Jump to content

RTP Detections | Malwarebytes


Go to solution Solved by Maurice Naggar,

Recommended Posts

(Moderators, please relocate this forum topic if in the wrong location)

With the Facebook data leak news, I have started to take internet security and data protection much more seriously. I have used password utility tools to improve the security of internet passwords. I use code generators to authorize logins.

I have used Malwarebytes and recently re-purchased a subscription. I noticed some detections on my system from something GameMaker related. I had the tool remove that from the system.

I am worried with the string of RTP detections every now and then. I have done scans of my system. I really hate resetting Windows 11 and reinstalling everything.

Is this something I should be concerned with?

My activity involves: browsing social media (Facebook, Reddit, TikTok), watching YouTube, reading the news, internet forums. Games downloaded through Steam or GOG. Mod websites such as NexusMods.

I may not have my internet browser open and these popup notifications still come.

image.png.c4445117fc138263abd96067f59f40e5.png

Link to post
Share on other sites

  • Replies 65
  • Created
  • Last Reply

Top Posters In This Topic

Hello @CyrodiilWarrior and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run one or more of its following procedural steps, please carefully follow the instructions within the following:

I'm infected - What do I do now?

Remember, please be certain to attach (not Copy and Paste) the three (3) resulting report files in your next reply to this topic.

Thank you.

Link to post
Share on other sites

Hello :welcome:   @CyrodiilWarrior

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply
  • The IP block actions by Malwarebytes are keeping the machine safe from potential threats.
  • I do need the support zip reports to see more detail  ( the screen grabs just do not have full details + those screens give no clue as to what processes are running.

For Your Information:

The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm.
A block notice is an advisory of the "block".
A "malicious website blocked" is entirely different from a "malware detected" event.

The website  Block message indicates that a potential risk was blocked by the malicious website protection.
The Malwarebytes web protection, by default, will always show each IP block occurrence.
The Malwarebytes Web protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.
 
 
Incoming block notice can be ignored, Malwarebytes software is blocking the threat and there is nothing more that can be done.
On Outbound blocks, any attempted connection was Stopped ( halted) .
 
No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).
 A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, Discord, SKYPE or Peer-to-peer software, to trigger these alerts.

These may also triggered by banner ads running on websites (or ads embedded in Email ) which is the most common form of alert.

See support article "Received a Website Blocked notification from Malwarebytes for Windows"

NOTE: If you have a PRO or Enterprise edition of Windows, and if RDP Remote Desktop is not used a lot by you, you should consider turning off the Remote Desktop feature in order to lower the machine's exposure to potential exploitation.

Link to post
Share on other sites

Hello. 

I would like a report set for review.   This is a report only. Just a report.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

  • Please attach  mbst-grab-results.zip    to your reply
Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

  • 1 month later...
  • Take these actions so that Windows 11 is set to show all hidden files and folders.

Open File Explorer from the taskbar.

Select View > Show > Hidden items.

Select ViewShowFile name extensions

  • simply download & save a new copy of the tool FRST64.exe and SAVE to the Downloads folder. Be sure to do that.
  • from this link

This next custom-fix is mainly intended to run Windows' SFC & DISM to check the system for integrity. To clear temporary cache on web browsers . To rebuild the Winsock.  It will delete temporary file areas. 

This is not a cure-all. 

This custom script is for  CyrodiilWarrior  only / for this machine only.

  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt <<< - - - - -

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app.

We will use FRST64.exe  on the Downloads folder     to run a custom script .    The system will be rebooted after the script has run. 

Start the Windows Explorer and then, go  to the Downloads    folder.


RIGHT click on FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

PLEASE have patience when this starts. You will see a green progress bar start. Lots of patience.  Please attach the Fixlog.txt with your next reply. 

Please only attach logs, reports as we go along.

By the way, I did notice that this machine has active protection from BITDEFENDER. 

 

Edited by Maurice Naggar
corrected link
Link to post
Share on other sites

3 hours ago, Maurice Naggar said:
  • Take these actions so that Windows 11 is set to show all hidden files and folders.

Open File Explorer from the taskbar.

Select View > Show > Hidden items.

Select ViewShowFile name extensions

  • simply download & save a new copy of the tool FRST64.exe and SAVE to the Downloads folder. Be sure to do that.
  • from this link

This next custom-fix is mainly intended to run Windows' SFC & DISM to check the system for integrity. To clear temporary cache on web browsers . To rebuild the Winsock.  It will delete temporary file areas. 

This is not a cure-all. 

This custom script is for  CyrodiilWarrior  only / for this machine only.

  • Please save the (attached file named) FIXLIST.txt   to the   Downloads   folder

Fixlist.txt 8.97 kB · 0 downloads  <<< - - - - -

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app.

We will use FRST64.exe  on the Downloads folder     to run a custom script .    The system will be rebooted after the script has run. 

Start the Windows Explorer and then, go  to the Downloads    folder.


RIGHT click on FRST64.exe    and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  •    If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.
  • IF you get a block message from Windows about this tool......

               click line More info information on that screen
               and click button Run anyway on next screen.

  • on the FRST window:

Click the Fix button just once, and wait.

PLEASE have patience when this starts. You will see a green progress bar start. Lots of patience.  Please attach the Fixlog.txt with your next reply. 

Please only attach logs, reports as we go along.

By the way, I did notice that this machine has active protection from BITDEFENDER. 

 

The link to FRST64.exe isn't working so not able to download the file.

Link to post
Share on other sites

If this machine is running Windows 11:
Here is a good reference for how to turn off Smartscreen feature, so that we can do the work / the reports that we need.
It also has some excellent screen image samples of how to do this.
See the OPTION TWO at this link on Elevenforum
https://bit.ly/3Q9Bhq6

Turn OFF Smartscreen feature.    ( when we are ready to close this case, you may go back & turn it back ON if you wish ).

NOW get and save FRST64 just like I listed before on my earlier reply, and then do all the rest just like I listed. https://forums.malwarebytes.com/topic/291240-rtp-detections-malwarebytes/?do=findComment&comment=1544270

 

 

Link to post
Share on other sites

20 minutes ago, Maurice Naggar said:

If this machine is running Windows 11:
Here is a good reference for how to turn off Smartscreen feature, so that we can do the work / the reports that we need.
It also has some excellent screen image samples of how to do this.
See the OPTION TWO at this link on Elevenforum
https://bit.ly/3Q9Bhq6

Turn OFF Smartscreen feature.    ( when we are ready to close this case, you may go back & turn it back ON if you wish ).

NOW get and save FRST64 just like I listed before on my earlier reply, and then do all the rest just like I listed. https://forums.malwarebytes.com/topic/291240-rtp-detections-malwarebytes/?do=findComment&comment=1544270

 

 

Your previous reply says this link which takes me to this forum post. So I was unable to download FRST64 sadly.

Link to post
Share on other sites

2 minutes ago, Maurice Naggar said:

Windows Resource Protection found corrupt files and successfully repaired them.
The custom-fix-script run is beneficial.


Please do a new scan with BitDefender. Let me know the result.

I never fully installed BitDefender since it asked to remove Malwarebytes as my protection utility. I wanted to keep Malwarebytes and just exited the installer which probably left files behind.

image.png

Link to post
Share on other sites

In that case, get & save the corresponding uninstaller from Bitdefender https://www.bitdefender.com/links/uninstall_consumer_trial.html

and then run the uninstaller.  Then Restart Windows. One must always cleanup after trying a antivirus & moving away from it to another security product.  Your machine has leftover drivers of BitDefender. Let me know after this has been cleaned up.

Link to post
Share on other sites

Alright. I will guide you to running other scans. Most will be the type that is not uninstalled as a installed-application. They are just run on-demand. We will run them just to see whether there is actually any virus or trojan or malware or adwares.
First, an adjustment.

Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

>

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  CUSTOM scan  & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply. We will do more later.

Link to post
Share on other sites

No virus, no trojan, no malware reported at the end of the run, which is all that matters. 

Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Sun Dec  4 20:01:08 2022

The interim visual on-screen display is not actual-real-confirmed stuff.

This next scanner is also on-demand type. It does not install. You get it, save it, then run it. ESET Online scanner has a excellent & high reputation.

This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. 

Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.  That is, once it is under way, you should leave it running.  It will run for several hours.

  • At screen "Detections occurred and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites

The open-source game - 0 A.D. - uses a Torrent download - 

https://play0ad.com/download/win/

 - long in the past I have used Torrent for big game mods too as them being compressed makes them easier.

Perhaps an infection was among some old backup storage files. I wonder about my OneDrive too as that automatically re-downloads cloud files too. I am not sure if that backups AppData, but I know it backup Desktop, Documents, Pictures, Downloads, etc.

It is possible this had backed up AppData in the past for modded Minecraft. When you use Technic Launcher for Minecraft and download a Minecraft modpack, it stores the modpack files in the AppData directory.

eset.txt

Edited by AdvancedSetup
Disabled live hyperlinks
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.