hypermugen Posted August 2, 2022 Author ID:1527287 Share Posted August 2, 2022 31 minutes ago, Maurice Naggar said: Bravo. That is excellent. 👍😀 I would recommend getting a report on the update status of some key apps. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt here SecurityCheck.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 2, 2022 ID:1527319 Share Posted August 2, 2022 Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the Malwarebytes for Windows 😃. Close Malwarebytes. > Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on. From the Windows Start menu, select Settings, then select Update and Security. Next, look at the left-side menu & select Windows Security Next, In Windows Security section: Click on the grey button Open Windows Security Now, click on the shield Virus and threat protection Look to see that Microsoft Defender is shown & available for use. On the next display, look at all the options. Look down the list and see "Check for Updates" . You should click on that to have the system check for updates for Windows Defender. Watch & wait for that to complete. Be sure that Microsoft Defender real-time protection is ON. Link to post Share on other sites More sharing options...
hypermugen Posted August 2, 2022 Author ID:1527324 Share Posted August 2, 2022 20 minutes ago, Maurice Naggar said: Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the Malwarebytes for Windows 😃. Close Malwarebytes. > Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on. From the Windows Start menu, select Settings, then select Update and Security. Next, look at the left-side menu & select Windows Security Next, In Windows Security section: Click on the grey button Open Windows Security Now, click on the shield Virus and threat protection Look to see that Microsoft Defender is shown & available for use. On the next display, look at all the options. Look down the list and see "Check for Updates" . You should click on that to have the system check for updates for Windows Defender. Watch & wait for that to complete. Be sure that Microsoft Defender real-time protection is ON. I don't have "Windows defender" showing on these settings. All I have are these and the virus and threat protections are up to date accordingly. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 2, 2022 ID:1527327 Share Posted August 2, 2022 Looking at your screen-grab-above >>> See the blue "Check for Updates" and click that & allow it to run & finish. Then on that same screen, look and click on "Quick Scan". Link to post Share on other sites More sharing options...
hypermugen Posted August 3, 2022 Author ID:1527345 Share Posted August 3, 2022 3 hours ago, Maurice Naggar said: Looking at your screen-grab-above >>> See the blue "Check for Updates" and click that & allow it to run & finish. Then on that same screen, look and click on "Quick Scan". So I did a quick a quick scan, nothing found. Did a full scan and one threat was found and deleted. However here it says 8 threats found for some reason. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 3, 2022 ID:1527464 Share Posted August 3, 2022 Recalling the screen-grab-image of the "Current Threats" section you had from next-to-last reply: Go to that section. Drill down into "Allowed threats". There make sure that there are no files or threats listed. If there are, please take a screen-shot image. Then, go back and drill down into "Protection history". There, do you see any threat that was not removed ? Link to post Share on other sites More sharing options...
hypermugen Posted August 3, 2022 Author ID:1527480 Share Posted August 3, 2022 1 hour ago, Maurice Naggar said: Recalling the screen-grab-image of the "Current Threats" section you had from next-to-last reply: Go to that section. Drill down into "Allowed threats". There make sure that there are no files or threats listed. If there are, please take a screen-shot image. Then, go back and drill down into "Protection history". There, do you see any threat that was not removed ? Nothing wrong here Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 3, 2022 ID:1527491 Share Posted August 3, 2022 (edited) Thank you. Know that it is not necessary or needed to click on "QUOTE" when you begin a reply. I get auto-notified of all your replies. This thread is one-to-one. Returning to "protection history" look at "This app has been blocked" & See if possible to drill down further, if we can see details. [ 2 ] Let's get a set of fresh reports. Your machine has the FRSTENGLISH report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRSTENGLISH and select Run as Administrator and tap ENTER. And reply YES to allow to proceed. When the tool opens click Yes to the disclaimer. And be very sure to TICK the box for Addition.txt Press the Scan button. It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run Have patience since the run may take something like 10 or so minutes (less depending on your hardware speed) Close Notepad IF those show up on Notepad. Just please Attach the 2 files FRST.txt +Addition.txt with your next reply. Edited August 3, 2022 by AdvancedSetup Corrected font issue Link to post Share on other sites More sharing options...
hypermugen Posted August 3, 2022 Author ID:1527505 Share Posted August 3, 2022 These were the only two Link to post Share on other sites More sharing options...
hypermugen Posted August 3, 2022 Author ID:1527509 Share Posted August 3, 2022 FRST.txtAddition.txt other two txt files you asked for Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 3, 2022 ID:1527511 Share Posted August 3, 2022 (edited) Thank you for the fresh FRST reports. I will review and get back to you later on. As fasr as the 2nd image just above ....The this app has been blcoked. Microsoft Defender sensed a Conduit-related adware item. Look on your Desktop , under Tools and Games, where did "feelers_setup" come from? Go to where that detected item is in Defender and click on the "ACTIONS" button I would suggest to select it to be removed / or quarantined {that is IF the item is still around }. For the Record, as far as the original start of the case: Confirm that Malwarebytes is still ON and protecting the system. Edited August 3, 2022 by Maurice Naggar Link to post Share on other sites More sharing options...
hypermugen Posted August 3, 2022 Author ID:1527515 Share Posted August 3, 2022 So, that file is from a couple of game demos and flash games from the early-mid 2000s I extracted from some game CDs which were purchaseable at the time. They're really nostalgic to me. Idk what the feelers game was since it's so many games I don't know what most of them are, but it's been deleted already. Just checked, there's nothing there where that feelers_setup is supposed to be. Yes, Malwarebytes is still up and running. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 3, 2022 ID:1527520 Share Posted August 3, 2022 I would like to point out a many "executable" "games" of Digerati that have been flagged by Microsoft Defender antivirus. all located under the Desktop under sub-folder C:\Users\Luke\Desktop\Tools and Games\cds My suggestion is to visually and manually check on that folder, and, to delete all the files if they are still present. Date: 2022-08-02 22:42:52 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir:https://go.microsoft.com/fwlink/?linkid=37020&name=PUAAdvertising:Win32/Conduit&threatid=311906&enterprise=0 Nome: PUAAdvertising:Win32/Conduit Gravidade: Baixo Categoria: Software Potencialmente Indesejado Caminho: file:_C:\Users\Luke\Desktop\Tools and Games\cds\Digerati_Tiro_100games+\Instalaveis\Feelers\feelers_setup.exe Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Usuário Usuário: DESKTOP-TFJ96TF\Luke Nome do Processo: Unknown Versão da Inteligência de Segurança: AV: 1.371.1323.0, AS: 1.371.1323.0, NIS: 1.371.1323.0 Versão do Mecanismo: AM: 1.1.19400.3, NIS: 1.1.19400.3 Date: 2022-08-02 22:42:52 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir:https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Nome: Trojan:Win32/Wacatac.B!ml Gravidade: Grave Categoria: Cavalo de Tróia Caminho: file:_C:\Users\Luke\Desktop\Tools and Games\cds\Digerati_Guerra_59Games\Primeira Pessoa\Silent_in_the_dark.exe Origem da Detecção: Computador local Tipo da Detecção: FastPath Fonte da Detecção: Usuário Usuário: DESKTOP-TFJ96TF\Luke Nome do Processo: Unknown Versão da Inteligência de Segurança: AV: 1.371.1323.0, AS: 1.371.1323.0, NIS: 1.371.1323.0 Versão do Mecanismo: AM: 1.1.19400.3, NIS: 1.1.19400.3 Date: 2022-08-02 22:42:52 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir:https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/Amonetize&threatid=311963&enterprise=0 Nome: PUADlManager:Win32/Amonetize Gravidade: Baixo Categoria: Software Potencialmente Indesejado Caminho: file:_C:\Users\Luke\Desktop\Tools and Games\cds\Digerati_BombJack_450Games\Nave\platypus_miniclip.exe; file:_C:\Users\Luke\Desktop\Tools and Games\cds\Digerati_Click07_CounterStrike_404Jogos\Nave\platypus_miniclip.exe Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Usuário Usuário: DESKTOP-TFJ96TF\Luke Nome do Processo: Unknown Versão da Inteligência de Segurança: AV: 1.371.1323.0, AS: 1.371.1323.0, NIS: 1.371.1323.0 Versão do Mecanismo: AM: 1.1.19400.3, NIS: 1.1.19400.3 Date: 2022-08-02 22:42:52 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir:https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/DivxBundler&threatid=311939&enterprise=0 Nome: PUABundler:Win32/DivxBundler Gravidade: Baixo Categoria: Software Potencialmente Indesejado Caminho: file:_C:\Users\Luke\Desktop\Tools and Games\cds\Digerati_52GamesExclusivos_GameType3\Essenciais\DivX51Bundle.exe Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Usuário Usuário: DESKTOP-TFJ96TF\Luke Nome do Processo: Unknown Versão da Inteligência de Segurança: AV: 1.371.1323.0, AS: 1.371.1323.0, NIS: 1.371.1323.0 Versão do Mecanismo: AM: 1.1.19400.3, NIS: 1.1.19400.3 Link to post Share on other sites More sharing options...
hypermugen Posted August 4, 2022 Author ID:1527539 Share Posted August 4, 2022 So I deleted the following files you specified to me. I noticed that as soon as I reached the directory with those files, Windows Defender would detect it and ask for me to pick an action to how to deal with that specific file. So I decided to go through every single folder and subfolder on the cds directory so Windows Defender could detect everything. One by one. You'll notice 2 of them say "failed". That is because I use the 'Ctrl+Shift+Del' shortcut on the files myself to permanently get rid of them at first before windows defender attempted to delete it. So here are all of them, including the ones I sent before. Then all the blocked threats as well. Link to post Share on other sites More sharing options...
hypermugen Posted August 4, 2022 Author ID:1527612 Share Posted August 4, 2022 Maurice, I appreciate your help, time and effort into helping me. I needed to sort this problem out and I'm glad you're helping me. But I need to know for approximately how much longer this is gonna take. It's been nearly 3 days of me being unable to use my machine for work. Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted August 4, 2022 Solution ID:1527615 Share Posted August 4, 2022 [ A } Getting back to items flagged by SecurityCheck tool report, these apps need attention & follow-thru to get latest Released Updates. Notepad++ (64-bit x64) v.8.3.3 Warning! Download Update 7-Zip 21.07 (x64) v.21.07 Warning! Download UpdateUninstall old version and install new one. GIMP 2.10.30 v.2.10.30 Warning! Download Update Discord v.1.0.9004 Warning! Download Update Zoom v.5.10.4 (5035) Warning! Download Update K-Lite Mega Codec Pack 16.9.8 v.16.9.8 Warning! Download Update [ B ] You may use the computer to do work. I will get back to you later, about the screen-grabs from MS Defender Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 4, 2022 ID:1527641 Share Posted August 4, 2022 When you have the time & opportunity. As to Windows Security / Microsoft Defener antivirus, for those items shown "This app has been blocked" Go to review each item. I would like you to click on the button "ACTIONS" look at the available list of options. Take action to remove, or delete or Quarantine. I highlighted that button on the sample image below. Link to post Share on other sites More sharing options...
hypermugen Posted August 4, 2022 Author ID:1527649 Share Posted August 4, 2022 So it's already been removed. When I click "Actions" on every single one of them, the only option is "Allow". Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 5, 2022 ID:1527681 Share Posted August 5, 2022 Alright then. Let's leave that alone. Those items have been dealt with. As to the case, overall, I believe the main first issues have been resolved. Link to post Share on other sites More sharing options...
hypermugen Posted August 5, 2022 Author ID:1527727 Share Posted August 5, 2022 what else is there left to do? I did another fullscan with windows defender and found another one it hadn't found before. I didn't download or access anything. Is this a typical problem with antiviruses? And why do some detect some viruses and others dont? Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 5, 2022 ID:1527737 Share Posted August 5, 2022 You did not mention what type of file was flagged. You did not mention the name of the file or where located. So I am in the dark & thus cannot guess. BUT the Microsoft Defender antivirus engine is wholly unique from Malwarebytes. Defender is also one of the harder to get from it a decent readable scan report. Next, a custom script to do checks. Be sure to delete the file named Fixlist.txt on the Downloads folder ( the old one from before). We will use FRSRENGLISH.exe on the Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script is for Hypermugen only / for this machine only. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Link to post Share on other sites More sharing options...
hypermugen Posted August 5, 2022 Author ID:1527770 Share Posted August 5, 2022 But all my accounts will be logged off again? That's what happened last time I pressed that button on that app. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 5, 2022 ID:1527774 Share Posted August 5, 2022 Run the task when you are not using the system. Surely there is a time when you are not using the system. Link to post Share on other sites More sharing options...
hypermugen Posted August 5, 2022 Author ID:1527777 Share Posted August 5, 2022 Okay so, this was the file that wasn't detected before: So the thing is, this is my grandpa's old hardrive i backed up on my pc because there were lots of photos and videos from our family. It's really old, was from a Windows XP laptop. Interestingly enough, I did find some malware with MalwareBytes when I first scanned it. All threats removed, etc. Then I also did a couple of Full Scans with Windows Defender and the Kaspersky one AND the Windows one you sent me. Later on, I did another Malwarebytes scan specifically for that folder and a Custom scan with Windows Defender, said it was clean. Then I did another scan the next day and there it was. This file was now considered harmful; Even though I had no interaction with this directory whatsoever. So this is what I mean. Some antiviruses detect some viruses, some don't, some detect on some days, not on others. It doesn't make sense anymore. In regards to the scan tool. Yes, there are times I'm not using my system, but when I turn everything back on, I have to log in to multiple accounts and manually log off of this pc from before I last used it. They all have 2FA security and that takes a very long time. May I ask what you're trying to achieve by asking me to run this app again? Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 5, 2022 ID:1527794 Share Posted August 5, 2022 Screenshot shot shows a action date of 4 August this past Thursday. The file was an executable file. It was detected & removed. Microsoft Defender as well as other security programs do update their definitions. They do update definitions over time. Thus the last detection by Defender. This computer, does it always stay up running around the clock ? 24-hours around the clock? Do you ever do a Windows shutdown >> Restart ? Link to post Share on other sites More sharing options...
Recommended Posts