jsquizz Posted June 22, 2022 ID:1521621 Share Posted June 22, 2022 Hi there, I'm having the same issue as a couple others on this forum, with the constant powershell.exe popup. It happens about 1-2 times every minute. I attempted to follow instructions from other forum posts but noticed the instructions were quite specific to each user, and for example the "fixlist" file was unavailable for download. My actions so far: Malwarebytes scan (attached) - no results Downloaded FRST64 and created Addition, FRST & Shortcut text logs (attached) Downloaded AdwCleaner and ran a scan (attached) - no results Downloaded PatchMyPC - updated everything mentioned (I think it was just Malwarebytes and 1 other program that needed an update) Thanks in advance for your help! Addition_23-06-2022 10.21.58.txt FRST_23-06-2022 10.21.58.txt Shortcut_23-06-2022 10.21.58.txt AdwCleaner[S01].txt malwarebytes-scan-23-6-2022.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 23, 2022 ID:1521629 Share Posted June 23, 2022 Hello @jsquizz I will guide you. Allow me some time to review your reports. I will make reply to you. Just do not do things on your own.😃 Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 23, 2022 ID:1521631 Share Posted June 23, 2022 Here are first 2 steps ( more will follow, later): Take these actions so that Windows 11 is set to show all hidden files and folders. Open File Explorer from the taskbar. Select View > Show > Hidden items. [ 2 ] Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the Malwarebytes for Windows 😃. Close Malwarebytes. 1 Link to post Share on other sites More sharing options...
jsquizz Posted June 23, 2022 Author ID:1521634 Share Posted June 23, 2022 Hi Maurice - thanks for the quick response. I've followed the steps mentioned and the windows security center option is now turned off :) Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted June 23, 2022 Solution ID:1521637 Share Posted June 23, 2022 Please do not make changes or deletions on your own. Please do not run tools or apps on your own ( except for Malwarebytes & Microsoft Defender antivirus.) Also please do not delete FRST or anything related to it. It is important to not delete FRST until when I guide you to tools cleanup at the end, when I give the all clear. ! This custom script is for JSQUIZZ only / for this machine only. Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. Next, a custom script to do checks & some cleanups. We will use FRST64 on the Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script has some specific things, plus some general aspect to help the system overall. Hoping it will not exceed 60 minutes in execute time. NOTE-1: This script will run a scan using System File Checker to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. .It will also run the Windows tool DISM to check Windows integrity. It will rebuild the Winsock. NOTE-2: This should run a quick scan with MS Defender antivirus and remove outstanding action items, if any. This custom script will also cleanup the 2 script trojans that are on this machine, which also use ( mis-use / abuse) Windows scheduled tasks. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRST64 and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Stick with me. This is not the end-all. AFTER completion of this run, you should do One new Scan with Malwarebytes. 1 Link to post Share on other sites More sharing options...
jsquizz Posted June 23, 2022 Author ID:1521664 Share Posted June 23, 2022 Thanks Maurice - I've followed the steps and attached logs for the FRST application, and then the scan results (after FRST was complete and computer restarted). Fixlog_23-06-2022 15.13.16.txt malwarebytes-scan-23-6-2022-2.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 23, 2022 ID:1521694 Share Posted June 23, 2022 Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occured and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review Link to post Share on other sites More sharing options...
jsquizz Posted June 23, 2022 Author ID:1521723 Share Posted June 23, 2022 Thanks - File is attached 👍 eset-scan-results.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 23, 2022 ID:1521761 Share Posted June 23, 2022 Thank you very much for the report. I would like you to continue with what follows. [ 1 ] Do as much as possible of all the steps on this one linked-post of mine. Just keep going down the liast & do as much as you can. https://forums.malwarebytes.com/topic/280326-roshur-has-omnatuorcom-block-notice/?do=findComment&comment=1485972 [ 2 ] Do a new scan with Malwarebytes for Windows. Do a Check for Update using the Malwarebytes Settings >> General tab. See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows When it shows a new version available, Accept it and let it proceed forward. Be sure it succeeds. If prompted to do a Restart, just please follow all directions. Let me know how that goes. Next, the Malwarebytes scan. Then click the Security tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈 Click it to get it ON if it does not show a blue-color . Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 😉 I expect that the original issue is now gone. However, do keep a sharp eye out for any "block message" from Malwarebytes that mentions any form of "wmail" as part of a blocked website address. As well as looking out for any flagging of a "trojan". ALSO: Let's pause and make time and just get a set of fresh reports to see what is running, what is active. Your machine has the FRST64 report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRST64 and select Run as Administrator and tap ENTER. And reply YES to allow to proceed. When the tool opens click Yes to the disclaimer. And be very sure to TICK the box for Addition.txt Press the Scan button. It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run Have patience since the run may take something like 10 or so minutes (less depending on your hardware speed) Close Notepad IF those show up on Notepad. Just please Attach the 2 files FRST.txt +Addition.txt with your next reply. Link to post Share on other sites More sharing options...
jsquizz Posted June 23, 2022 Author ID:1521815 Share Posted June 23, 2022 Thanks for this - I followed all the steps and have attached the 3 files. Addition_24-06-2022 10.51.05.txt FRST_24-06-2022 10.51.05.txt malwarebytes-scan-24-6-2022.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 24, 2022 ID:1521880 Share Posted June 24, 2022 Hello. Thanks. Next thing, let us be sure that the Windows O S is up-to-date. I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative updates on Windows. select the Windows Start button, and then go to Settings > Update & Security > Windows Update . and click Check for Updates. Have much patience. [ 2 ] Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner Then be sure to close all web browsers. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean Attach the clean log. [ 3 ] General questions: Have there been any new "blocked website" notices from Malwarebytes in the past 24 hours? You had created this help-thread last Wednesday. Prior to that, and just in the days preceding the 1st "website block" event ....Had you maybe downloaded some game "mod" from a source that was not from the game-publishers official site? or else in general, had you downloaded or opened some recent download? Link to post Share on other sites More sharing options...
jsquizz Posted June 26, 2022 Author ID:1522199 Share Posted June 26, 2022 Hi Maurice, Thanks for this - Have followed the steps and attached the clean log. One thing to note was the windows update failed to install, as per the screenshot below: To answer your questions - I haven't received any new website blocked notifications after following the steps. Prior to this happening, I hadn't downloaded any game mods, although I think it may have come from the Bittorrent application. This was picked up and removed from one of the scans and I haven't had any notifications since. AdwCleaner[S02].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 26, 2022 ID:1522211 Share Posted June 26, 2022 Great to know that the website blocks have ceased. The Adwcleaner report is excellent. The failed MS Windows update is un-related to original case issue. Anyhow, this next script ought to help out on the Windows Update issue. First, be sure to DELETE the old Fixlist.txt on Downloads. This custom script is for JSQUIZZ only / for this machine only. Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. . We will use FRST64 on the Downloads folder to run a custom script. The system will be rebooted after the script has run. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRST64 and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Stick with me. This is not the end-all. AFTER completion of this run, you should go ahead and do a new run for Microsoft Windows Update. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 28, 2022 ID:1522519 Share Posted June 28, 2022 Hello @jsquizz Have you any update status ? Have you completed the run that I last provided? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 1, 2022 Root Admin ID:1523003 Share Posted July 1, 2022 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts