Jump to content

.scr file careless installation.


Recommended Posts

I need urgent help, a few hours ago I downloaded a file from a client, which I unzipped and opened the SCR format, "screensaver", when the file was not opened after a few clicks, I realized that it was a virus, and then I downloaded the malware program and it found 17 files then I deleted, but I think scr was not found. , I also have a video that I scanned and all the files are visible, I'm just scared and wondering if its was deleted, I don't know and maybe you can help me make a round for it. what can i do?

Link to post
Share on other sites

Hi. My name is Maurice. I will guide you. I will need a report ( later on) to see what exactly Malwarebytes found, as well as more diagnostic info about the current state of this machine. But first, 

As a next step, I suggest the following:

This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool.

This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run.

Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on CUSTOM scan  and select C drive to be scanned
  • Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"
  • and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours.

  • At screen "Detections occurred and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites

Hello, are you here? need help, 

I'm scanning now as you told me, I've also scanned with the malware program yesterday and I can send you the log, is there any difference? Because yesterday the malware found 17 files, and I can also send you the virus file to see if it has been removed and if it is still on the computer, please

Link to post
Share on other sites

Firstly, allow the ESET onlinescanner to fully finish. Next, attach its log in a new reply.

After that, here is what I need.
I would like a report set for review. This is a report only.

Please download MALWAREBYTES MBST Support Tool

  1. Once you start it click Advanced >>> then Gather Logs
  2. Have patience till the run has finished.
  3. Attach the mbst-grab-results.zip from the Desktop to your reply..
  4. This will provide me all the history of Malwarebytes, as well as provide diagnostic report about the system.

NOTE: Please understand that I am a volunteer here on this board. That I am not online all the time. Kindly also understand I get notified of all your reply posts. But this is not like a live chat session.

Link to post
Share on other sites

  • Staff

Although this is in the Windows forums, and you'll need to wait for someone else for info on the .scr file, among the other contents of that zip file is a Mac disk image file named "Document for signatre MacOS(NDA).dmg". That file is a variant of the OSX.MacStealer malware, recently discovered by Uptycs:

https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware

Link to post
Share on other sites

  • Staff

A .scr file will not run on a Mac. I can't tell you if that file is malicious on a Windows machine or not. You'll need to wait for a Windows specialist to respond.

All I can say is that there is definitely malware in that zip file, and warn you against opening that particular file on a Mac, if you have one.

Link to post
Share on other sites

3 minutes ago, treed said:

A .scr file will not run on a Mac. I can't tell you if that file is malicious on a Windows machine or not. You'll need to wait for a Windows specialist to respond.

All I can say is that there is definitely malware in that zip file, and warn you against opening that particular file on a Mac, if you have one.

I'll wait, but I've already opened the scr file on my Windows computer, and I've run diagnostics and I'll go to this forum to see it, thank you, and I'm worried, I just don't turn on the computer for the second day already.

Link to post
Share on other sites

Hello @bosston Please follow-up with these steps. Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article
Please use this Guide 

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted items from a system. This tool does not install. It is run on-demand.

This link is for the 64-bit version of MSERT.exe . Be sure you save the file first
https://definitionupdates.microsoft.com/download/DefinitionUpdates/safetyscanner/amd64/MSERT.exe

Upon completion of the save, Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.


This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

It is normal for the Microsoft Safety Scanner to show 'detections' during the scan process on the screen itself.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Link to post
Share on other sites

It doesn't seem like anything to the computer, it doesn't pop-up anything foreign on the screen and so on, but I was wondering if the previous files I put there were there scr file or not, it doesn't seem like the computer is stuck or anything like that. i dont know but result is this 🤍

Link to post
Share on other sites

It is normal for the Microsoft Safety Scanner to show 'detections' during the scan process on the screen itself.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not. The bottom line: MS Safety Scanner found NO threats.

Quote

Microsoft Safety Scanner v1.387, (build 1.387.172.0)
Started On Thu Apr  6 20:34:50 2023

Engine: 1.1.20200.4
Signatures: 1.387.172.0
MpGear: 1.1.16330.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.

 

Link to post
Share on other sites

Now a different scan with another security scanner. 

This with Kaspersky KVRT tool.

Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop.

Next, Select the Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\Tengo's PC\DESKTOP\KVRT.exe will now show in the run box.

user posted image

add
-dontencrypt

Note the space between KVRT.exe and -dontencrypt

C:\Users\Tengo's PC\DESKTOP\KVRT.exe -dontencrypt 

should now show in the Run box.

user posted image

That addendum to the run command is very important.


To start the scan select OK in the "Run" box.



The Windows Protected your PC window "may" open, IF SO then select "More Info"

user posted image

A new Window will open, select "Run anyway"

user posted image

A EULA window will open, tick both confirmation boxes then select "Accept"

user posted image

In the new window select "Change Parameters"

user posted image

 
  • In the new window ensure the following boxes are ticked:
    • System memory
    • Startup objects
    • Boot sectors
    • System drive
  • Then select "OK" and „Start scan“.

The Kaspersky tool is very thorough so will take a considerable time to complete, please allow it to finish. Also while Kaspersky runs do not use your PC for anything else..

  • completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue".
  • Usually, your system needs a reboot to finish the removal process.
  • Logfiles can be found on your systemdrive (usually C: ), similar like this:

Reports are saved here C:\KVRT_data\Reports and look similar to this report_20230407_103000.klr

  • Right click direct onto those reports, select > open with > Notepad.
  • Save the files and attach them with your next reply
Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

  • Like 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.