Jump to content

Windows Security keeps posting this virus. Trojan:HTML/Phish.VS!MSR


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello @KONAFA and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file in your next reply to this topic.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

Link to post
Share on other sites

Hello :welcome: 

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.
Link to post
Share on other sites

Hello. These are the first initial steps to do. ( there will be many more later).Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article
Please use this Guide

Go thru every web browser you use and in each, delete the browser CACHE
https://www.lifewire.com/how-to-clear-cache-2617980
Then close each web browser.
Then for the meantime as the case goes on, try just using EDGE browser to see if it responds normally.
NEXT

As to Chrome, insure it is the latest release from Chrome
https://support.google.com/chrome/answer/95414?

On some periodic basis, suggest to delete all Cache content on Chrome for "all time" period. That will help keep Chrome running more snappy.

We will do more, after this.

Link to post
Share on other sites

@KONAFA
For after doing all steps I outlined before, on earlier replies ( above this ).
Next action step:
Disable ( turn OFF ) Windows Fast Startup

https://www.windowscentral.com/how-disable-windows-10-fast-startup

Then restart the computer
Step 2
Uninstall Adobe Flash Player 12 Plugin 

Uninstall Adobe Shockwave Player 12.0

Step 3

Please run the following custom script. Read all of this before you start. Please Close all open work.

Once the script-run has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program tool:   FRSTEnglish.exe on Downloads folder

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt

 

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Right-click on  FRSTENGLISH and select

Run as Administrator

and reply YES to allow to proceed

andpress the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will also run scans with MS Defender antivirus. It will cleanup the work areas for MS Windows Update ( this machine appears to have undesirable "restrictions" on MS Defender antivirus, as well as on MS Windows Update). It will clear all temporary cache for Chrome, Edge, and Firefox browsers.

Depending on the speed of your computer this fix may take 40 minutes or more.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

Link to post
Share on other sites

sorry for late replying, about your question no I'm not getting help from any one when I searched the virus on google this site showed up and I saw someone was complaining about the same virus and I saw you gave him some solutions and I tried to use them for me until I found that I can't use all of them and I need to talk to someone directly then I posted about the virus here that's it.

 

Link to post
Share on other sites

Windows' System File Checker / Windows Resource Protection found corrupt files and successfully repaired them.
No we are not done. I would like us to do additional checks on the system. Want to check for any potential leftover malware.

As a next step, I suggest the following:

This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool.

This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run.

Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on CUSTOM scan  and select C drive to be scanned
  • Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"
  • and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours.

  • At screen "Detections occurred and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites

Thank you. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  FULL scan  & then go forward

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply. 

Link to post
Share on other sites

Excellent result

Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Safety Scanner Finished On Mon Jan 23 22:21:58 2023

Next step 

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on .  And do a Update run & do a Custom scan on the C drive.

  • From the Windows Start menu, select Settings, then select Update and Security.
  • Next, look at the left-side menu & select Windows Security
  • Next, In Windows Security section: Click on the grey button Open Windows Security
  • Now, click on the shield Virus and threat protection
  • Look to see that Microsoft Defender is shown & available for use.
  • On the next display, look at all the options.  Look down the list and see "Check for Updates" .
  • You should click on that to have the system check for updates for Windows Defender.  Watch & wait for that to complete.
  • Please also note that the Scan options (all) can be displayed by clicking on Scan options.
  • I would like you to select CUSTOM scan from scan options
  • Then select the C drive
  • Then have it scan the whole C drive.

 

Link to post
Share on other sites

Please run the following custom script. Read all of this before you start. Please Close all open work.

Once the script-run has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program tool:   FRSTEnglish.exe on Downloads folder

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt

 

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Right-click on  FRSTENGLISH and select

Run as Administrator

and reply YES to allow to proceed

andpress the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will also run scans with MS Defender antivirus.  It will clear all temporary cache for Chrome, Edge, and Firefox browsers.

Depending on the speed of your computer this fix may take 40 minutes or more.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

Link to post
Share on other sites

Hello. Thank you for the Fixlog report. This run is good.
Tell me, at the last time that you saw the "warning-notice" from Microsoft Defender antivirus, was Chrome browser open & in-use ?
Was it perhaps being used to read Email ?
You should consider using the EDGE browser instead of Chrome browser.

The temporary caches of Chrome and Edge have been deleted ( cleared out) as part of the Fix run. However, as you use these browsers and visit websites then the cache area is in use. What Defender antivirus has been complaining about are about "potential phishing" from a website that is visited.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  FULL scan .

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply.

  • Let me suggest that you get your browsers each, as applicable, to have the Malwarebytes Browser Guard.

See Support article how-to

https://support.malwarebytes.com/hc/en-us/articles/360038520374-Install-Malwarebytes-Browser-Guard

See Support article how-to for Firefox
https://support.malwarebytes.com/hc/en-us/articles/4413298841747--Install-Malwarebytes-Browser-Guard-on-Firefox-browser

For the EDGE browser https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser

Note: If the pc also has Opera or Brave or Vivaldi browser, you can install the Chrome version of the Malwarebytes Browser Guard ( on each as appropriate).
 

Link to post
Share on other sites

yes last time i saw the "warning-notice" google browser was opened and i was using it for thes site to read the emails but i'm using edge now and i will attach the log on my next reply when the scan finish
i have 1 question please, can i use the computer after i finish the steps u giving me , i mean while i'm waiting for your next replies is that possible or not?

Link to post
Share on other sites

  • Solution

Yes you can use Windows to run your other work.  But not at the time we run a custom-fix.

Do finish what I listed before. That is important. After those actions have been completed, we need to do 1 more custom Fix. There is a policy setting on Windows Defender that we need to remove. It is what is keeping Defender antivirus from automatically taking action on a detected threat. This here will take care of that.

 

Please run the following custom script. Read all of this before you start. Please Close all open work.

Once the script-run has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program tool:   FRSTEnglish.exe on Downloads folder

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt

 

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Right-click on  FRSTENGLISH and select

Run as Administrator

and reply YES to allow to proceed

andpress the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will also run scans with MS Defender antivirus.  It will clear all temporary cache for Chrome, Edge, and Firefox browsers.

Depending on the speed of your computer this fix may take 40 minutes or more.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.