENGLISH and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Stick with me. After this run, you will want to do a new scan with Malwarebytes. Link to post Share on other sites More sharing options...
TeaTreePlant Posted May 29, 2022 Author ID:1517644 Share Posted May 29, 2022 Hi, Thank you so much for helping me on this! Here it is. Also when I restarted my computer my computer is suddenly now REALLY slow? And when I was running FRSTENGLISH my vpn that wasn't working suddenly connected and started working??? But anyway, here is the file you asked for Thank you! Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 29, 2022 ID:1517666 Share Posted May 29, 2022 Hello. Thanks. The run is a good run. That would have started a CHKDSK on the Restart, so that is likely what you perceived as "very slow". Once the Windows system is settled back in, it will be more normal. The run did good. Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occured and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 29, 2022 ID:1517669 Share Posted May 29, 2022 The MBAR tool (which you mentioned running in your first post here, last Friday) had found a trojan, or else, the remains of a trojan. I very much want to have the logs it created after that run ( which you had reported at top of this case). two files named mbar-log.txt and system-log.txt were created. Both files can be found in the extracted MBAR folder on your Desktop. Trojan.FakeMS is Malwarebytes’ generic detection name for trojans that try to pose as legitimate Microsoft files. Please, at your next chance, when machine is idle, attach mbar-log.txt + system-log.txt Link to post Share on other sites More sharing options...
TeaTreePlant Posted May 30, 2022 Author ID:1517772 Share Posted May 30, 2022 Hi, Thank you so much again! I ran the scanner and it said nothing was detected. So I don't have any logs for that. But I have the logs for MBAR Tools. There is 2 for bar-log.txt! mbar-log-2022-05-27 (17-50-34).txt mbar-log-2022-05-27 (18-17-59).txt system-log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 30, 2022 ID:1517776 Share Posted May 30, 2022 Hello. There were 3 files that the MBAR tool had flagged: C:\Windows\System32\atl.dll and C:\Windows\SysWOW64\msinfo32.exe and C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe We will run some tasks later for the "msinfo32". This next bit is to get a new good copy of ATL.DLL by getting a download from Microsoft. Your O S is a 64-bit Windows 11, and on a Intel microprocessor system. So we want the 64-bit / X64 file vc-redistx64.exe Get and SAVE this file to some folder on your system, or else to Desktophttps://aka.ms/vs/17/release/vc_redist.x64.exe NOW, temporarily Turn Off ( temporarily disable) Windows Security ( Microsoft Defender)https://bit.ly/3Gy31kZ Now, Launch the vc_redist.x64.exe file to do the install. When done, turn back ON the Microsoft Defender antivirus. NEXT Insure that this pc is all up-to-date with security updates & cumulative updates on Windows. select the Windows Start button, and then go to Settings > Update & Security > Windows Update . and click Check for Updates. Have much patience. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 1, 2022 ID:1518229 Share Posted June 1, 2022 Hello. I hope you are doing well. Have you any status news ? Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 3, 2022 ID:1518500 Share Posted June 3, 2022 Good morning. How is the system as regards Microsoft Defender ? Are you needing further help ? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 3, 2022 Root Admin ID:1518567 Share Posted June 3, 2022 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts