koerper_klaus Posted June 27, 2022 ID:1522350 Share Posted June 27, 2022 Hi, my Malwarebytes is giving me constant notifications that it blocked a suspicious website. I would appreciate some help! Link to post Share on other sites More sharing options...
MKDB Posted June 27, 2022 ID:1522353 Share Posted June 27, 2022 Hello @koerper_klaus and My name is MKDB and I will assist you. Some ground rules: Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed. Searching, detecting and removing malware isn't instantaneous and there is no guarantee to repair every system. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Please be patient and stick with me until I give you the "all clear". Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. As English is not my native language, please do not use slang or idoms. It may be hard for me to understand. Step 1 Please download the suitable version of Farbar Recovery Scan Tool (FRST) and save it to your desktop: 32bit | 64bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. FRST will create two logs (FRST.txt + Addition.txt) in the same directory the tool is run. Please attach these logfiles to your next reply. Thank you! Link to post Share on other sites More sharing options...
koerper_klaus Posted June 27, 2022 Author ID:1522355 Share Posted June 27, 2022 Thank you for the quick reply! here are the log files: Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 27, 2022 ID:1522374 Share Posted June 27, 2022 <<pardon my intrusion>> I would like for us to get copies of 2 files that seem to be connected to the scheduled task that is at the root of main issue. This is just to collect copies, to get them into a zip file; plus to arrange to have this type of task to be logged by Windows. This is like a first step. This custom script is for Koerper_Klaus only / for this machine only. Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. . We will use FRST64 on the Downloads folder to run a custom script. The system will be rebooted after the script has run. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRST64 and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. AFTER completion of this run, look on the desktop for a ZIP file named with the current local date & time of this run. Please attach it also. This is not the end-all. I am only temporarily stepping in for MKDB The Malwarebytes block notices do mean that it is protecting your system. Link to post Share on other sites More sharing options...
koerper_klaus Posted June 28, 2022 Author ID:1522438 Share Posted June 28, 2022 Hi thank you for your reply! i followed the steps above, but malwarebytes still gives me the same notification! Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 28, 2022 ID:1522441 Share Posted June 28, 2022 (edited) Pleas look on the desktop for a ZIP file named with the current local date & time of that run. Please attach it also. Edited June 28, 2022 by Maurice Naggar Link to post Share on other sites More sharing options...
koerper_klaus Posted June 28, 2022 Author ID:1522442 Share Posted June 28, 2022 sorry i forgot 28.06.2022_06.48.40.zip Link to post Share on other sites More sharing options...
koerper_klaus Posted June 28, 2022 Author ID:1522444 Share Posted June 28, 2022 maybe i should do a fresh FRST scan? i uninstalled some suspicious apps earlier this day Link to post Share on other sites More sharing options...
MKDB Posted June 28, 2022 ID:1522478 Share Posted June 28, 2022 Hi @koerper_klaus, thank you for uploading those files. Please run another fresh scan with FRST to get a new overview over your system. Step 1 Run FRST again. Do not change any settings. Press the Scan button. FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run. Please attach these logfiles to your next reply. Link to post Share on other sites More sharing options...
Solution MKDB Posted June 28, 2022 Solution ID:1522482 Share Posted June 28, 2022 Please run this FRST-fix for me @koerper_klaus. >>> Kommst du auch aus Deutschland so wie ich? <<< 😉 Step 1 Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\Nutzer\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the Fix button only once and wait. Please be patient. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. fixlist.txt Link to post Share on other sites More sharing options...
koerper_klaus Posted June 28, 2022 Author ID:1522485 Share Posted June 28, 2022 ja ich komme aus deutschland! ich habe nochmal einen aktuellen FRST scan gemacht. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
MKDB Posted June 28, 2022 ID:1522487 Share Posted June 28, 2022 Ok, bitte den FRST-Fix von meinem letzten Post hier durchlaufen lassen und die Lodatei posten. Please run the FRST-fix reported in my last answer. Danke @koerper_klaus. Link to post Share on other sites More sharing options...
koerper_klaus Posted June 28, 2022 Author ID:1522488 Share Posted June 28, 2022 sorry das hatte ich zuerst übersehen! habe nun deinen FRST-Fix durchlaufen lassen und bekomme seitdem keine Meldung mehr wegen dem Trojaner! Fixlog.txt Link to post Share on other sites More sharing options...
MKDB Posted June 28, 2022 ID:1522492 Share Posted June 28, 2022 Gut gemacht. 🙂 Eine letzte Kontrolle mit ESET bitte @koerper_klaus. Step 1 Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking. I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe". Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes. When prompted for scan type, Click on Full scan. Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on the Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. (e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” (in blue, at the bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Note: If you do need to do a File Restore from ESET please follow the directions below [KB2915] Restore files quarantined by the ESET Online Scanner version 3 https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner Link to post Share on other sites More sharing options...
koerper_klaus Posted June 28, 2022 Author ID:1522497 Share Posted June 28, 2022 Vielen dank nochmal für deine Hilfe, der ESET scan hat nichts mehr gefunden! 1 Link to post Share on other sites More sharing options...
MKDB Posted June 28, 2022 ID:1522510 Share Posted June 28, 2022 Gern geschehen @koerper_klaus. 👍 Thank you for your cooperation, we're done. Final Step Right-Click on FRST64 and choose Rename. Rename FRST64 into Uninstall. Run Uninstall. FRST and it’s files/folders will be deleted. If the tool needs a restart, please make sure you let the system restarts normally. A few final recommendations: Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 28, 2022 ID:1522514 Share Posted June 28, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts