Jump to content

Website blocked due to trojan keeps opening as a warning.. HELP!!

Griffin
 Share
Go to solution Solved by Maurice Naggar,

Recommended Posts

Griffin

Griffin

Posted
Posted

When I start my Laptop, I get a command prompt open for about 10 seconds, then later i keep getting a prompt that a trojan site is getting opened, when i checked what it was trying to open, it was a outward file, the file itself was windows cmd.exe and it was a crypto mining app.. I even upgraded from windows 10 to 11 to try to fix this, but no luck.. I have kaspresky antivirus and malwarebites and it all says its clean.. Please help, my games have gotten slower compared to when i got it!! Please help.. thank you.. 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello.  :welcome:

 My name is Maurice. What follows is the 1st ( but very key ) first step. 

I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply 😀
  • NOTE: A "BLOCK" message-notice by Malwarebytes means the threat was "Stopped". The Malwarebytes is protecting the system from potential harm.
  • I must have the report so that I can see fuller details in order to guide you forward. Do not make any changes on your own.
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

The Malwarebytes real-time web protection is keeping this pc safe from harm. There is a rogue scheduled task & a rogue executable that is attempting to reach xmrig[.]moneroocean[.]stream
Malwarebytes STOPS the attempts. It is keeping this pc safe. What follows is a custom cleanup. What follows below is a next step. There will still be more to do after this. 

Take these actions so that Windows 11 is set to show all hidden files and folders.
Open File Explorer from the taskbar.

Select View > Show > Hidden items.

This custom script is for  GRIFFIN  only / for this machine only.

Be very sure to Save any work-files you have open at this point. Close & Save any open edits, if any. . 

We will use FRSTENGLISH  on the Downloads  folder to run a custom script.    The system will be rebooted after the script has run.

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt       <<< - - - - -

Then, Start the Windows Explorer and then, go  to the Downloads   folder.


RIGHT click on FRSTENGLISH   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.
  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
IF Windows prompts you about running this, select YES to allow it to proceed.

  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. 

  1. Please attach the FIXLOG.txt with your next reply later, at your next opportunity.
  2. Also, look on your DESKTOP for a ZIP file created with Today's date & approximate time of run. Attach that ZIP with your Reply.
  3. There is more to do later. I will guide you. Do not make any changes on your own without first checking with me.
  4. You need to let me know if you have a paid license for Kaspersky Internet Security, if it is supposed to be "the" antivirus app.
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello. Thank you. Be sure to tell me whether the Block notice(s) are happening today.

Do a new scan with Malwarebytes for Windows.

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

Let me know how that goes.    Next, the Malwarebytes scan.

Then click the Security tab.  Scroll down and lets be sure the line in SCAN OPTIONs for

"Scan for rootkits" is ON 👈   Click it to get it ON if it does not show a blue-color .

 

Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.954dd31097351eba2c305a1321a445d6.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.99b8d9b73d90d347577ae0826ac406b1.jpg

When that is all completed:

Also, Next, I would like a fresh report set. On the Downloads folder there is the report-tool mb-support-1.8.7.918.exe

Launch mb-support-1.8.7.918.exe

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

  • Please attach  mbst-grab-results.zip    to your reply 😀
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello. Could you tell me what is  

Elsify v2 by FrostChanger

that is reported to be on the Desktop ?  Where did you get it from ? What is it supposed to do ? 

This will be a check with ESET Onlinescanner for  potential viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.  That is, once it is under way, you should leave it running.  It will run for several hours.

  • At screen "Detections occured and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello. On Downloads folder, there is the report tool mb-support-1.8.7.918.exe

Launch mb-support-1.8.7.918.exe

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

  • Please attach  mbst-grab-results.zip    to your reply 😀
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Thank you for all that.  The ESET has caught & removed a threat. Now, There is a search tool that we will use to do a special search.
Please download SystemLook (64-bit) by jpshortstuff and save it to your desktop 


Right-click SystemLook_x64.exe and select Run as Administrator to start the tool. 
If prompted by Windows  UAC, please allow it  to run.
If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.

COPY & paste the entire text into the main text box of SystemLook: 
  

:filefind
ntdll.dll

 

Click the Look button to start the scan 
When finished, a notepad window will open with the results of the scan. 
A file will be created (on the same folder where you saved SystemLook with the results of the scan, named SystemLook.txt
Please attach  this log in your next reply. 

NEXT, 

On Downloads folder, there is the report tool mb-support-1.8.7.918.exe

Launch mb-support-1.8.7.918.exe

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

  • Please attach  mbst-grab-results.zip    to your reply 😀
Link to post
Share on other sites
  • Solution
Maurice Naggar

Maurice Naggar

Posted
  • Solution
Posted

Thank you for the reports. The last 2 scans with Malwarebytes reported no malware. The Malwarebytes is now in free mode. This pc would be safer if it had Malwarebytes Premium license so that it had real-time protection. As it appears that there is no antivirus on.
If you have a paid license for Kaspersky Internet Security then be sure it is turned On.
Otherwise, take measures to turn on Microsoft Defender antivirus on this Windows 11 system. https://www.elevenforum.com/t/enable-or-disable-microsoft-defender-antivirus-in-windows-11.4269/

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.