Jump to content

Trouble completing scan and removing viruses !

Lexony34
 Share
Go to solution Solved by Maurice Naggar,

Recommended Posts

Lexony34

Lexony34

Posted
  • Author
Posted

Yes indeed, I carried out a complete analysis with Kaspersky He didn't find anything.

Regarding the progress of the Malwarebytes scanning process, it has surely blocked an element in the "Starting Element Analysis" section as in the past

Earlier in the day when I performed the scan while in Safe Mode; he was able to finish the Scan without worry.

And finally, I have 2 browsers, namely Microsoft EDGE and Opera. I notice that Opera does not start.

Link to post
Share on other sites
  • Replies 84
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Lexony34
Lexony34

Good morning 1PW, I followed advice and execute your recommendations; here is the diagnostic file. Although having succeeded, during the log collection, the laptop disconnected itself

Maurice Naggar
Maurice Naggar

Stop all personal use of the system. Exit out of your programs. We have to do a 2nd custom-fix-run. Please run the following custom script. Read all of this before you start. Please Close all ope

Maurice Naggar
Maurice Naggar

En Francais  aucune action requse In English no action required Questions: This is from Windows Security / Microsoft Defender antivirus, right ? Q: Did you launch ( start ) this on yo

Posted Images

Maurice Naggar

Maurice Naggar

Posted
Posted

Let us forget for the time being about OPERA. We need to finish the special scan I listed a few minutes ago for the Malwarebytes scan. Then attach a copy of that Scan report. Do not use the computer for any other purpose. NOTE: a earlier run of Malwarebytes indicated system had a potential serious malware. And then beyond that, the machine is back to having  that blasted "Windows Manager". Not surprising since you have done a Restore to a earlier period. Again, do not add or make any changes or adjustments on your own. Wait for me to guide you. We have a lot of work ahead

NO do not go into safe mode. Just wait for that program to end, if possible. !!!

Link to post
Share on other sites
Lexony34

Lexony34

Posted
  • Author
Posted

I don't mean to be pushy or anything, but I've already told you about it and it's happening again.

This Malwarebytes analysis gets stuck, stops moving forward, stays at the same level, doesn't move any more, once you get to "Startup elements analysis".
As a result of this, time passes and hours go by without the analysis advancing or ending.

I had left this analysis one evening before going to sleep following your advice and the next morning after 6h15min of displayed duration, it had still not finished or moved.

So by leaving it like that it will not move an inch. The problem with the analysis is repeating; I could describe it as infinite loading.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

If Malwarebytes is still "stuck: then press and hold the ALT-key on the keyboard and then press the F4-function key to force a Close of Malwarebytes. If that is not possible, bring up Task Manager and then find the process "mbam.exe" and click on it and then select End Task.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

This next tool ought to take something in the range of 15 - 25 minutes tops, depending on hardware speed. Although perhaps because this machine is so infected, allow it an hour or so.  
get & run the Malwarebytes MBAR anti-rootkit tool to do 1 run with it.
Disregard the title subject of the topic.Run the MBAR tool as listed here 

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes

  • when done, I need the MBAR logs.
  • Upon completion of the scan or after the reboot, two files named mbar-log.txt and system-log.txt will be created.
  • Both files can be found in the extracted MBAR folder on your Desktop.
  • Please attach both files in your next reply.
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Be very sure that the Windows system did one Restart since the finish of the run of MBAR. It needed the Reboot to finish its cleanups.
This run if a very significant cleanup. It found several trojans, lots of Riskware, plus a major TROJAN
AppServicex (Backdoor.Farfli)

Now a different scan with another security scanner. 

This with Kaspersky KVRT tool.

Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop.

Next, Select the Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\hp\DESKTOP\KVRT.exe will now show in the run box.

user posted image

add 
-dontencrypt

Note the space between KVRT.exe and -dontencrypt

C:\Users\hp\DESKTOP\KVRT.exe -dontencrypt 

should now show in the Run box.

user posted image

That addendum to the run command is very important.


To start the scan select OK in the "Run" box.



The Windows Protected your PC window "may" open, IF SO then select "More Info"

user posted image

A new Window will open, select "Run anyway"

user posted image

A EULA window will open, tick both confirmation boxes then select "Accept"

user posted image

In the new window select "Change Parameters"

user posted image

 
  • In the new window ensure the following boxes are ticked:
    • System memory
    • Startup objects
    • Boot sectors
    • System drive
  • Then select "OK" and „Start scan“.

The Kaspersky tool is very thorough so will take a considerable time to complete, please allow it to finish. Also while Kaspersky runs do not use your PC for anything else..

  • completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue".
  • Usually, your system needs a reboot to finish the removal process.
  • Logfiles can be found on your systemdrive (usually C: ), similar like this:

Reports are saved here C:\KVRT_data\Reports and look similar to this report_20230323_103000.klr

  • Right click direct onto those reports, select > open with > Notepad.
  • Save the files and attach them with your next reply
Link to post
Share on other sites
Lexony34

Lexony34

Posted
  • Author
Posted

Hello Maurice,

Yesterday, I carefully carried out the steps, to the finding; I think it reproduces the behavior of Malwarebytes software.
I left it yesterday before going to sleep and this morning I see that it has not finished, nor even advanced.

I took some pictures.
I remember that when I was in safe mode the analysis of « Malwarebytes » that loads infinitely could finish there and that's how I had attached the file "Malwarebytes.txt" (Named by me)

So here it is, the problem is still repeating itself, I'm waiting for your instructions

 

1C79255A-32DF-4295-A6EE-368CB1BE6FE7.jpeg

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

It is possible that Kaspersky may have needed much more time to finish all scanning. If a scan is still "stuck: then press and hold the ALT-key on the keyboard and then press the F4-function key to force a Close. If that is not possible, bring up Task Manager and then find the process  and click on it and then select End Task.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Stop all personal use of the system. Exit out of your programs. 

Please run the following custom script. Read all of this before you start. Please Close all open work.

Once the script-run has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program :  is FRSTENGLISH.exe which is already present 

Please download the attached fixlist.txt file and save it to C:\Users\hp\Downloads

Fixlist.txt< - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRSTENGLISH and select 

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will reset the Winsock & Hosts. It will attempt to clear all Cache and history on web browsers. Depending on the speed of your computer this fix may take 50-55 minutes or more.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Stop all personal use of the system. Exit out of your programs. We have to do a 2nd custom-fix-run.

Please run the following custom script. Read all of this before you start. Please Close all open work.

Once the script-run has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program :  is FRSTENGLISH.exe which is already present 

Please download the attached fixlist.txt file and save it to C:\Users\hp\Downloads

Fixlist.txt< - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRSTENGLISH and select 

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

  • Thanks 1
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

The run is good. Reminder from here forward, we do not want to use System Restore to do any reversion. In other words, we want to not go to even consider going backward. Instead, we want to stay and keep going forward. We want to do a scan with MS Defender antivirus. Let it run for as long as it needs to. No time limit, no concern.

Do a custom scan with Microsoft Defender Antivirus 

Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan.

From the Windows Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

Next, In Windows Security section: Click on the grey button Open Windows Security

Now, click on the shield Virus and threat protection

Look to see that Microsoft Defender is shown & available for use.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.   Click that & select CUSTOM scan & then pick the C drive  & have it go forward.

Once it has started the scan phase, you can go take a long break.   Let me know the results. You will see the final result on-screen.

Edited by Maurice Naggar
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.