Lexony34 Posted March 21, 2023 Author ID:1559881 Share Posted March 21, 2023 Yes indeed, I carried out a complete analysis with Kaspersky He didn't find anything. Regarding the progress of the Malwarebytes scanning process, it has surely blocked an element in the "Starting Element Analysis" section as in the past Earlier in the day when I performed the scan while in Safe Mode; he was able to finish the Scan without worry. And finally, I have 2 browsers, namely Microsoft EDGE and Opera. I notice that Opera does not start. Link to post Share on other sites More sharing options...
Lexony34 Posted March 21, 2023 Author ID:1559885 Share Posted March 21, 2023 Do I have to go back to Safe Mode to continue ? 🤔 Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 21, 2023 ID:1559886 Share Posted March 21, 2023 Let us forget for the time being about OPERA. We need to finish the special scan I listed a few minutes ago for the Malwarebytes scan. Then attach a copy of that Scan report. Do not use the computer for any other purpose. NOTE: a earlier run of Malwarebytes indicated system had a potential serious malware. And then beyond that, the machine is back to having that blasted "Windows Manager". Not surprising since you have done a Restore to a earlier period. Again, do not add or make any changes or adjustments on your own. Wait for me to guide you. We have a lot of work ahead NO do not go into safe mode. Just wait for that program to end, if possible. !!! Link to post Share on other sites More sharing options...
Lexony34 Posted March 21, 2023 Author ID:1559888 Share Posted March 21, 2023 It's understood, I don't touch anything anymore and wait until the end of the scan Sorry 🙏🏼 Link to post Share on other sites More sharing options...
Lexony34 Posted March 21, 2023 Author ID:1559910 Share Posted March 21, 2023 I don't mean to be pushy or anything, but I've already told you about it and it's happening again. This Malwarebytes analysis gets stuck, stops moving forward, stays at the same level, doesn't move any more, once you get to "Startup elements analysis". As a result of this, time passes and hours go by without the analysis advancing or ending. I had left this analysis one evening before going to sleep following your advice and the next morning after 6h15min of displayed duration, it had still not finished or moved. So by leaving it like that it will not move an inch. The problem with the analysis is repeating; I could describe it as infinite loading. Link to post Share on other sites More sharing options...
Lexony34 Posted March 21, 2023 Author ID:1559912 Share Posted March 21, 2023 Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 22, 2023 ID:1559964 Share Posted March 22, 2023 If Malwarebytes is still "stuck: then press and hold the ALT-key on the keyboard and then press the F4-function key to force a Close of Malwarebytes. If that is not possible, bring up Task Manager and then find the process "mbam.exe" and click on it and then select End Task. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 22, 2023 ID:1559967 Share Posted March 22, 2023 This next tool ought to take something in the range of 15 - 25 minutes tops, depending on hardware speed. Although perhaps because this machine is so infected, allow it an hour or so. get & run the Malwarebytes MBAR anti-rootkit tool to do 1 run with it. Disregard the title subject of the topic.Run the MBAR tool as listed here https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes when done, I need the MBAR logs. Upon completion of the scan or after the reboot, two files named mbar-log.txt and system-log.txt will be created. Both files can be found in the extracted MBAR folder on your Desktop. Please attach both files in your next reply. Link to post Share on other sites More sharing options...
Lexony34 Posted March 22, 2023 Author ID:1560014 Share Posted March 22, 2023 L’analyse est à présent Terminée Link to post Share on other sites More sharing options...
Lexony34 Posted March 22, 2023 Author ID:1560015 Share Posted March 22, 2023 The analysis is now completed. Here are the files. mbar-log-2023-03-22 (17-42-25).txt system-log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 22, 2023 ID:1560040 Share Posted March 22, 2023 Be very sure that the Windows system did one Restart since the finish of the run of MBAR. It needed the Reboot to finish its cleanups. This run if a very significant cleanup. It found several trojans, lots of Riskware, plus a major TROJAN AppServicex (Backdoor.Farfli) Now a different scan with another security scanner. This with Kaspersky KVRT tool. Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop. Next, Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\hp\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencryptC:\Users\hp\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important. To start the scan select OK in the "Run" box. The Windows Protected your PC window "may" open, IF SO then select "More Info" A new Window will open, select "Run anyway" A EULA window will open, tick both confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure the following boxes are ticked: System memory Startup objects Boot sectors System drive Then select "OK" and „Start scan“. The Kaspersky tool is very thorough so will take a considerable time to complete, please allow it to finish. Also while Kaspersky runs do not use your PC for anything else.. completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue". Usually, your system needs a reboot to finish the removal process. Logfiles can be found on your systemdrive (usually C: ), similar like this: Reports are saved here C:\KVRT_data\Reports and look similar to this report_20230323_103000.klr Right click direct onto those reports, select > open with > Notepad. Save the files and attach them with your next reply Link to post Share on other sites More sharing options...
Lexony34 Posted March 23, 2023 Author ID:1560103 Share Posted March 23, 2023 Hello Maurice, Yesterday, I carefully carried out the steps, to the finding; I think it reproduces the behavior of Malwarebytes software. I left it yesterday before going to sleep and this morning I see that it has not finished, nor even advanced. I took some pictures. I remember that when I was in safe mode the analysis of « Malwarebytes » that loads infinitely could finish there and that's how I had attached the file "Malwarebytes.txt" (Named by me) So here it is, the problem is still repeating itself, I'm waiting for your instructions Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 23, 2023 ID:1560130 Share Posted March 23, 2023 It is possible that Kaspersky may have needed much more time to finish all scanning. If a scan is still "stuck: then press and hold the ALT-key on the keyboard and then press the F4-function key to force a Close. If that is not possible, bring up Task Manager and then find the process and click on it and then select End Task. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 23, 2023 ID:1560133 Share Posted March 23, 2023 Stop all personal use of the system. Exit out of your programs. Please run the following custom script. Read all of this before you start. Please Close all open work. Once the script-run has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program : is FRSTENGLISH.exe which is already present Please download the attached fixlist.txt file and save it to C:\Users\hp\Downloads Fixlist.txt< - - - NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Use File Explorer to go to the Downloads folder RIGHT-Click on FRSTENGLISH and select RUN as Administrator and reply YES to allow it to go forward to start. That is important so that this run has Elevated Administrator rights !! NEXT press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will reset the Winsock & Hosts. It will attempt to clear all Cache and history on web browsers. Depending on the speed of your computer this fix may take 50-55 minutes or more. The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. Link to post Share on other sites More sharing options...
Lexony34 Posted March 23, 2023 Author ID:1560138 Share Posted March 23, 2023 The analysis is now finished FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 23, 2023 ID:1560150 Share Posted March 23, 2023 Did you do the FIX procedure? Please re-read my prior posted reply. What I am looking for is the Fixlog.txt Link to post Share on other sites More sharing options...
Lexony34 Posted March 23, 2023 Author ID:1560176 Share Posted March 23, 2023 I apologize for my mistake 🙏 Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 24, 2023 ID:1560241 Share Posted March 24, 2023 Stop all personal use of the system. Exit out of your programs. We have to do a 2nd custom-fix-run. Please run the following custom script. Read all of this before you start. Please Close all open work. Once the script-run has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program : is FRSTENGLISH.exe which is already present Please download the attached fixlist.txt file and save it to C:\Users\hp\Downloads Fixlist.txt< - - - NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Use File Explorer to go to the Downloads folder RIGHT-Click on FRSTENGLISH and select RUN as Administrator and reply YES to allow it to go forward to start. That is important so that this run has Elevated Administrator rights !! NEXT press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. 1 Link to post Share on other sites More sharing options...
Lexony34 Posted March 24, 2023 Author ID:1560253 Share Posted March 24, 2023 Everything was successfully executed Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 24, 2023 ID:1560261 Share Posted March 24, 2023 (edited) The run is good. Reminder from here forward, we do not want to use System Restore to do any reversion. In other words, we want to not go to even consider going backward. Instead, we want to stay and keep going forward. We want to do a scan with MS Defender antivirus. Let it run for as long as it needs to. No time limit, no concern. Do a custom scan with Microsoft Defender Antivirus Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan. From the Windows Start menu, select Settings, then select Update and Security. Next, look at the left-side menu & select Windows Security Next, In Windows Security section: Click on the grey button Open Windows Security Now, click on the shield Virus and threat protection Look to see that Microsoft Defender is shown & available for use. Please also note that the Scan options (all) can be displayed by clicking on Scan options. Click that & select CUSTOM scan & then pick the C drive & have it go forward. Once it has started the scan phase, you can go take a long break. Let me know the results. You will see the final result on-screen. Edited March 24, 2023 by Maurice Naggar Link to post Share on other sites More sharing options...
Lexony34 Posted March 24, 2023 Author ID:1560386 Share Posted March 24, 2023 Good evening Maurice, The analysis went well, he managed to find two threats (Picture) Do I have to click on the "Intervene" button ? Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 24, 2023 ID:1560391 Share Posted March 24, 2023 ( Since it looks like the 2 files were not automatically removed). YES you have to take action. Do what you can from the action button and what it allows, so that items are removed. Link to post Share on other sites More sharing options...
Lexony34 Posted March 25, 2023 Author ID:1560441 Share Posted March 25, 2023 Yesterday I followed your recommendations to let him intervene and this morning, I see that the wheel is still turning without result. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 25, 2023 ID:1560516 Share Posted March 25, 2023 En Francais aucune action requse In English no action required Questions: This is from Windows Security / Microsoft Defender antivirus, right ? Q: Did you launch ( start ) this on your own action? 1 Link to post Share on other sites More sharing options...
Lexony34 Posted March 25, 2023 Author ID:1560518 Share Posted March 25, 2023 Q1: Yes this is from Microsoft Defender security Q2: I only clicked on intervene as you advised me and nothing else Link to post Share on other sites More sharing options...
Recommended Posts