Jump to content

Compromised RTP Detection

KenjieDec

By KenjieDec
in Resolved Malware Removal Logs

 Share

Recommended Posts

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Maurice Naggar

Maurice Naggar

Posted
Posted

You can still use & do manual scans of the System using Malwarebytes.  To see if there are any actual "on-board" malware. Even though the notices have been about EXTERNAL stuff that is not on your machine.  ( I encourage you still to SHUTDOWN your machine each night.)  and even shutdown for a few hours this day so that your machine is not able to be found by the outside.

Do a new scan with Malwarebytes for Windows.

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

Let me know how that goes.    Next, the Malwarebytes scan.

Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.954dd31097351eba2c305a1321a445d6.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.99b8d9b73d90d347577ae0826ac406b1.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

No malware was found on the pc.  To your last question, a "RESET" would be too extreme. I do not believe that is the way to go. At this point, I suggest a new run of Adwcleaner. It is on your Downloads folder. 

This will be a specialized run of Adwcleaner.
Launch ADWCLEANER.
Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt.

When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status

Delete IFEO keys
Delete tracing keys
Delete Prefecth files
Reset Proxy
Reset IE Policies
Reset Chrome policies
Reset Winsock

Now On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan.

This can take several minutes.
When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button To remove what it found.

AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean.
Click on the “Continue” button to finish the removal process.

Link to post
Share on other sites
KenjieDec

KenjieDec

Posted
  • Author
Posted

Thank you, but it says "You're clean of PUPs and Adware"

But it also says that "However, we detected that one or more Preinstalled software are present on your computer. The next screen will allow you to keep them or to remove them."

The Name of the software is Preinstalled.LenovoIMController

Should I remove it?

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

I only needed the C03 report from Adwcleaner. Was this last "block" notice a INBOUND ? and, did you have a web browser open at that time ? plus....if it also showed "Compromised" on that block notice, I would like you to study this article https://support.malwarebytes.com/hc/en-us/articles/360048565893-Receiving-message-Website-blocked-due-to-compromise

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

I am going to list several suggestions that you should apply.
( 1 )
My next tip  and first thing to cover is to systematically power down all your system, and recyle your router, and then power on in order.
It is now a very good idea to reset the router for the internet connection service.  
First, shutdown windows and be sure the power is OFF.

now, Unplug the power plug to the Modem ( IF there is one)  and the internet hardware Router. Wait for about a minute, please.

now, Plug the power into just the Modem (unless you have a modem/router combo) When all the lights come up, plug in the power to the Router (unless combo of course)

Now, power on the computer and get Windows restarted.   One Windows system at a time.

( 2 )
Secure your router by resetting it and then setting a strong password to sign into the router, and a strong wireless key to sign into your network. You can find your router manual by googling the exact model (on bottom) to follow the reset instructions, set the password and wireless key, optimize Security and Performance per these articles:
https://www.lifewire.com/resetting-a-home-network-router-818061
https://www.techradar.com/broadband/how-to-change-your-router-password

( 3 )
This is a good point to emphasize not playing online games or games in general, while the case is on-going.
I would also emphasize to reduce the auto-started applications that start with Windows down to the absolute minimum. Which would basically be just security applications.
Apply these principles now from the following How-to
How to perform a clean boot in Windows
https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows

( 4 )

Using just the Chrome browser, sign-in to your Google account ( if not signed in already)  https://chrome.google.com/
Then go to https://chrome.google.com/sync?
Scroll down the page, press the "CLEAR DATA" button, to clear the Chrome data from your Google account.

( 5 )

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

Edited by Maurice Naggar
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Look all around your hardware router. Look for the Manufacturer & model number of the router. So that you can lookup information on their web Support site and see about how to power-recycle the hardware.
also
look over this article
"How to Enable Your Wireless Router's Built-in Firewall"
https://www.lifewire.com/how-to-enable-your-wireless-routers-built-in-firewall-2487668

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

You should consider purchasing a Premium license so that Malwarebytes will continue to provide real-time protection in future.
One important question I think you have not answered. Is this machine just allowed to stay in sleep mode at end-of-day ?
OR is Windows SHUTDOWN from the start-menu at end of day .....so that this machine is no longer visible to the outside world in total??

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Cracked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Those "low cost" knockoff applications are a super-highway to having your computer messed up.

Practice safe-use and best practices to keep the computer safe. 

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. 

Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

SAFETY TIPS:

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html

Only using the Standard-access-level user account when surfing and downloading / installing would have been a tremendous way to prevent the infections of this machine.


Don't remove ( or change )  your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"  

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.