Jump to content

Potentially comprised


Recommended Posts

I noticed some suspicious behavior on my PC. Specifically event id 4104 in PowerShell event logs as well as some security events id 4624 network logons (type 3). I did a clean windows install from USB but I still see some irregular activity. Specifically some crss.exe processes that have permissions changed some procexp can't read it.or verify the sig. I have tried to boot into safe mode and run mbam repair but the logs show access denied when tried to stop services specifically wmi and bfe.

 

Let me know what I need to share here.

 

Link to post
Share on other sites

Hello @cyclone306 and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent.

Thank you.

Link to post
Share on other sites

Hello :welcome: @cyclone306

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not make changes, adjustments or add any program or tool on your own.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

Start with this:
( 1 )
Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article
Please use this Guide

( 2 )
Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

( 3 )
What follows is just the beginning first steps. We will be doing several tasks over several rounds. Please have lots of patience.

Please run the following custom script. Read all of this before you start. Please Close all open work.

Farbar program :  is FRSTENGLISH.exe is already on this machine

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt <-- - - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRSTENGLISH and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  It will also run scans with MS Defender antivirus. Depending on the speed of your computer this fix may take 50-55 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. 

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera + Brave caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply.

  • Thanks 1
Link to post
Share on other sites

Thank you. The custom-run is good & also beneficial. Windows' System File Checker ( SFC ) has made corrections. Windows Resource Protection found corrupt files and successfully repaired them.

One special antivirus/ anti-malware scan here.

TrendMicro HouseCall scan

https://www.trendmicro.com/en_us/forHome/products/housecall.html

First, Download & Save to your Downloads folder the appropriate HouseCallLauncher
Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.

The program will check with TrendMicro & do a update run.

Next it will show the Disclosure window.

Click Next to proceed.

The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.

I suggest a CUSTOM scan on C drive.

IF you wish a Full scan or a Custom scan, first click on the Settings

then you can select which drives you want to include in the scan.

The default is a Quick scan.

Click Scan now when ready.

The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.

When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.

If you see an item that you know is safe, you can click the Action  , and select Ignore.

When all done & ready, click the Fix now button.

  • Like 1
Link to post
Share on other sites

Hi Maurice the scan found no infections except I saw this trigger tonight at 302am tonight as remote command exection 4104 in powershell

 

Creating Scriptblock text (1 of 1):
# Copyright © 2008, Microsoft Corporation. All rights reserved.


#Common utility functions
Import-LocalizedData -BindingVariable localizationString -FileName CL_LocalizationData

# Function to get user troubleshooting history
function Get-UserTSHistoryPath {
    return "${env:localappdata}\diagnostics"
}

# Function to get admin troubleshooting history
function Get-AdminTSHistoryPath {
    return "${env:localappdata}\elevateddiagnostics"
}

# Function to get user report folder path
function Get-UserReportPath {
    return "${env:localappdata}\Microsoft\Windows\WER\ReportQueue"
}

# Function to get system report folder path
function Get-MachineReportPath {
    return "${env:AllUsersProfile}\Microsoft\Windows\WER\ReportQueue"
}

# Function to get threshold to check whether a folder is old
function Get-ThresholdForCheckOlderFile {
    [int]$threshold = -1
    return $threshold
}

# Function to get threshold for deleting WER folder
function Get-ThresholdForFileDeleting() {
    [string]$registryEntryPath = "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting"
    [string]$registryEntryName = "PurgeThreshholdValueInKB"
    [double]$defaultValue = 10.0

    return Get-RegistryValue $registryEntryPath $registryEntryName $defaultValue
}

# Function to get the size of a directory in kb
function Get-FolderSize([string]$folder = $(throw "No folder is specified")) {
    if([String]::IsNullOrEmpty($folder) -or (-not(Test-Path $folder))) {
        return 0
    }

    if(-not $Global:DirectoryObject) {
        $Global:DirectoryObject = New-Object -comobject "Scripting.FileSystemObject"
    }

    return ($Global:DirectoryObject.GetFolder($folder).Size) / 1kb
}

# Function to delete a folder
function Delete-Folder([string]$folder = $(throw "No folder is specified")) {
    if([String]::IsNullOrEmpty($folder) -or (-not(Test-Path $folder))) {
        return
    }

    Remove-Item -literalPath $folder -Recurse -Force
}

# Function to delete old folders
function Delete-OldFolders($folder=$(throw "No folder is specified")) {
    if(($folder -eq $null) -or (-not(Test-Path $folder))) {
        return
    }

    [int]$threshold = Get-ThresholdForCheckOlderFile
    $folders = Get-ChildItem -LiteralPath ($folder.FullName) -Force | Where-Object {$_.PSIsContainer}
    if($folders -ne $null) {
        foreach($folder in $folders) {
            if((($folder.CreationTime).CompareTo((Get-Date).AddMonths($threshold))) -lt 0) {
                Delete-Folder ($folder.FullName)
            } else {
                Delete-OldFolders (Get-Item ($folder.FullName))
            }
        }
    }
}

# Function to get registry value
function Get-RegistryValue([string]$registryEntryPath = $(throw "No registry entry path is specified"), [string]$registryEntryName = $(throw "No registry entry name is specified"), [double]$defaultValue = 0.0) {
    [double]$registryEntryValue = $defaultValue

    $registryEntry = Get-ItemProperty -Path $registryEntryPath -Name $registryEntryName
    if($registryEntry -ne $null) {
        $registryEntryValue = $registryEntry.$registryEntryName
    }

    return $registryEntryValue
}

# Function to get the percentage that WER queue can take up
function Get-Percentage() {
    [string]$registryEntryPath = "HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting"
    [string]$registryEntryName = "MaxQueueSizePercentage"
    [double]$defaultValue = 100.0

    return Get-RegistryValue $registryEntryPath $registryEntryName $defaultValue
}

# Function to get free disk space on machine
function Get-FreeSpace {
    [double]$freeSpace = 0.0
    [string]$wql = "SELECT * FROM Win32_LogicalDisk WHERE MediaType=12"
    $drives = Get-WmiObject -query $wql
    if($null -ne $drives) {
        foreach($drive in $drives) {
            $freeSpace += ($drive.freeSpace)
        }
    }

    return ($freeSpace / 1KB)
}

# Function to get all unnecessary files
function Get-UnnecessaryFiles([string]$folder = $(throw "No folder is specified")) {
    if([String]::IsNullOrEmpty($folder) -or (-not(Test-Path $folder))) {
        return $null
    }

    [int]$threshold = Get-ThresholdForCheckOlderFile

    return (Get-ChildItem -literalPath $folder -Recurse -Force | Where-Object {($_.PSIsContainer) -and ((($_.CreationTime).CompareTo((Get-Date).AddMonths($threshold))) -lt 0)})
}

# Function to format disk space (KB -> MB)
function Format-DiskSpaceMB([double]$space = $(throw "No space is specified")) {
    return [string]([Math]::Round(($space / 1KB), 3))
}

# Function to format disk space (B -> GB)
Function Format-DiskSpaceGB([double]$space = $(throw "No space is specified")) {
    return [string]([Math]::Round(($space / 1GB), 3))
}

# Function to attach item to the list with delimiter "/"
function AttachTo-List([string]$list = $(throw "No list is specified"), [string]$item = $(throw "No item is specified"))
{
    if([String]::IsNullOrEmpty($list))
    {
        return $item
    }

    if([String]::IsNullOrEmpty($item))
    {
        return $list
    }

    return $list + "/" + $item
}

# Function to parse the the list with delimiter "/"
function Parse-List([string]$list = $(throw "No list is specified"))
{
    if($list -eq $null)
    {
        return $null
    }

    return $list.Split("/", [StringSplitOptions]::RemoveEmptyEntries)
}

# Function to get list length
function Get-ListLength([string]$list = $(throw "No list is specified"))
{
    if($list -eq $null)
    {
        return 0
    }

    $result = Parse-List $list

    if($result -is [string])
    {
        return 1
    }
    elseif($result -is [object[]])
    {
        return $result.count
    }
    else
    {
        return 0
    }
}

# Function to convert to WQL path
function ConvertTo-WQLPath([string]$wqlPath = $(throw "No WQL path is specified"))
{
    if($wqlPath -eq $null)
    {
        return ""
    }

    return $wqlPath.Replace("\", "\\")
}

# Function to check whether the shortcut is valid
function Test-ValidLink([Wmi]$wmiLinkFile = $(throw "No WMI link file is specified"))
{
    if(($wmiLinkFile -eq $null) -or ([String]::IsNullOrEmpty($wmiLinkFile.Target)))
    {
        return $false
    }

    return Test-Path $wmiLinkFile.Target
}

# Function to chech whether have permission to delete the shortcut file
function Test-Delete([Wmi]$wmiLinkFile = $(throw "No WMI link file is specified"))
{
    if($wmiLinkFile -eq $null)
    {
        return $false
    }

    return ($wmiLinkFile.AccessMask -band 0x10000) -eq 0x10000
}

# Function to get desktop path
function Get-DesktopPath()
{
$methodDefinition = @"
    public static string GetDesktopPath
    {
        get
        {
            return Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory);
        }
    }
"@

    $type = Add-Type -MemberDefinition $methodDefinition -Name "DesktopPath" -PassThru

    return $type::GetDesktopPath
}

# Function to get startup path
function Get-StartupPath()
{
$methodDefinition = @"
    public static string GetStartupPath
    {
        get
        {
            return Environment.GetFolderPath(Environment.SpecialFolder.Startup);
        }
    }
"@

    $type = Add-Type -MemberDefinition $methodDefinition -Name "StartupPath" -PassThru

    return $type::GetStartupPath
}

# Function to remove all files in the list
function Remove-FileList([string]$list = $(throw "No list is specified"))
{
    if([String]::IsNullOrEmpty($list))
    {
        return
    }

    try
    {
        Parse-List $list | Foreach-Object {
            if(-not([String]::IsNullOrEmpty($_)))
            {
                Remove-Item $_ -Force
            }
        }
    }
    catch
    {
        $_ | ConvertTo-Xml | Update-DiagReport -id DeleteFileExceptions -Name $localizationString.filesFailToRemove_name -Description $localizationString.filesFailToRemove_description -Verbosity Warning
    }
}

# Function to get the last access time of an Icon
function Get-LastAccessTime([string]$filePath = $(throw "No file path is specified"))
{
    if([String]::IsNullOrEmpty($filePath) -or -not(Test-Path $filePath))
    {
        throw "No file path found"
    }

$typeDefinition = @"

using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using ComType = System.Runtime.InteropServices.ComTypes;

public sealed class FileInfo
{
    private FileInfo()
    {
    }

    [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
    struct UAINFO
    {
        internal int cbSize;
        internal int dwMask;
        internal float R;
        internal uint cLaunches;
        internal uint cSwitches;
        internal int dwTime;
        internal ComType.FILETIME ftExecute;
        [MarshalAs(UnmanagedType.Bool)] internal bool fExcludeFromMFU;

        internal UAINFO(int dwMask)
        {
            this.cbSize = Marshal.SizeOf(typeof(UAINFO));
            this.dwMask = dwMask;
            this.R = 0;
            this.cLaunches = 0;
            this.cSwitches = 0;
            this.dwTime = 0;
            this.ftExecute = new ComType.FILETIME();
            this.fExcludeFromMFU = false;
        }
    }

    internal const int UAIM_FILETIME = 1;
    internal static Guid UAIID_SHORTCUTS = new Guid("F4E57C4B-2036-45F0-A9AB-443BCFE33D9F");

    [ComImport, Guid("90D75131-43A6-4664-9AF8-DCCEB85A7462"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
    interface IShellUserAssist
    {
        int FireEvent(ref Guid pguidGrp, int eCmd, string pszPath, int dwTimeElapsed);
        int QueryEntry(ref Guid pguidGrp, string pszPath, ref UAINFO pui);
        int SetEntry(ref Guid pguidGrp, string pszPath, ref UAINFO pui);
        int RenameEntry(ref Guid pguidGrp, string pszFrom, string pszTo);
        int DeleteEntry(ref Guid pguidGrp, string pszPath);
        int Enable(bool fEnable);
    }

    [ComImport, Guid("DD313E04-FEFF-11d1-8ECD-0000F87A470C")]
    internal class UserAssist { }

    public static DateTime GetLastAccessTime(string filePath)
    {
        if(String.IsNullOrEmpty(filePath))
        {
            throw new ArgumentException("The file path is null or empty");
        }

        UAINFO uaInfo = new UAINFO(UAIM_FILETIME);
        IShellUserAssist iShellUserAssist = new UserAssist() as IShellUserAssist;
        if (iShellUserAssist == null)
        {
            throw new InvalidOperationException("Can't get iShellUserAssist interface");
        }

        try
        {
            Marshal.ThrowExceptionForHR(iShellUserAssist.QueryEntry(ref UAIID_SHORTCUTS, filePath, ref uaInfo));
        }
        catch
        {
            throw new InvalidOperationException("Can't query info about" + filePath);
        }

        long fileTime = (((long)uaInfo.ftExecute.dwHighDateTime) << 32) + uaInfo.ftExecute.dwLowDateTime;

        return DateTime.FromFileTime(fileTime);
    }
}
"@

    $type = Add-Type -TypeDefinition $typeDefinition -PassThru

    return $type[0]::GetLastAccessTime($filePath)
}

# Function to check whether the icon is pointing to a file
function Test-FileShortcut([Wmi]$wmiLinkFile = $(throw "No wmi link file is specified"))
{
    if($wmiLinkFile -eq $null)
    {
        return $false
    }

    [string]$target = $wmiLinkFile.Target
    if([String]::IsNullOrEmpty($target) -or -not(Test-Path $target))
    {
        return $false
    }

    return -not((Get-Item $target).PSIsContainer)
}

# Function to create a choice in interaction page
function Get-Choice([string]$name = $(throw "No choice name is specified"), [string]$description = $(throw "No choice description is specified"),
                   [string]$value = $(throw "No choice value is specified"),

$extension)
{
    return @{"Name"=$name;"Description"=$description;"Value"=$value;"ExtensionPoint"=$extension.InnerXml}
}

# Function to check whether the current machine is domain joined
Function Test-DomainJoined()
{
    return (Get-WmiObject -query "select * from win32_ntdomain where Status ='OK'") -ne $null
}

# Function to update time source
Function Update-TimeSource([string]$timeSource = $(throw "No time source is specified"))
{
    w32tm.exe /config /update /manualpeerlist:"$timeSource"
}

# Function to get system drive info
function Get-SystemDriveInfo() {
    [string]$wql = "SELECT * FROM Win32_LogicalDisk WHERE MediaType=12 AND Name = '" + ${env:systemdrive} + "'"
    return Get-WmiObject -query $wql
}

# Function to get time service status
function Get-ServiceStatus([string]$serviceName=$(throw "No service name is specified")) {
   [bool]$startService = $true

   [WMI]$timeService = @(Get-WmiObject -Query "Select * From Win32_Service Where Name = `"$serviceName`"")[0]
   if($null -ne $timeService) {
      [ServiceProcess.ServiceControllerStatus]$timeServicesStatus = (Get-Service $serviceName).Status
      if(([ServiceProcess.ServiceControllerStatus]::Stopped -eq $timeServicesStatus) -or ([ServiceProcess.ServiceControllerStatus]::StopPending -eq $timeServicesStatus)) {
         $startService = $false
      }
   }

   return $startService
}

# Function to wait for expected service status
function WaitFor-ServiceStatus([string]$serviceName=$(throw "No service name is specified"), [ServiceProcess.ServiceControllerStatus]$serviceStatus=$(throw "No service status is specified")) {
    [ServiceProcess.ServiceController]$sc = New-Object "ServiceProcess.ServiceController" $serviceName
    [TimeSpan]$timeOut = New-Object TimeSpan(0,0,0,5,0)
    $sc.WaitForStatus($serviceStatus, $timeOut)
}

ScriptBlock ID: 20fa3fd9-a954-4cb1-a665-864c6fdabbcf
Path: C:\Windows\TEMP\SDIAG_c78701f5-c6be-42b3-8e39-38ea0c8ba123\CL_Utility.ps1

Link to post
Share on other sites

TIP: Anything in the sub-folder C:\Windows\TEMP  is fair-game for deletion. Delete the file C:\Windows\TEMP\SDIAG_c78701f5-c6be-42b3-8e39-38ea0c8ba123\CL_Utility.ps1

 

As a next step, I suggest the following:

This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool.

This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run.

Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on CUSTOM scan  and select C drive to be scanned
  • Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"
  • and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours.

  • At screen "Detections occurred and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites

Alright. I look forward to getting the result report from the ESET run. And after that is done,

  • Your pc already has the support tool mb-support-1.8.7.918.exe. Launch the program.
  • click Advanced >>> then Gather Logs
  • Have patience till the run has finished.
  • Attach the mbst-grab-results.zip from the Desktop to your reply..
Link to post
Share on other sites

Hi Maurice,

An update, before running the ESET scan I had noticed in Process Monitor some suspicious modification to registry keys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DeviceAssociationService
When I open the registry editor to manually inspect these key/values Regedit process was killed with user32.dll being the faulting module. I restarted the PC and I was unable to boot. I got BSOD

driver_irql_not_less_or_equal (tcpip.sys)

I was unable to enter the recovery environment. I used a bootable recovery media to open command prompt and did

netsh int ipv6 reset
netsh int ipv4 reset

netsh winsock reset
ipconfig /flushdns

interestingly I queried running services (wmic service get where name="rasman") where and a Rasman service was loaded.

I was unable to resolve the BSOD so I fully formated the C drive with diskpart and installed windows again.

Starting to suspect some games with MBR/BIOS I disabled all alternate boot drives except the C drive which I had freshly installed windows on.

On startup I was then asked which OS I wanted to boot Windows or Windows (volume 12) <--This one is not showing in Diskpart.

Booting the Windows not on volume 12 is throwing an error saying missing winload.efi.

Launching from the USB media again and trying to run Bootrec /fixboot is giving access denied. 
 

I apologize, I understand we've gotten off track.

 

Link to post
Share on other sites

Much regret that you went off on your own. That you attempted a Windows re-install. The only way to get a good Windows OS is now to do a true new clean setup. Your system had  Windows 10 Home 64-bit.

Do a CLEAN install of Windows but do not use this computer to make the installer disk.

Greg Carmack - MVP 2010-2020 -Clean Install Windows 10
https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/clean-install-windows-10/1c426bdf-79b1-4d42-be93-17378d93e587

How to Create a Local Account While Setting Up Windows 10
https://www.howtogeek.com/442792/how-to-create-a-local-account-while-setting-up-windows-10/

 

Once you have a new install of Windows that is safe and CLEAN then the below should help you to keep it clean.

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.