Perucho10 Posted May 7 ID:1566294 Share Posted May 7 Hi all, Again here, last week i have taken malware POP.UP virus family tree, then i have quarantine it with MalwareBytes software and removed .exe infected, cleared all apps extra that the malware installed automatically on my PC like CCcleaner, avast, opera etc... but problems still occur. I have installed HjackThis and FRST64, but FRST64 don't open on win11. MalwareBytes report and scan it's all free but i'm not sure of this, i see my PC still slow guys. Attached reports. Thanks in advance for the support. HiJackThis.log Link to post Share on other sites More sharing options...
1PW Posted May 7 ID:1566295 Share Posted May 7 Hello @Perucho10 and welcome back: While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions: Download the Malwarebytes Support Tool. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file. In the User Account Control (UAC) pop-up window, click Yes to continue the installation. Run the MBST Support Tool. In the left navigation pane of the Malwarebytes Support Tool, click Advanced. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste. For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have sent. Thank you. Link to post Share on other sites More sharing options...
Perucho10 Posted May 7 Author ID:1566301 Share Posted May 7 Hi 1PW Thank again for your quick rep Here below you can find my log. Awaiting to hear you again. mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 7 ID:1566307 Share Posted May 7 Hello I will guide you along on looking for remaining malware. Lets keep these principles as we go along. Removing malware can be unpredictable Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. Take these actions so that Windows 11 is set to show all hidden files and folders. Open File Explorer from the taskbar. Select View > Show > Hidden items. Select View → Show → File name extensions The IP Block notice by Malwarebytes does mean that your device is being protected from potential harm. Do a new scan with Malwarebytes for Windows. Do a Check for Update using the Malwarebytes Settings >> General tab. See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows When it shows a new version available, Accept it and let it proceed forward. Be sure it succeeds. If prompted to do a Restart, just please follow all directions. Let me know how that goes. Next, the Malwarebytes sca Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 Link to post Share on other sites More sharing options...
Perucho10 Posted May 7 Author ID:1566310 Share Posted May 7 Hi Maurice, I have updated Malwarebytes and runexport copy.txt new scan. Seems there no more virus Link to post Share on other sites More sharing options...
Perucho10 Posted May 7 Author ID:1566311 Share Posted May 7 Hi Maurice, Sorry for double posts Attached export copy of the updated scan in malwayrebytes. export copy.txt Link to post Share on other sites More sharing options...
Perucho10 Posted May 7 Author ID:1566331 Share Posted May 7 Hi Maurice, Sorry but again seems malwarebytes report this attached. 1.txt 2.txt 3.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 7 ID:1566332 Share Posted May 7 The "Block" notices mean that Malwarebytes IS protecting the Windows machine. Do not fret unnecessarily. BUT I urge you to CLOSE / EXIT Chrome browser. Instead just use EDGE browser. If possibly you have a browser issue, can you try using a different web browser? But in any event, always SAVE the downloads I guide you to. Then after download is complete, you go to the file using File Explorer. and only then, launch it from there. Let's do one special run with Malwarebytes Adwcleaner. It will not take much time, Read over all lines before starting so that you have a good understanding of the whole method. Take your time and go careful. I ant to make sure you select all of what I list below - before- pressing the "scan" button. First download & save it guide & download link Then go to where the EXE file is saved. Start Adwcleaner. Do not rush. There are a few first choices to set as I have listed below. Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt. When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window by clicking their button to the far-right for ON status Delete IFEO keys Delete tracing keys Delete Prefetch files Reset Proxy Reset IE Policies Reset Chrome policies Reset Winsock Reset HOSTS file ONLY after you have set the selections above ....only after that ..... Now On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan. This can take several minutes. When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button To remove what it found. AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean. Click on the “Continue” button to finish the removal process. Guide article Attach the clean log from Adwcleaner when all completed. For example AdwCleaner[C00],txt There is much more to do even after this. Link to post Share on other sites More sharing options...
Perucho10 Posted May 7 Author ID:1566333 Share Posted May 7 Hi Maurice, Thanks, yes there was still something strange in my PC. Now it's more clear. Attach new log. Now how we procede? AdwCleaner[C01].txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted May 7 Solution ID:1566338 Share Posted May 7 (edited) Keep in mind much patience is required. Keep in mind I am a volunteer here + I am not on all the time + I have other cases that I need to get back to. This case will take more actions and may well need more attention later. This is not a cure-all procedure here. Next first step, is to "Turn OFF ( to DISABLE) the "fast starup" of Windows 11 See https://www.windowscentral.com/software-apps/windows-11/how-to-enable-or-disable-fast-startup-on-windows-11 When that is done, be sure to do ( from Start menu) one Power >> Shutdown >> Restart. Having "fast startup" can complicate our efforts to fix problems. ( 2 ) Temporarily disable Microsoft SmartScreen & leave it off until the end of this case. ( 3 ) First, please be sure to EXIT out / Close any open work you may have open at this point. We want the next runs to have sole use. I would like you to run a custom cleanup script that will do the following cleanup a specific sub-folder of user-TEMP folder + also empty the Windows Recycle Bin it will do housekeeping to empty out temporary file areas It will attempt to do 3 scans with Windows Defender antivirus to check for trojans & viruses It will make a log file on the Desktop named Klearemlog.txt Save the attached zip file to your system. If possible save it to the Desktop. Klearem.zip < - - - Then with File Explorer find the Klearem.zip Next, with that zip file, Extract all content to the Desktop Then with File Explorer, go to Klearem.txt and do a RIGHT-click with the mouse & select Rename and rename it to Klearem.ps1 Once that is confirmed, then do a RIGHT-click on Klearem.ps1 & select the option Run with Powershell . It will / should display as the 2nd choice on the option menu. Pick "Run with Powershell" and tap Enter. Next, you may be questioned with "Execution Policy Change" prompt. If so, respond with/ type Y and tap Enter. From then on, the script will automatically run. When it has finished you should see a on-screen display End of run. Please look for 'Klearemlog.txt' on the Desktop. Press Enter to exit Next step right after that, please you can simply download & save a copy of the tool FRST64.exe from this link https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Then with File Explorer, go to FRST64.exe and do a RIGHT-click with the mouse & select Rename and rename it to FRSTENGLISH.exe RIGHT-click on FRSTENGLISH and select Run as Administrator and tap ENTER. And reply YES to allow to proceed. When the tool opens click Yes to the disclaimer. And be very sure to TICK the box for Addition.txt Press the Scan button. It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run Have patience since the run may take something like 10 or so minutes (less depending on your hardware speed) Close Notepad IF those show up on Notepad. Just please Attach the 2 files FRST.txt +Addition.txt with your next reply. Also attach KEAREMLOG.txt from the Desktop to the next Reply. There is more to do. Patience is called for. We are running the script above only due to not having a Farbar FRST64 report. The script here is only for one time use. NOTICE: This script was written specifically for this user , for use on this particular machine. Running this on another machine may lead to unforseen results. Edited May 7 by Maurice Naggar Link to post Share on other sites More sharing options...
Perucho10 Posted May 7 Author ID:1566359 Share Posted May 7 Hi Maurice, Attached files you required. We'll be patient :) Addition.txt FRST.txt Klearem.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 7 ID:1566363 Share Posted May 7 On the desktop look very very close. I need you to attach for me Klearemlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 30 Root Admin ID:1569916 Share Posted May 30 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts