MiguelSilva Posted October 28, 2022 ID:1539584 Share Posted October 28, 2022 Hi. I need help to delete a virus. I have made all type of scans with some antivirus and they dont find nothing. But in windows defender find this 3 virus. I do the actions and then appear again. The details on the detection are those: amsi: \Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Please i realy need help. Thank You Link to post Share on other sites More sharing options...
1PW Posted October 28, 2022 ID:1539591 Share Posted October 28, 2022 Hello @MiguelSilva and : While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run one or more of its following procedural steps, please carefully follow the instructions within the following: I'm infected - What do I do now? Remember, please be certain to attach (not Copy and Paste) the three (3) resulting report files in your next reply to this topic. Thank you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 28, 2022 ID:1539651 Share Posted October 28, 2022 Hello I will guide you along on looking for remaining malware. Lets keep these principles as we go along. Removing malware can be unpredictable Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. I would like a report set for review. This is a report only. Please download MALWAREBYTES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Have patience till the run has finished. Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop. Please attach mbst-grab-results.zip to your reply Link to post Share on other sites More sharing options...
MiguelSilva Posted October 28, 2022 Author ID:1539720 Share Posted October 28, 2022 I have done all the steps and thats the file you request. Thank you mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 28, 2022 ID:1539735 Share Posted October 28, 2022 Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article Please use this Guide next, The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned. Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those. We only rely on the end result that is on the log-report-file. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at Windows\debug\msert.log Please attach that log with your reply. We will do more later. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 28, 2022 ID:1539741 Share Posted October 28, 2022 When you are done with that scan above & ready & Caught up & have lots of quiet time. Do this. Please be sure to Close any open work files, documents, any apps you started yourself before starting this. THIS run will do a Windows RESTART. Once it starts it will auto-close any other running app. We will use FRSTENGLISH.exe on the Downloads folder to run a custom fix script. The system will be rebooted after the script has run. This is intended to do some system checks using System File Checker ( SFC ) & the Windows' DISM check tool and a quick scan with MS Defender. It will also rebuild the Winsock. It will clear the cache temporary files of the web browsers. This custom script is for MiguelSilva machine only / for this machine only. Please save the (attached file named) FIXLIST.txt to the Downloads folder Fixlist.txt <<< - - - - - Then, Start the Windows Explorer and then, go to the Downloads folder. RIGHT click on FRSTENGLISH.exe and select RUN as Administrator and allow it to proceed. Reply YES when prompted to allow to run. If the tool warns you the version is outdated, please download and run the updated version. IF Windows prompts you about running this, select YES to allow it to proceed. IF you get a block message from Windows about this tool...... click line More info information on that screen and click button Run anyway on next screen. on the FRST window: Click the Fix button just once, and wait. PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Please attach the Fixlog.txt with your next reply. There is more to do after this. Link to post Share on other sites More sharing options...
MiguelSilva Posted October 29, 2022 Author ID:1539747 Share Posted October 29, 2022 there is the file you request about microsoft safety scanner. Thank you msert.log Link to post Share on other sites More sharing options...
MiguelSilva Posted October 29, 2022 Author ID:1539748 Share Posted October 29, 2022 there is the file you request about frstenglish.exe. Thank you Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 29, 2022 ID:1539799 Share Posted October 29, 2022 The custom-fix-run is good. Windows Resource Protection found corrupt files and successfully repaired them. The MS Safety Scanner run is helpful. And it did not find any actual malware. How is the system now, today ? Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save itguide & download link Then be sure to close all web browsers after the download & before launching the tool. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner Guide article Attach the clean log from Adwcleaner when all completed. Link to post Share on other sites More sharing options...
MiguelSilva Posted October 29, 2022 Author ID:1539838 Share Posted October 29, 2022 The pc appear to work normal. But the windows defender keeps detecting the threat. Here is the file from adwcleaner you ask about. Thank you AdwCleaner[S04].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 29, 2022 ID:1539843 Share Posted October 29, 2022 Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article Please use this Guide We need to do some other scanning. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on Full scan Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occured and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review Link to post Share on other sites More sharing options...
MiguelSilva Posted October 30, 2022 Author ID:1539875 Share Posted October 30, 2022 Here is the log file from ESET Online Scanner. Thank You esetnoline scanner.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted October 30, 2022 Solution ID:1539892 Share Posted October 30, 2022 Thank you. That was a good cleanup by Eset. It removed several threats. Including C:\Users\Public\Crack\LG\Malawer\MA\PowerRun.exe Win32/HackTool.PowerRun.A Aplicação potencialmente insegura limpo por exclusão C:\Users\Public\Crack\LG\manage.ps1 PowerShell/Kryptik.EX trojan limpo por exclusão Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop. Next, Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontcrypt Note the space between KVRT.exe and -dontencryptC:\Users\Miguel\DESKTOP\KVRT.exe -dontcrypt should now show in the Run box. That addendum to the run command is very important. To start the scan select OK in the "Run" box. The Windows Protected your PC window will open, select "More Info" A new Window will open, select "Run anyway" A EULA window will open, tick both confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure the following boxes are ticked: System memory Startup objects Boot sectors System drive Then select "OK" and „Start scan“. The Kaspersky tool is very thorough so will take a considerable time to complete, please allow it to finish. Also while Kaspersky runs do not use your PC for anything else.. completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue". Usually, your system needs a reboot to finish the removal process. Logfiles can be found on your systemdrive (usually C: ), similar like this: Reports are saved here C:\KVRT_data\Reports and look similar to this report_20221030_103821.klr Right click direct onto those reports, select > open with > Notepad. Save the files and attach them with your next reply. Link to post Share on other sites More sharing options...
MiguelSilva Posted October 30, 2022 Author ID:1539918 Share Posted October 30, 2022 Here is the file you ask about kasperspy. Thank you. report_2022.10.30_21.02.50.klr.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 31, 2022 ID:1539929 Share Posted October 31, 2022 The Kaspersky KVRT tool reports no malware or any virus detected. YAY 👍 I would recommend getting a readout report as to update status of some key apps. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
MiguelSilva Posted October 31, 2022 Author ID:1539932 Share Posted October 31, 2022 Here is the file. Thank You SecurityCheck.txt Link to post Share on other sites More sharing options...
MiguelSilva Posted October 31, 2022 Author ID:1539933 Share Posted October 31, 2022 Do you thing i can delete the files and folders that was created with all the process? And if its ok to you, can you tell me where they are? I cant remeber all of them Thank you Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 31, 2022 ID:1539953 Share Posted October 31, 2022 These apps / programs or settings need your follow-up for action, per the SecurityCheck report. The elevation prompt for administrators disabled^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^ Notepad++ (64-bit x64) v.7.9.5 Warning! Download Update Microsoft Silverlight v.5.1.50918.0 Warning! This software is no longer supported. Uninstall it. WinRAR 5.80 (64-bit) v.5.80.0 Warning! Download Update Discord v.1.0.9002 Warning! Download Update VLC media player v.3.0.16 Warning! Download Update IObit Driver Booster 9.1.0.156 v.9.1.0.156 Warning! Suspected demo version of anti-spyware, driver updater You do not need it. Uninstall IObit Driver Booster. Wondershare Helper Compact 2.6.0 v.2.6.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Torrenting & file-sharing. Try to not do that, as a general security matter. All it takes is one malicious file to lead to tragedy & loss.https://informationsecuritybuzz.com/articles/torrenting-know-risks-take/ I would urge you highly to stay far away from hack / cracked software of any sort. Whether a so called free program or free game, or whatever. Hidden risks in pirated softwarehttps://news.microsoft.com/apac/2019/01/08/hidden-risks-in-pirated-software/ AS to the cleanup of the tools we used: This here is for tools cleanup. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt. I do not need it. Just close Notepad if it shows up. Delete mb-support-1.8.7.918.exe Delete mbst-grab-results.zip on the Desktop I believe your system is good-to-go. I wish you well. 😎 Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 31, 2022 ID:1539954 Share Posted October 31, 2022 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you 1 Link to post Share on other sites More sharing options...
Recommended Posts