Raju_Ahmed110610 Posted August 10, 2022 ID:1528211 Share Posted August 10, 2022 ZoomX.exe and ZoomE.exe keep popping up regularly and at the same time. Please help me to overcome this problem. I have provided FRST and malwarebytes scan result. malwarebytes scan result.txt Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted August 10, 2022 Solution ID:1528212 Share Posted August 10, 2022 Hi Take these actions so that Windows 11 is set to show all hidden files and folders. Open File Explorer from the taskbar. Select View > Show > Hidden items. [ 2 ] Do a new scan with Malwarebytes for Windows. Do a Check for Update using the Malwarebytes Settings >> General tab. See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows When it shows a new version available, Accept it and let it proceed forward. Be sure it succeeds. If prompted to do a Restart, just please follow all directions. Let me know how that goes. Next, the Malwarebytes scan. Then click the Security tab. Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈 Click it to get it ON if it does not show a blue-color . Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 10, 2022 ID:1528219 Share Posted August 10, 2022 AFTER finishing prior suggestions, proceed with this. Next, a custom script to do checks & selected cleanups. We will use FRST64.exe on the Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script is for Raju_ahmed only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. Hoping it will not exceed 60 minutes in execute time. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. This here is not a one-shot-cure-all. There will be more to do later. Link to post Share on other sites More sharing options...
Raju_Ahmed110610 Posted August 12, 2022 Author ID:1528409 Share Posted August 12, 2022 I have provided you fixlog.txt in the attachment . please have a look at it. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 12, 2022 ID:1528418 Share Posted August 12, 2022 That is a good run. Yet, we are not done. There is more to do. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select FULL scan . Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those. We only rely on the end result that is on the log-report-file. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at Windows\debug\msert.log Please attach that log with your reply. We will do more later. Link to post Share on other sites More sharing options...
Raju_Ahmed110610 Posted August 12, 2022 Author ID:1528431 Share Posted August 12, 2022 Full scan result of Microsoft Safety Scanner are given in the attachment. Plz have a look msert.log Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 12, 2022 ID:1528433 Share Posted August 12, 2022 Alright. Thanks. That result from the Safety Scanner is encouraging. BUT we have more to do. The trojan malware(s) had compromised the Microsoft Defender antivirus settings. We have to clean that up. First, Delete the file named Fixlist.txt that is now on Downloads. I have a new one below here.Next, a custom script to do checks & selected cleanups. We will use FRST64.exe on the Downloads folder to run a custom script. The system will be rebooted after the script has run. This custom script is for Raju_ahmed only / for this machine only. This custom script has some specific things, plus some general aspect to help the system overall. Hoping it will not exceed 60 minutes in execute time. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached, please disconnect any of those. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Link to post Share on other sites More sharing options...
Raju_Ahmed110610 Posted August 13, 2022 Author ID:1528519 Share Posted August 13, 2022 Please have a look. The scan result of frst64.exe are given in the attachment. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 13, 2022 ID:1528524 Share Posted August 13, 2022 Thanks. There are still some exclusions settings on Microsoft Defender that we want removed. There is an article at Bleepingcomputer named How to Start Windows 10 in Safe Mode with Networking https://www.bleepingcomputer.com/tutorials/how-to-start-windows-10-in-safe-mode-with-networking/ That describes the steps to get Windows 10 into "Safe Mode with Networking". Please study that. The goal is to get to that screen "Startup Settings" and press the number 5 key on your keyboard to enter Safe Mode with Networking. Look over that whole article. The descriptions and the images all help. We want the system to be in "Safe Mode with Networking" , and once there I need you to re-run the last Fix script task. Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait Please attach the FIXLOG.txt with your next reply later, at your next opportunity. After all this, Restart Windows into normal mode. Link to post Share on other sites More sharing options...
Raju_Ahmed110610 Posted August 13, 2022 Author ID:1528531 Share Posted August 13, 2022 The scan result of FRST in the safe mode with networking is attached in the file. Please have a look at it. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 13, 2022 ID:1528534 Share Posted August 13, 2022 Thanks. this looks to be a better run. Tell me, How is overall situation now? Link to post Share on other sites More sharing options...
Raju_Ahmed110610 Posted August 15, 2022 Author ID:1528676 Share Posted August 15, 2022 I am not having any problems Do I have to take any precautions? I uninstalled the original windows and used the cracked version Do I go back to the original windows again with the backup file? Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 15, 2022 ID:1528717 Share Posted August 15, 2022 Never ever use 'cracked' software. This news you just relayed is unsettling. I would urge you highly to stay far away from hack / cracked software of any sort. Whether a so called free program or free game, or whatever. Hidden risks in pirated softwarehttps://news.microsoft.com/apac/2019/01/08/hidden-risks-in-pirated-software/ Why You Shouldn't Use Pirated Softwarehttps://www.computer.org/publications/tech-news/trends/why-you-shouldnt-use-pirated-software Torrenting & filesharing. Try to not do that, as a general security matter. All it takes is one malicious file to lead to tragedy & loss.https://informationsecuritybuzz.com/articles/torrenting-know-risks-take/ This next run is just to do some re-checks using Windows SFC & DISM and also to see about the license status. First, Delete the file named Fixlist.txt that is now on Downloads. I have a new one below here. We will use FRST64.exe on the Downloads folder to run a custom script. This custom script is for Raju_ahmed only / for this machine only. This run does not involve a reboot. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRST64.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. to run the tool. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. You will see a green progress bar start. Please attach the FIXLOG.txt with your next reply later, at your next opportunity. Link to post Share on other sites More sharing options...
Raju_Ahmed110610 Posted August 15, 2022 Author ID:1528725 Share Posted August 15, 2022 Thanks for your help. I have attached the fixlog.txt in the attachment. Plz have a look at it. Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 15, 2022 ID:1528729 Share Posted August 15, 2022 Unfortunately, this did not provide the detail I was looking for about the windows license status. Let's do this. I would recommend getting a report on the update status of some key apps. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 22, 2022 ID:1529538 Share Posted August 22, 2022 This system is good-to-go. This here is for tools cleanup. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt. I do not need it. Just close Notepad if it shows up. Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. I am marking this case for closure. I wish you all the best. Stay safe. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 22, 2022 ID:1529539 Share Posted August 22, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts