Jump to content

MaskVPN Service appearing in Task Manager after uninstall


Go to solution Solved by MKDB,

Recommended Posts

Hi, 

I was deleting some games and cleaning up space on my pc when I noticed a program called Mask VPN. Since I didn't know what it was and was instantly suspicious, I uninstalled it. I then noticed that it showed up in Task Manager still even after uninstalling it. I then restarted my PC and found it still there. I couldn't find it when searching for it in my files but can when I go to file location through it via Task Manager. I went through some threads looking at how this was solved for other people but in the end figured I was just better off coming here. I also happen to be an IT Security intern and am concerned about something like this possibly compromising anything work related. Attached are some screenshots that may be helpful. I also see that the last date modified is 2020 which is also concerning. I just noticed because I haven't really uninstalled anything via add/remove in a long time. I also installed adwarecleaner and FRST64 as those seem to be some of the main tools on here. Many thanks.

image.png.f89ce9b73938c455e2032926a6364ce8.png

image.png.60fa2ec20da4d3e8c52cb450ac5c892d.png

 

Link to post
Share on other sites

Hello @BoxyBathToaster and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, please do the following so that an analysis can be started and see what's going on.

The Farbar Recovery Scan Tool (FRST) is a free Windows utility designed to create troubleshooting logs for your computer. These logs help our Support team to identify and resolve issues with your computer.

There are two versions of the Farbar Recovery Scan Tool available for download: 32-bit and 64-bit.
To find which operating system is installed on your computer, refer to Microsoft's article: 32-bit and 64-bit Windows: Frequently asked questions

Download and launch Farbar Recovery Scan Tool

  1. Download the Farbar Recovery Scan Tool.
    Do not click on any Ads.
     
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.

  4. DOC-1318-1.png
     
  5. Windows protected your PC notification may appear. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on your PC.
    Disable smart screen ONLY if it interferes with the software we may have to use:  What is SmartScreen and how can it help protect me?

         a.  Click More info.

    https://support.malwarebytes.com/hc/article_attachments/360051190254/DOC-1318-2.png
         b.  Click Run anyway.

    https://support.malwarebytes.com/hc/article_attachments/360051190294/DOC-1318-3.png
  6. When the User Account Control window appears, click Yes.

    image.png

     
  7. To accept the Disclaimer of warranty, click Yes.

    image.png

     
  8. Ensure only the boxes listed below are checked

    image.png

    Registry  Services  Drivers
    Processes  Internet  One month
    Addition.txt

    image.png

     

  9. Disable any Antivirus software you have installed ONLY if it stops software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans.

    Click Scan. The scan may take a few minutes to complete.

    image.png
     

  10. When the scan completes, Farbar Recovery Scan Tool shows two messages:

  • Scan completed. FRST.txt is saved in the same directory FRST is located.

    image.png

  • Addition.txt is saved in the same directory FRST is located.

    image.png
     

  • Click OK to close each message window.

 

Please attach both of those logs to your next reply, DO NOT copy/paste the contents of the logs directly.

https://content.invisioncic.com/Mmalware/monthly_2018_10/_mb_attach.jpg.dbd89b8e360d3763b3bbe33ce83d680d.jpg

Thank you.

Link to post
Share on other sites

Hello @BoxyBathToaster  and :welcome:

 

My name is MKDB and I will assist you.

 

Please follow the given instructions from @1PW.

 

 

Some ground rules:

  • Please follow the steps in the given order and post back the log files.
  • Please attach all log files into your post.
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting and removing malware isn't instantaneous and there is no guarantee to repair every system. Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Please be patient and stick with me until I give you the "all clear".
  • Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • As English is not my native language, please do not use slang or idoms. It may be hard for me to understand.
  • If you do not respond within 4 days, your topic will be closed.

 

 

Link to post
Share on other sites

  • Solution

Thank you for those logfiles @BoxyBathToaster.

 

We are going to remove "MaskVPN" and search for leftovers.

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\User\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

 

Step 2

  • Run FRST again.
  • Copy and paste the whole content of the following Code-Box into the search field:
SearchAll: MaskVPN
  • Press the Search files button. Please be patient, this scan may take some time.
  • FRST will create one log now (Search.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

 

fixlist.txt

Link to post
Share on other sites

Well done @BoxyBathToaster-

 

Thank you for your cooperation, we're done.

 

Final Step

  • Right-Click on FRST64 and choose Rename.
  • Rename FRST64 into Uninstall.
  • Run Uninstall.
  • FRST and it’s files/folders will be deleted.
  • If the tool needs a restart, please make sure you let the system restarts normally.

 

 

 

A few final recommendations:

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes.

Link to post
Share on other sites

You're welcome @BoxyBathToaster.

 

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection.

Thank you.

 

As this topic seems to be solved, I do not follow it any longer.

Take care!

  • Like 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.