jumzz123 Posted September 16, 2022 ID:1532899 Share Posted September 16, 2022 (edited) Hello! I think my computer is currently infested with a copy paste virus, When ever I copy contact address from one text area to another it spouts out a different address. I have done the FRST scan and these are the logs. Thank you, I wish you could help me. FRST.txt Addition.txt Edited September 16, 2022 by AdvancedSetup Corrected font issue Link to post Share on other sites More sharing options...
jumzz123 Posted September 16, 2022 Author ID:1532900 Share Posted September 16, 2022 I also ran MB Scan and ADW Cleaner. Here are the logs AdwCleaner[C00].txt AdwCleaner[S00].txt Malwarebytescan.txt 1 Link to post Share on other sites More sharing options...
1PW Posted September 16, 2022 ID:1532901 Share Posted September 16, 2022 Hello @jumzz123 and : Since you have run Malwarebytes AdwCleaner, if you have not already restarted Windows® 10 Pro, please do so and let us know if the anomalous copy/paste behavior is still present in your next reply to this topic. Thank you. 1 Link to post Share on other sites More sharing options...
jumzz123 Posted September 16, 2022 Author ID:1532902 Share Posted September 16, 2022 Hello, I have restarted my pc and the anomalous copy/paste behavior is still present. Link to post Share on other sites More sharing options...
1PW Posted September 16, 2022 ID:1532905 Share Posted September 16, 2022 Hello @jumzz123: While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, please carefully follow the instructions within the following: STEP 1 Please set File Explorer to SHOW ALL folders, all files, including hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html STEP 2 I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on the Scan Options & select the FULL scan. Then start the scan. Have lots of patience. It may take several hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on the screen display. The only things that count are the End result at the end of the run. The scan will take several hours. Leave it alone. It will remove any other remaining threats as it goes along. Take a very long break, do your normal personal errands .....just do not use the computer during this scan. This is likely to run for many hours as previously mentioned ( depending on the number of files on your machine & the speed of the hardware.) The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log Please attach that log with your next reply. It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not. Then it writes into the log on your computer what it found. Thank you. Link to post Share on other sites More sharing options...
jumzz123 Posted September 16, 2022 Author ID:1532909 Share Posted September 16, 2022 Hello @1PW, I did as instructed and here is the log requested. msert.log Link to post Share on other sites More sharing options...
jumzz123 Posted September 16, 2022 Author ID:1532910 Share Posted September 16, 2022 I also restarted my pc right after executing the scan. Link to post Share on other sites More sharing options...
1PW Posted September 16, 2022 ID:1532912 Share Posted September 16, 2022 Hello @jumzz123: I will now stand down and with you, wait for the next available expert to pickup your computer's issue. I forgot to add... After running MSERT, please let the forum know if the anomalous copy/paste behavior is still present in your next reply to this topic. Thank you. Link to post Share on other sites More sharing options...
jumzz123 Posted September 16, 2022 Author ID:1532913 Share Posted September 16, 2022 @1PW, thank you. Yes, after running MSERT and restarting my pc, the anomalous copy/paste behavior is still present. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 16, 2022 Root Admin ID:1532964 Share Posted September 16, 2022 Hello and @jumzz123 My screen name is AdvancedSetup and I will assist you with your system issues. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow all steps in the provided order and post back all requested logs Please attach all log files to your post, unless otherwise requested Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed. Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed. Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing. Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim. Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections. If there are any on the system you should uninstall them before we proceed. Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours. If your system is running Discord, please be sure to Exit it while this case is ongoing. To begin, please do the following so that we may take a closer look at your installation for troubleshooting. This is a report only. NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply Thank you Link to post Share on other sites More sharing options...
jumzz123 Posted September 16, 2022 Author ID:1532969 Share Posted September 16, 2022 Hello @AdvancedSetup, here is the log file requested. mbst-grab-results.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 16, 2022 Root Admin ID:1532972 Share Posted September 16, 2022 Please run the following fix @jumzz123 Once the fix has completed, please attach the FIXLOG.TXT file to your next reply Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. NOTE-3: As part of this fix it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks Link to post Share on other sites More sharing options...
jumzz123 Posted September 17, 2022 Author ID:1533052 Share Posted September 17, 2022 Hello @AdvancedSetup, here is the log requested. My pc restarted and started repairing disk C. Right after the start up I still hear something like, apps opening or usb device being plugged in sound. The anomalous copy/paste behavior is still present. Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 17, 2022 Root Admin ID:1533056 Share Posted September 17, 2022 Okay, thanks for the log, that looks good. Please run the following. Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool How to run a scan with Kaspersky Virus Removal Tool 2020https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced modehttps://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scanhttps://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencryptC:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you Link to post Share on other sites More sharing options...
jumzz123 Posted September 17, 2022 Author ID:1533065 Share Posted September 17, 2022 report_2022.09.17_16.30.51.klr.txt Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted September 17, 2022 Root Admin Solution ID:1533077 Share Posted September 17, 2022 Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking. I would suggest a free scan with the ESET Online Scanner Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on the Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log. If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at the bottom). Press Continue when all done. You should click to off the offer for “periodic scanning”. Note: If you do need to do a File Restore from ESET please follow the directions below [KB2915] Restore files quarantined by the ESET Online Scanner version 3 https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner Link to post Share on other sites More sharing options...
jumzz123 Posted September 17, 2022 Author ID:1533083 Share Posted September 17, 2022 Hello @AdvancedSetup, I tried to run the eset scanner like you said but it disappears right after I run it. Link to post Share on other sites More sharing options...
jumzz123 Posted September 17, 2022 Author ID:1533091 Share Posted September 17, 2022 Update: I have restarted my pc and ran the eset scanner again, it worked this time and found 2 items. I restarted my pc again and this error popped out. Here is the eset scanlog. ESET Scanlog.txt Link to post Share on other sites More sharing options...
jumzz123 Posted September 17, 2022 Author ID:1533092 Share Posted September 17, 2022 After running the ESET scan, the anomalous copy/paste behaviour has disappeared. Thank you so much @AdvancedSetup. If there are any steps I have to do in order to be completely safe, I would be happy to do them. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 19, 2022 Root Admin ID:1533227 Share Posted September 19, 2022 Great, that's good to hear. Please run the Farbar program @jumzz123 with Admin rights. Then click on Scan and get me both new logs FRST.TXT ADDITION.TXT Thank you Link to post Share on other sites More sharing options...
jumzz123 Posted September 19, 2022 Author ID:1533294 Share Posted September 19, 2022 Hello @AdvancedSetup, here are the logs requested. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 19, 2022 Root Admin ID:1533306 Share Posted September 19, 2022 Please go to Control Panel, Programs, Programs and Features and uninstall the following CCleaner (computer experts no longer recommend this program) This program keeps faulting. Perhaps a reinstall may fix, otherwise research why it's faulting. Application errors: ================== Error: (09/19/2022 12:58:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5fdb105f Faulting module name: KERNELBASE.dll, version: 10.0.19041.964, time stamp: 0x11253621 Exception code: 0xe0434352 Fault offset: 0x0012a6e2 Faulting process id: 0x1070 Faulting application start time: 0x01d8cbe47f57b16e Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 914b5b03-f662-45c9-bae5-81f5ef8bfa38 Faulting package full name: Faulting package-relative application ID: Please run the following @jumzz123 SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications. Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe If Microsoft SmartScreen blocks the download, click through to save the file This tool is safe. Smartscreen is overly sensitive. If SmartScreen blocks the file from running click on More info and Run anyway Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Thank you Link to post Share on other sites More sharing options...
jumzz123 Posted September 19, 2022 Author ID:1533373 Share Posted September 19, 2022 Here is the security check log SecurityCheck.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 19, 2022 Root Admin ID:1533376 Share Posted September 19, 2022 User Account Control disabled ^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^ Please update, uninstall, or otherwise address the following as appropriate for your system. ------------------------------ [ ArchAndFM ] ------------------------------ WinRAR 5.91 (64-bit) v.5.91.0 Warning! Download Update -------------------------- [ IMAndCollaborate ] --------------------------- Discord v.0.0.309 Warning! Download Update WhatsApp v.2.2226.6 Warning! Download Update Zoom v.5.7.8 (1247) Warning! Download Update Telegram Desktop version 4.1.1 v.4.1.1 Warning! Download Update -------------------------------- [ Media ] -------------------------------- VLC media player v.2.2.4 Warning! Download Update Once that is done, please click on Start and type in "Check for updates" and allow Windows to Scan for and Install any updates found. It's late for me so I'm heading out, but keep me posted. Thanks Link to post Share on other sites More sharing options...
jumzz123 Posted September 21, 2022 Author ID:1533738 Share Posted September 21, 2022 Update: I have updated the outdated apps and installed windows updates. Link to post Share on other sites More sharing options...
Recommended Posts