Maurice Naggar Posted May 31, 2022 ID:1517996 Share Posted May 31, 2022 (edited) Thank you for the Malwarebytes-support tool report. The 4 most recent scans by Malwarebytes from the 28th thru the 31st of May have reported no malware. Let's do one new Scan. Launch Malwarebytes. Do a Check for Update using the Malwarebytes Settings >> General tab. See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows When it shows a new version available, Accept it and let it proceed forward. Be sure it succeeds. If prompted to do a Restart, just please follow all directions. Let me know how that goes. Next, the Malwarebytes scan. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 NOTE: For the record, AND because other people do read these topics, The github link to the latest community version of HJT is perfectly fine. I have even gotten it and have run it on one of my Windows 10 rigs. Edited May 31, 2022 by Maurice Naggar 1 Link to post Share on other sites More sharing options...
Czepa Posted May 31, 2022 Author ID:1517997 Share Posted May 31, 2022 Thanks for the clarification ill run it tomorrow after work. goodnight, and cheers for all your help so far Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/31/22 Scan Time: 10:34 PM Log File: caf1c6fa-e0ee-11ec-87fc-b42e99ecce76.json -Software Information- Version: 4.5.9.198 Components Version: 1.0.1689 Update Package Version: 1.0.55626 License: Free -System Information- OS: Windows 10 (Build 19044.1706) CPU: x64 File System: NTFS User: Miranda\Ross -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 296531 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 2 min, 26 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 31, 2022 ID:1518002 Share Posted May 31, 2022 That is a fine report. At your next opportunity, get very latest Release of Mozilla Firefox browser. Mozilla Firefox 86.0 that is currently on this machine is way out of date >>> Version 101.0 is the newest release. https://securitygarden.blogspot.com/2022/05/mozilla-firefox-version-1010-released.html Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 31, 2022 ID:1518015 Share Posted May 31, 2022 PS. Your system has Waterfox browser. So please do check to be sure it is the latest the latest Release. Link to post Share on other sites More sharing options...
Czepa Posted May 31, 2022 Author ID:1518114 Share Posted May 31, 2022 yeah its the latest Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 1, 2022 ID:1518127 Share Posted June 1, 2022 The Malwarebytes had found no malware. PC is good to go. Next, when you get caught up, do a Backup of this system to offline storage, Backup is your best friend. Also, I would recommend getting a report on the update status of some key apps. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 1, 2022 ID:1518255 Share Posted June 1, 2022 Hello. Let me know after you have run the SecurityCheck. Once after you post its log, I have a custom fix script for this Windows 10 pc. Link to post Share on other sites More sharing options...
Czepa Posted June 2, 2022 Author ID:1518415 Share Posted June 2, 2022 sorry for the late reply, ive been busy with work. and other issues SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21] WebSite: www.safezone.cc DateLog: 02.06.2022 14:29:38 Path starting: C:\Users\Ross\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Ross VersionXML: 9.81is-29.05.2022 ___________________________________________________________________________ Windows 10(6.3.19044) (x64) Professional Release: 2009 Lang: English(0409) Installation date OS: 27.02.2021 05:28:58 LicenseStatus: Windows(R), Professional edition Volume activation will expire : 229254 minutes Boot Mode: Normal Default Browser: C:\Program Files\Waterfox\waterfox.exe SystemDrive: C: FS: [NTFS] Capacity: [465.2 Gb] Used: [385.8 Gb] Free: [79.4 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.789.19041.0 User Account Control enabled (Level 2) Security Center (wscsvc) - The service is running Remote Registry (RemoteRegistry) - The service has stopped SSDP Discovery (SSDPSRV) - The service is running Remote Desktop Services (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ---------------------------- [ Antivirus_WMI ] ---------------------------- Windows Defender (enabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Windows Defender Firewall (mpssvc) - The service is running ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Malwarebytes version 4.5.9.198 v.4.5.9.198 GlassWire 2.3 (remove only) v.2.3.397 -------------------------- [ SecurityUtilities ] -------------------------- RogueKiller version 15.5.1.0 v.15.5.1.0 GlassWire 2.3 (remove only) v.2.3.397 --------------------------- [ OtherUtilities ] ---------------------------- GPL Ghostscript v.9.53.3 Warning! Download UpdateUninstall old version and install new one. Steam v.2.10.91.91 OpenOffice 4.1.11 v.4.111.9808 Warning! Download Update ------------------------------ [ ArchAndFM ] ------------------------------ WinRAR 6.00 (64-bit) v.6.00.0 Warning! Download Update -------------------------- [ IMAndCollaborate ] --------------------------- Discord v.0.0.309 Warning! Download Update --------------------------------- [ P2P ] --------------------------------- qBittorrent 4.3.3 v.4.3.3 Warning! Download Update -------------------------------- [ Media ] -------------------------------- VLC media player v.3.0.12 Warning! Download Update ------------------------------- [ Browser ] ------------------------------- Mozilla Firefox 86.0 (x64 en-US) v.86.0 Warning! Download Update Waterfox (x64 en-US) v.G4.1.2.1 Microsoft Edge v.88.0.705.81 Warning! Download Update ----------------------------- [ EmailClient ] ----------------------------- Mozilla Thunderbird (x86 en-US) v.91.9.1 ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files (x86)\GlassWire\GlassWire.exe v.2.3.397.0 C:\Program Files (x86)\GlassWire\GWIdlMon.exe v.2.3.397.0 GlassWire Control Service (GlassWire) - The service is running C:\Program Files (x86)\GlassWire\GWCtlSrv.exe v.2.3.397.0 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1302 Malwarebytes Service (MBAMService) - The service is running C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1058 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe v.4.18.2203.5 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe v.4.18.2203.5 Microsoft Defender Antivirus Service (WinDefend) - The service is running Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running ---------------------------- [ UnwantedApps ] ----------------------------- CCleaner v.6.00 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program. ----------------------------- [ End of Log ] ------------------------------ OOPS, HERE IT IS RAN AS ADMINISTRATOR: SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21] WebSite: www.safezone.cc DateLog: 03.06.2022 01:59:30 Path starting: C:\Users\Ross\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Ross VersionXML: 9.81is-29.05.2022 ___________________________________________________________________________ Windows 10(6.3.19044) (x64) Professional Release: 2009 Lang: English(0409) Installation date OS: 27.02.2021 05:28:58 LicenseStatus: Windows(R), Professional edition Volume activation will expire : 228564 minutes Boot Mode: Normal Default Browser: C:\Program Files\Waterfox\waterfox.exe SystemDrive: C: FS: [NTFS] Capacity: [465.2 Gb] Used: [386.3 Gb] Free: [78.9 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.789.19041.0 User Account Control enabled (Level 2) Security Center (wscsvc) - The service is running Remote Registry (RemoteRegistry) - The service has stopped SSDP Discovery (SSDPSRV) - The service is running Remote Desktop Services (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ---------------------------- [ Antivirus_WMI ] ---------------------------- Windows Defender (enabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Windows Defender Firewall (mpssvc) - The service is running ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Malwarebytes version 4.5.9.198 v.4.5.9.198 GlassWire 2.3 (remove only) v.2.3.397 -------------------------- [ SecurityUtilities ] -------------------------- RogueKiller version 15.5.1.0 v.15.5.1.0 GlassWire 2.3 (remove only) v.2.3.397 --------------------------- [ OtherUtilities ] ---------------------------- GPL Ghostscript v.9.53.3 Warning! Download UpdateUninstall old version and install new one. Steam v.2.10.91.91 OpenOffice 4.1.11 v.4.111.9808 Warning! Download Update ------------------------------ [ ArchAndFM ] ------------------------------ WinRAR 6.00 (64-bit) v.6.00.0 Warning! Download Update -------------------------- [ IMAndCollaborate ] --------------------------- Discord v.0.0.309 Warning! Download Update --------------------------------- [ P2P ] --------------------------------- qBittorrent 4.3.3 v.4.3.3 Warning! Download Update -------------------------------- [ Media ] -------------------------------- VLC media player v.3.0.12 Warning! Download Update ------------------------------- [ Browser ] ------------------------------- Mozilla Firefox 86.0 (x64 en-US) v.86.0 Warning! Download Update Waterfox (x64 en-US) v.G4.1.2.1 Microsoft Edge v.88.0.705.81 Warning! Download Update ----------------------------- [ EmailClient ] ----------------------------- Mozilla Thunderbird (x86 en-US) v.91.9.1 ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files (x86)\GlassWire\GlassWire.exe v.2.3.397.0 C:\Program Files (x86)\GlassWire\GWIdlMon.exe v.2.3.397.0 GlassWire Control Service (GlassWire) - The service is running C:\Program Files (x86)\GlassWire\GWCtlSrv.exe v.2.3.397.0 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1302 Malwarebytes Service (MBAMService) - The service is running C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1058 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe v.4.18.2203.5 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe v.4.18.2203.5 Microsoft Defender Antivirus Service (WinDefend) - The service is running Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running ---------------------------- [ UnwantedApps ] ----------------------------- CCleaner v.6.00 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program. ----------------------------- [ End of Log ] ------------------------------ Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 2, 2022 ID:1518419 Share Posted June 2, 2022 Thank you. RogueKiller you should uninstall. That type of tool ought not to be used on your own; but rather, only with the guidance of a trained malware removal specialist. CCleaner is no longer recommend by most of the security community, ever since after it was sold to an outside party by Piriform. Instead, you can use the built-in-Windows "CLEANMGR" app. Your attention is also needed for all the items marked in red from this last report. GPL Ghostscript v.9.53.3 Warning! Download UpdateUninstall old version and install new one.OpenOffice 4.1.11 v.4.111.9808 Warning! Download Update------------------------------ [ ArchAndFM ] ------------------------------WinRAR 6.00 (64-bit) v.6.00.0 Warning! Download Update-------------------------- [ IMAndCollaborate ] ---------------------------Discord v.0.0.309 Warning! Download Update--------------------------------- [ P2P ] ---------------------------------qBittorrent 4.3.3 v.4.3.3 Warning! Download Update-------------------------------- [ Media ] --------------------------------VLC media player v.3.0.12 Warning! Download Update------------------------------- [ Browser ] -------------------------------Mozilla Firefox 86.0 (x64 en-US) v.86.0 Warning! Download UpdateMicrosoft Edge v.88.0.705.81 Warning! Download Update Further I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative updates on Windows. select the Windows Start button, and then go to Settings > Update & Security > Windows Update . and click Check for Updates. Have much patience. * I believe your system is good to go. I will guide you on removing the tools I had you use.😀 Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 2, 2022 ID:1518442 Share Posted June 2, 2022 Hello. I do have a question. On this machine, have you setup or have you used some kind of crypto-digital-coin app? or did you set up a digital wallet ? if yes, then what is the name of that application ? Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 4, 2022 ID:1518643 Share Posted June 4, 2022 Hello. Please provide a status about this Windows system. I believe this is good-to-go/ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 5, 2022 Root Admin ID:1518684 Share Posted June 5, 2022 Are you still with us? @Czepa Please post a status update Thanks Link to post Share on other sites More sharing options...
Czepa Posted June 5, 2022 Author ID:1518718 Share Posted June 5, 2022 sorry, ive been experiencing domestic abuse. why the question about crypto app? i use a browser addon wallet, but dont use it much. crypto is gambling and a pyramid/ponzi scheme destined to fail, or succeed at devaluing all stores of value (great - reset). if i block cs9.wac.phicdn.net or all phicdn.net in my router will this cause problems? CLEANMGR.exe doesnt open, is there a way to navigate to it through menus? Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 5, 2022 ID:1518719 Share Posted June 5, 2022 (edited) Hello. The reason I inquired about "crypto"-type apps is my mistake. I confused another person's case with yours. My apology. Please ignore my inquiry about that. Blocking cs9.wac.phicdn.net should not cause a problem. On how to start & use Cleanmgr see https://www.tenforums.com/tutorials/3012-open-use-disk-cleanup-windows-10-a.html I very much regret your experiencing domestic abuse. Edited June 5, 2022 by Maurice Naggar amended notes Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 5, 2022 ID:1518726 Share Posted June 5, 2022 As one measure to beef-up web browsers: Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard on EDge & on Waterfox. See Support article how-to for Waterfox /Firefoxhttps://support.malwarebytes.com/hc/en-us/articles/4413298841747--Install-Malwarebytes-Browser-Guard-on-Firefox-browser For the EDGE browser https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser * We have run scans with Adwcleaner Malwarebytes ESET Onlinescanner MS Safety Scanner Kaspersky KVRT * I would like us to run a custom script to do some housekeeping & to run some additional checks. That needs to be done using a trusted tool Farbar FRST. Since I am unsure whether it is already on the machine, I would like you to download it, making sure you save it to a folder, and to remember where. you can simply download & save a new copy of the tool FRST64.exe from this link https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ NEXT Run this procedure. The script works as a pair along with FRST64. They both need to be saved on the same folder on your machine. This custom script is for CZEPA only / for this machine only. Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do checks & some cleanups. We will use FRST64 to run a custom script. The system will be rebooted after the script has run. NOTE-1: This script will check on Microsoft Defender & make sure it is up-to-date & do scans. It will also get a status check on services. The script will also run System File Checker ( SFC) and DISM to check the Windows system. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. Please save the (attached file named) FIXLIST.txt to the same folder where you saved FRST64 Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the folder where FRST64 is. RIGHT click on FRST64 and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Stick with me. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 10, 2022 ID:1519727 Share Posted June 10, 2022 Hello @Czepa Checking in on your case. What is the current status ? Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 13, 2022 ID:1520120 Share Posted June 13, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts