Jump to content

Accidentally clicked a spam link on Reddit.


Recommended Posts

Hey, thanks for your time.

About half an hour ago I accidentally clicked on a spam link on Reddit. I run a bunch of script blockers so hopefully that stopped anything bad, but I am a little worried and wanted to make sure.

I kind of panicked and used Windows Restore to go back to a restore point from 8 days ago. That might have been dumb. I also physically disconnected from the internet about 20 seconds after clicking the link.

Running FRST went fine, but when I ran the malwarebytes scan my computer sort of glitched out for a second right at the end of the scan. So I'm a bit worried about that. The screens seemed to resize themselves weirdly and then returned to normal after a few seconds.

Here is the Malwarebytes log

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/8/22
Scan Time: 9:17 PM
Log File: 3db89902-179a-11ed-b10b-a85e4551aae5.json

-Software Information-
Version: 4.5.12.204
Components Version: 1.0.1725
Update Package Version: 1.0.58361
License: Free

-System Information-
OS: Windows 10 (Build 19043.1826)
CPU: x64
File System: NTFS
User: DESKTOP-2HMI4FA\Ryan

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 375381
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Thanks again.

FRST.txt Addition.txt

Link to post
Share on other sites

  • Root Admin

The issue with doing a System Restore is that the meta-data from Malwarebytes will be out of sync with files on the system.

I would recommend that you reinstall Malwarebytes just to verify all files are up to date

 

MB4 Online Installer
https://downloads.malwarebytes.com/file/mb-windows
 

Then I'd suggest you look into installing the drivers properly for the following.

==================== Faulty Device Manager Devices ============

Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

 

BIOS: American Megatrends Inc. 1005 08/02/2019
Motherboard: ASUSTeK COMPUTER INC. PRIME X570-P

 

Link to post
Share on other sites

OK, I reinstalled Malwarebytes and rescanned. The results are attached below.

Attempting to update the drivers for the PCI Encryption/Decryption Controller just led to windows saying it could not find drivers for my device. I'm not exactly sure what to do from here. I went to the Asus website and found the downloads page for my motherboard, but I'm not sure which file to download. The chipset drivers? Update the whole BIOS?

Anyway, here's the malwarebytes scan results:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/9/22
Scan Time: 12:46 PM
Log File: 009f491c-181c-11ed-885f-a85e4551aae5.json

-Software Information-
Version: 4.5.12.204
Components Version: 1.0.1725
Update Package Version: 1.0.58389
License: Free

-System Information-
OS: Windows 10 (Build 19043.1826)
CPU: x64
File System: NTFS
User: DESKTOP-2HMI4FA\Ryan

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 375472
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 54 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Root Admin

Please open Device Manager

Then look for a YELLOW item which should be your PCI Encryption/Decryption Controller

image.png

Then right click and select Properties, go to the Details tab.

Under Property select Hardware Ids

Then right click inside the box, select all and Copy it. Then paste back the results

 

Link to post
Share on other sites

  • Root Admin

Please double-check and verify this is the correct Motherboard link.

Then download and install the AMD Drivers and restart the computer.

https://www.asus.com/us/Motherboards-Components/Motherboards/PRIME/PRIME-X570-P/HelpDesk_Download/

image.png

After the restart check and verify in Device Manager if the driver is now valid and no longer yellow

 

Link to post
Share on other sites

  • Root Admin

Let's go ahead and run a scan with Microsoft just to make sure

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found.

 

 

Link to post
Share on other sites

  • Root Admin

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please attach that file to your next reply. (not compulsory)

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

Link to post
Share on other sites

Ok, before I do this step, I want to make sure of one thing. I went through a similar process to this about a year ago, and at that time I ended up having an infection and quarantining several files. If I use this program to delete the current quarantines, will it also get rid of the the ones from a year ago? I don't want to accidentally reintroduce an old infection.

Link to post
Share on other sites

  • Root Admin

Yes, it would remove quarantine from C:\FRST\Quarantine

You can manually remove the items you no longer want or need if you like.

But, that brings up one of the main items. BACKUPS, you need to make sure you have good backups of your data so that you can always recover anything you want.

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.