peezley Posted April 23, 2023 ID:1564326 Share Posted April 23, 2023 Was getting some public domain adventure stories from libgen no problems. Downloaded malwarebytes for another reason, and getting more books the link I had been using before triggered an RTP detection. Concerned as I had been downloading from this source before, I ran RKill as a first port of call and nothing was flagged except in the 'Checking Registry for malware related settings' section where RKill flagged and turned off an advanced explorer setting: 'advanced explorer setting removed: HideIcons [HKCU]'. Ran adwcleaner, hitmanpro, malwarebytes, TDSSkiller and FRST and couldnt see anything weird except hitmanpro marking intelaudioservice.exe as suspicious. Feedback online says this is normal. Not sure what to do, so seeking some advice on what to do next. Per general instructions I have attached FRST & Additions logs. Would be hugely appreciative if someone would let me know if I should add anything else and what to do next, thank you. Addition_23-04-2023 01.10.23.txt FRST_23-04-2023 01.10.23.txt Link to post Share on other sites More sharing options...
1PW Posted April 23, 2023 ID:1564328 Share Posted April 23, 2023 Hello @peezley and : While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions: Download the Malwarebytes Support Tool. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file. In the User Account Control (UAC) pop-up window, click Yes to continue the installation. Run the MBST Support Tool. In the left navigation pane of the Malwarebytes Support Tool, click Advanced. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste. For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent. Thank you. 1 Link to post Share on other sites More sharing options...
peezley Posted April 23, 2023 Author ID:1564331 Share Posted April 23, 2023 Hi 1PW, Ok done, have attached the output here Thank you, hopefully this helps get the info you guys need mbst-grab-results.zip 1 Link to post Share on other sites More sharing options...
peezley Posted April 23, 2023 Author ID:1564332 Share Posted April 23, 2023 This has been done post Rkill terminating whatever 'HideIcons [HKCU]' registry setting it found. Should I be running this without that having been done? If so let me know and I can repeat Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 24, 2023 Root Admin ID:1564421 Share Posted April 24, 2023 Good day, @peezley Please disable your real-time protection from McAfee antivirus and run the following Please run the following ESET Online Scanner and perform a Full Scan Click the following link to save the installer for ESET Online Scanner https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get started. When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue When prompted for scan type, Click on the Full Scan button Enable ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click the Start scan button. Have patience. The entire process may take a few hours or more. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log and give it a name and location you remember. If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files” ( in blue, at the bottom). Press Continue when all done. You should click to turn off the offer for “periodic scanning”. Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program. Note: If you do need to do a File Restore from ESET please follow the directions below [KB2915] Restore files quarantined by the ESET Online Scanner version 3 https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner Please attach the ESET scan log you saved at the end to your next reply 1 Link to post Share on other sites More sharing options...
peezley Posted April 24, 2023 Author ID:1564450 Share Posted April 24, 2023 Hi @AdvancedSetup, Ran the ESET scan, and found nothing. I switched off the McAfee realtime scanning, but I did leave the firewall on - was this the wrong move? If so I will repeat the ESET scan. Have attached the log as requested. As mentioned, nothing was flagged - does this mean I'm alright and Malwarebytes was flagging a false positive for the libgen GET url? Huge thanks, Peezley esetlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 24, 2023 Root Admin ID:1564468 Share Posted April 24, 2023 No, that was fine @peezley Let's go ahead and run another scanner. Disable the real-time protection from McAfee and run this. Microsoft Safety Scanner Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan. That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well STEP 1 Please set File Explorer to SHOW ALL folders, all files, including hidden ones. Use OPTION ONE or TWO of this article https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html STEP 2 I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on the Scan Options & select the FULL scan. Then start the scan. Have lots of patience. It may take several hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on the screen display. The only things that count are the End result at the end of the run. The scan will take several hours. Leave it alone. It will remove any other remaining threats as it goes along. Take a very long break, do your normal personal errands .....just do not use the computer during this scan. This is likely to run for many hours as previously mentioned ( depending on the number of files on your machine & the speed of the hardware.) The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log Please attach that log with your next reply. It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not. Then it writes into the log on your computer what it found. Thank you 1 Link to post Share on other sites More sharing options...
peezley Posted April 24, 2023 Author ID:1564481 Share Posted April 24, 2023 Hi @AdvancedSetup, Ran scan as instructed. At the end of the scan MSS stated no detections, but during I noticed at one point during the scan 6 files had been flagged as infected. Is this normal and they turned out to be nothing or is something here amiss? As instructed, log attached. Many thanks, Peezley msert.log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 24, 2023 Root Admin ID:1564483 Share Posted April 24, 2023 2 hours ago, AdvancedSetup said: It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. It is normal to show during scanning. We can do one more scan if you like but so far nothing is finding anything wrong. No infections Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool How to run a scan with Kaspersky Virus Removal Tool 2020https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced modehttps://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scanhttps://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencryptC:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you 1 Link to post Share on other sites More sharing options...
peezley Posted April 24, 2023 Author ID:1564500 Share Posted April 24, 2023 Hi @AdvancedSetup, 2 hours ago, AdvancedSetup said: 5 hours ago, AdvancedSetup said: It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. It is normal to show during scanning. Sorry - I didn't clock that you'd already explained this, my bad for not reading properly. Thanks for being patient with me, English was not my first language. Kaspersky tool came back negative, have attached log below. Really appreciate all your help, I was really worried after Malwarebytes flagged the download link for an RTP thing, but having done these checks it seem everything is ok. If there's nothing else to check, I'm happy to consider this solved if you also feel my PC is clean. Many thanks, Peezley report_2023.04.24_23.02.03.txt Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted April 24, 2023 Root Admin Solution ID:1564501 Share Posted April 24, 2023 Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. Please attach that file to your next reply. (not compulsory) Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes 1 Link to post Share on other sites More sharing options...
peezley Posted April 24, 2023 Author ID:1564506 Share Posted April 24, 2023 Amazing, thanks so much, all sorted - will follow your tips Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 25, 2023 Root Admin ID:1564514 Share Posted April 25, 2023 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts