theoldmole Posted March 19, 2023 ID:1559494 Share Posted March 19, 2023 Browser windows are opening and closing whenever I open up Chrome. It looks like it is trying to be redirected to another website. Browser Guard is also logging these. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 19, 2023 ID:1559504 Share Posted March 19, 2023 Hello I will guide you along on looking for remaining malware. Lets keep these principles as we go along. Removing malware can be unpredictable Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. For the time being, Close Chrome, and just use the EDGE browser. If possibly you have a browser issue, can you try using a different web browser? But in any event, always SAVE the downloads I guide you to. Then after download is complete, you go to the file using File Explorer. and only then, launch it from there. Let's do one special run with Malwarebytes Adwcleaner. It will not take much time, Read over all lines before starting so that you have a good understanding of the whole method. Take your time and go careful. I ant to make sure you select all of what I list below - before- pressing the "scan" button. First download & save it guide & download link Then go to where the EXE file is saved. Start Adwcleaner. Do not rush. There are a few first choices to set as I have listed below. Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt. When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window by clicking their button to the far-right for ON status Delete IFEO keys Delete tracing keys Delete Prefetch files Reset Proxy Reset IE Policies Reset Chrome policies Reset Winsock Reset HOSTS file ONLY after you have set the selections above ....only after that ..... Now On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan. This can take several minutes. When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button To remove what it found. AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean. Click on the “Continue” button to finish the removal process. Guide article Attach the clean log from Adwcleaner when all completed. For example AdwCleaner[C00],txt There is much more to do even after this. Link to post Share on other sites More sharing options...
theoldmole Posted March 19, 2023 Author ID:1559520 Share Posted March 19, 2023 AdwCleaner[S00].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 19, 2023 ID:1559528 Share Posted March 19, 2023 run this report Please download MALWAREBYTES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Have patience till the run has finished. Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop to your reply.. Link to post Share on other sites More sharing options...
theoldmole Posted March 20, 2023 Author ID:1559583 Share Posted March 20, 2023 (edited) Am I able to PM you the results? Edited March 20, 2023 by theoldmole Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 20, 2023 ID:1559635 Share Posted March 20, 2023 For this one file, for this one time, yes you may Link to post Share on other sites More sharing options...
theoldmole Posted March 20, 2023 Author ID:1559665 Share Posted March 20, 2023 I have sent it. Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted March 20, 2023 Solution ID:1559698 Share Posted March 20, 2023 (edited) Hello @theoldmole Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article Please use this Guide ( 2 ) We likely will be doing several different tasks. Please run the following custom script. Read all of this before you start. Please Close all open work. Once AFTER the script-run has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program : is FRSTENGLISH.exe The tool is there already on Downloads. We will use it to run a custom-script. Please download the attached fixlist.txt file and save it to Downloads folder < - - - NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Use File Explorer to go to the Downloads folder RIGHT-Click on FRSTENGLISH and select RUN as Administrator and reply YES to allow it to go forward to start. That is important so that this run has Elevated Administrator rights !! NEXT press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will reset the Winsock. It will attempt to clear all Cache and history on web browsers. Depending on the speed of your computer this fix may take 40-50 minutes or more. The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. 👈 Edited March 20, 2023 by Maurice Naggar Link to post Share on other sites More sharing options...
theoldmole Posted March 20, 2023 Author ID:1559708 Share Posted March 20, 2023 Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 20, 2023 ID:1559717 Share Posted March 20, 2023 Question: At this point, is Chrome browser more normal ? In any event, do a new scan with Malwarebytes & let me know the result. Link to post Share on other sites More sharing options...
theoldmole Posted March 20, 2023 Author ID:1559718 Share Posted March 20, 2023 Chrome browser is working well and a threat scan is showing nothing. Did the logs show any viruses or malware? Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 21, 2023 ID:1559854 Share Posted March 21, 2023 The custom-script run is a good run. Understand, that run does not determine whether or not there is some kind of infection. So what does do that? Malwarebytes can do that. So can Microsoft Defender. So, do one new scan with Malwarebytes. Then do a new scan with Microsoft Defender. 1 Link to post Share on other sites More sharing options...
theoldmole Posted March 21, 2023 Author ID:1559862 Share Posted March 21, 2023 Those scans detected nothing and everything is fine now. How do I go about removing what you have asked to me download? Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 22, 2023 ID:1559970 Share Posted March 22, 2023 That is excellent status news. At this point, some cleanups. Temporarily disable Microsoft SmartScreen to download the next software below. Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. You may attach that file to your next reply. (not compulsory) When all done, you may go back to turn ON the EDGE Smartscreen protection. Sincerely. 1 Link to post Share on other sites More sharing options...
theoldmole Posted March 22, 2023 Author ID:1559987 Share Posted March 22, 2023 You can go ahead and close this now. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 22, 2023 ID:1559999 Share Posted March 22, 2023 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts