Octagonal1 Posted March 7 ID:1557775 Share Posted March 7 Hello, I received an email three days ago with the subject line that my email has been hacked, I did not open the email but contacted my ISP regarding my account and they requested that I forward the email to them as I had already downloaded it from their server. When forwarding the email I could see the content in a preview screen and it was certainly requesting that I pay a ransom within 48hrs or my files would be locked (I am not sure whether seeing that preview triggered anything or not). I have Malwarebytes premium and it hasn't detected anything in the scans that I have been performing on a daily basis, additionally there has not been any obvious infection signs. It would certainly put my mind at ease if simply deleting the email would remove any fears that I have that my computer is actually infected. Attached are the required FRST and MB threat log files. TIA for any assistance that you can provide Octagonal1 Addition.txt FRST.txt MB Threat Scan.txt Link to post Share on other sites More sharing options...
1PW Posted March 7 ID:1557780 Share Posted March 7 Hello @Octagonal1 and welcome back: Although the Email is likely a scam, please follow the procedure below: While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions: Download the Malwarebytes Support Tool. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file. In the User Account Control (UAC) pop-up window, click Yes to continue the installation. Run the MBST Support Tool. In the left navigation pane of the Malwarebytes Support Tool, click Advanced. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste. For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent. Thank you. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 7 ID:1557793 Share Posted March 7 Hello. I wanted to mention that "the email" is a type that is classified as "phishing". A "lure" to attempt to trick you into a trap of some sort. Do read this Malwarebytes article https://www.malwarebytes.com/phishing Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 7 ID:1557812 Share Posted March 7 When you get a moment, Uninstall Adobe Flash Player 28 NPAPI Flash player is way way obsolete and is a security risk. That utility was retired a long while back. You do not need it. Also, uninstall Bonjour You do not need that either. Link to post Share on other sites More sharing options...
Octagonal1 Posted March 8 Author ID:1557876 Share Posted March 8 Hello and thanks for the replies 1PW and Maurice, As requested, I have uninstalled Adobe Flash Player 28 NPAPI and Bonjour then ran the Malwarebytes Support Tool (zip file attached). Regards Octagonal1 mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 8 ID:1557886 Share Posted March 8 The Malwarebytes scan of morning of 7th March is good. Have you done a scan with the Kaspersky Total Security today? If not, please do that. Note that I do not expect any actual infection as a after-effect of getting the phishing email message, That was a scam and a lure. Link to post Share on other sites More sharing options...
Octagonal1 Posted March 8 Author ID:1557889 Share Posted March 8 The Kaspersky license expired some time ago and I haven't renewed it so I cannot scan with that program, I've been relying on my Malwarebytes premium only Do you suggest doing an online scan with another program? Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 8 ID:1557938 Share Posted March 8 11 hours ago, Octagonal1 said: The Kaspersky license expired some time ago and I haven't renewed it so I cannot scan with that program, Are you real sure that the Kaspersky will not run ? I mean to say, see about launching the program and attempt a scan with Kaspersky. Unfortunately, since this machine is running Vista Service pack 2 ( which reached end of Microsoft life support) as of Apr 11, 2017, ( that is the Extended end date. The actual mainstream end-date was April 2009) there are a very few antivirus tools that can possibly be used to check it.I am honestly not sure that the Microsoft Safety Scanner will run on this. However, let us give it a try. If it errors out, kindly provide the error-exception message you see. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned. Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those. We only rely on the end result that is on the log-report-file. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at Windows\debug\msert.log Please attach that log with your reply. Link to post Share on other sites More sharing options...
Octagonal1 Posted March 9 Author ID:1557987 Share Posted March 9 Yes really, KTS won't scan as it's asking me to renew license to be able to (see attached screen msgs), I can open KTS but scanning and updates are disabled as it has been a couple of years since the license expired (The warning and issue in one ss refer to License not current and a couple of updates not installed). I downloaded MSERT and unfortunately it will not run (see attached screen msgs), it appears that Windows 7 is the minimum version required to run. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 9 ID:1557989 Share Posted March 9 (edited) Delete MSERT.exe It needs to be said: If KTS does not scan, and if you will not be renewing the license, then you ought to Uninstall KTS. Yes, MSERT minimum is at least having Windows 7. It needs to be said, also, you ought to seriously think of migrating onto a new machine capable of running Windows 11. This machine "should " be able to run a scan of the TrendMicro Housecall scan tool. TrendMicro HouseCall scan https://www.trendmicro.com/en_us/forHome/products/housecall.html First, Download & Save to your Downloads folder the appropriate HouseCallLauncher Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it. The program will check with TrendMicro & do a update run. Next it will show the Disclosure window. Click Next to proceed. The end user license agreement is presented. Click the Accept radio button & click Next to proceed. I suggest a CUSTOM scan on C drive. IF you wish a Full scan or a Custom scan, first click on the Settings then you can select which drives you want to include in the scan. The default is a Quick scan. Click Scan now when ready. The scan progress will then be displayed. Monitor the progress or just leave it alone until it finishes this phase. When the scan phase has completed, if any items are tagged, you will see a list, showing the file & its location, the classification of the threat, the type, risk, and Action option. If you see an item that you know is safe, you can click the Action , and select Ignore. When all done & ready, click the Fix now button. Edited March 9 by Maurice Naggar 1 Link to post Share on other sites More sharing options...
Octagonal1 Posted March 9 Author ID:1558025 Share Posted March 9 Hey Maurice, As requested, I deleted MSERT.exe and removed KTS. I could load the TrendMicro page ok and I attempted several times to download the Housecall Launcher but the webpage kept hanging when I tried to download the Launcher (maybe outdated browser issue... I'm not sure), so I downloaded the Launcher file using another device and transferred it to the computer. However, when running the file it would get to 67% and then throw an error msg relating to "an internal error" (error msg attached, and yes I ensured that it was the correct platform and version), I tried to run the file several times but got the same result each time. The 48hrs has expired and I still appear to have all files intact on the computer, so possibly it was just a phishing email and I will take your advice and purchase a new updated desktop computer to migrate to. I apologise if I have been an inconvenience or wasted your valuable time and sincerely thank you for your patience in dealing with my issue. One last thing, do you recommend installing another AV program to run alongside MB on the new computer and if so, which one do you suggest? Regards Octagonal1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 9 ID:1558026 Share Posted March 9 Windows 11 ( as does Windows 10) comes pre-equipped and loaded with Microsoft Defender antivirus as "the" antivirus. You will do fine with it alongside Malwarebytes Premium. Go ahead and delete the Trendmicro Housecall download. Too bad it too could not run. Alas, Vista is an operating system from the 1st decade of this century. Do realize that security holes even in the current operating systems are discovered on a ongoing basis. It is key to have a modern , current, and up-to-date Operating System. I would recommend getting a readout report as to update status of some key apps. Download SecurityCheck by glax24 from here and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
Octagonal1 Posted March 10 Author ID:1558153 Share Posted March 10 When running SmartScreen a msg box came up about not being able to connect to internet and asked if I wanted to use local files or something, I clicked OK and the file ran. As requested, report is attached SecurityCheck.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted March 10 Solution ID:1558159 Share Posted March 10 Per the SeecurityCheck report, these programs need your attention & follow-up. Microsoft Office Enterprise 2007 v.12.0.6612.1000 Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice Microsoft .NET Framework 4.5.2 v.4.5.51209 Warning! Download Update Microsoft Office 2007 Service Pack 3 (SP3) Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice NVIDIA GeForce Experience 2.1.1 v.2.1.1 Warning! Download Update HandBrake 1.0.7 v.1.0.7 Warning! Download Update VLC media player 2.0.5 v.2.0.5 Warning! Download Update iTunes v.12.1.3.6 Warning! Download Update^Please use Apple Software Update tool.^ QuickTime v.7.74.80.86 Warning! This software is no longer supported. Please uninstall it and use another software. Adobe AIR v.2.7.1.19610 Warning! This software is no longer supported. Please uninstall it. Adobe Reader X (10.1.16) v.10.1.16 Warning! This software is no longer supported. Please uninstall it and use Adobe Acrobat Reader DC. Mozilla Firefox 52.9.0 ESR (x86 en-GB) v.52.9.0 Warning! Download Update Mozilla Thunderbird 52.9.1 (x86 en-GB) v.52.9.1 Warning! Download Update Link to post Share on other sites More sharing options...
Octagonal1 Posted March 11 Author ID:1558244 Share Posted March 11 Hi Maurice, A new PC next week will be purchased next week and the programs that I no longer use will be deleted and all necessary ones I will update accordingly. I thank you for your time and patience, you can close this thread as I believe it is now resolved. Regards Octagonal1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 11 ID:1558277 Share Posted March 11 Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop.right-click kprm_(version).exe and select Run as Administrator.Read and accept the disclaimer.When the tool opens, ensure all boxes under Actions are checked.Under Delete Quarantines select Delete Now, then click Run.Once complete, click OK.A log will open in Notepad titled kprm-(date).txt.You may attach that file to your next reply. (not compulsory)Sincerely. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 22 ID:1559977 Share Posted March 22 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you 1 Link to post Share on other sites More sharing options...
Recommended Posts