Jump to content

Recommended Posts

  • Root Admin

Hello  and  :welcome:    @ToolBox

 

My screen name is AdvancedSetup and I will assist you with your system issues.
 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow all steps in the provided order and post back all requested logs
  • Please attach all log files to your post, unless otherwise requested
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans have been completed.
  • Temporarily disable Microsoft SmartScreen to download the software below if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting, and removing malware isn't instantaneous and there is no guarantee to repair every system.
  • Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Do not run online games while the case is ongoing. Do not do any free-wheeling or risky web-surfing.
  • Only run the tools I guide you to use. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked, Hacked, or Pirated programs are not only illegal but also can make a computer a malware victim.
  • Having such programs installed is the easiest way to get infected. It is the leading cause of ransomware encryption. It is at times also a big source of current Trojan infections.
  • If there are any on the system you should uninstall them before we proceed.
  • Please be patient and stick with me until I give you the "all clear". We don't want to waste your time, please don't waste ours.
  • If your system is running Discord, please be sure to Exit it while this case is ongoing.

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting. This is a report only.

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

 

Link to post
Share on other sites

<<pardon this intrusion>> Next time you reply, please be sure you tell us what specific version of Windows runs on your pc ! As one interim measure, could you kindly give this a good try. 

If possibly you have a browser issue, can you try using a different web browser?
But in any event, always SAVE the downloads we guide you to. Then after download is complete, you go to the file using File Explorer.
and only then, launch it from there.

Let's do one special run  with Malwarebytes Adwcleaner. 
 
It will not take much time, Read over all lines before starting so that you have a good understanding of the whole method. Take your time and go careful. I ant to make sure you select all of what I list below - before- pressing the "scan" button.
 
First download & save it
 
Then go to where the EXE file is saved. Start Adwcleaner.  Do not rush. There are a few first choices to set as I have listed below.
 
Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt.
 
When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status
Delete IFEO keys
Delete tracing keys
Delete Prefetch files
Reset Proxy
Reset IE Policies
Reset Chrome policies
Reset Winsock
Reset HOSTS file
 
ADW-s-1.png.c32838f45f840beb2b835ad51f0a1b7c.png
 
 
ONLY after you have set the selections above ....only after that .....
Now On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan.
 
 
This can take several minutes.
When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button To remove what it found.
 
AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean.
Click on the “Continue” button to finish the removal process.
 
 
 
Attach the clean log from Adwcleaner when all completed. For example AdwCleaner[C00],txt
There is much more to do even after this.

What we have to know is just exactly "what security" program has shown or reported the "Alureon"?
For example, was it Microsoft Security / Microsoft Defender showing any one of the following
Trojan:Win64/Alureon
Trojan:Win32/alureon
Trojan:Win64/Serifef
Trojan:Win32/Serifef

We truly need to obtain a copy of the logs from that application.
IF it turns out to be a true present infection, you should be aware

Trojan warning: Serifef/Alureon is a serious backdoor trojan

Now that you did advise us that it was a scammer that made the allegation about "allureon" we can totally discount the claims made by the scammer.

Edited by Maurice Naggar
Link to post
Share on other sites

  • Root Admin

If you really have said infection then you'll need to try to run this tool. It can run from Safe Mode if needed.

 

TDSSKiller tool for detecting and removing rootkits and bootkits

https://support.kaspersky.com/common/disinfection/5350

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then run thee tool with Admin rights and have it scan and clean the computer.

As said, it can run from Safe Mode if needed.

Thank you @ToolBox

 

 

Link to post
Share on other sites

Thank you, Root Admin, and also Maurice for his welcome intrusion. Firstly I am using Windows 10.

To give an account of my problem, I had gone to (what I thought was the Epson website and was in "a chat" with a representative when all of a sudden a chap came into the conversation and said he could assist, so being tired and it had been a long day I allowed him to assist by taking over control of my PC (Big mistake)As he whizzed round with his mouse controlling mine, in one of the files he said he could not assist as I noticed the "Alureon" file showed up in two of my files. Then he stated that he could sell me a removal tool for £250, reduced to £100 as I was retired. I said no thank you and he went away.

Here is where I realized this was a scam, then the panic sets in. I am self-taught in the computer world, and this is where I then sought this forum's help.

I have scanned my PC with "Malwarebytes" "Defender Offline" and "Avast" all results have been clear. I removed the program "Assist" and another linked with it which took me 4 attempts for each' I ran the "Malwarebytes support tool you availed to me and I have the 2 Icons on my desktop, I have tried to copy and bring them here and I will try again, as I previously said I am self-taught so this has been quite a trauma. At the moment I am using my Laptop which is hopefully clear so when I next go back to my PC (In my workshop) I will try again. I have saved a Text file so hopefully that may copy here.

I will also use the other "Tools" that you and Maurice have recommended, probably Monday as I am away until then.

Thank you for your assistance so far, I much appreciate your help.

ToolBox,

Peter

 

  • Like 1
Link to post
Share on other sites

Hi Peter. Obviosuly, one doe not take tha allegations of infection made by the support-scammer at face value. Be sure you tell Advancedsetup what tool or program the scammer used to get access on your machine.
When you have finished running the Malwarebytes support tool, look on your computer Desktop for mbst-grab-results.zip and then attach it with your Reply.11_attach_files_dialog_box.thumb.jpg.036afa505afe83745f238896ca2bd3f6.jpg (1000×352)

Link to post
Share on other sites

Hi. Yes I see your reports. I notice that this is a Windows 10. By the way, remember that Advancedsetup is still helping you.
At this point, at this time, my suggestion would be to do what is listed below. Just as starters.
Please set File Explorer to SHOW ALL folders, all files, including Hidden ones. Use OPTION ONE or TWO of this article
Please use this Guide

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted items from a system. This tool does not install. It is run on-demand.

This link is for the 64-bit version of MSERT.exe . Be sure you save the file first
https://definitionupdates.microsoft.com/download/DefinitionUpdates/safetyscanner/amd64/MSERT.exe

Upon completion of the save, Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well

Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.


This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

It is normal for the Microsoft Safety Scanner to show 'detections' during the scan process on the screen itself.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Link to post
Share on other sites

  • Root Admin

Hello @ToolBox

Please download and run this tool as previously requested.

 

If you really have said infection then you'll need to try to run this tool. It can run from Safe Mode if needed.

 

TDSSKiller tool for detecting and removing rootkits and bootkits

https://support.kaspersky.com/common/disinfection/5350

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then run thee tool with Admin rights and have it scan and clean the computer.

As said, it can run from Safe Mode if needed.

Thank you @ToolBox

 

 

Link to post
Share on other sites

  • Root Admin

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

Please attach both log files

FRST.TXT
ADDITION.TXT

 

Thank you

 

 

Link to post
Share on other sites

23 hours ago, AdvancedSetup said:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

Please attach both log files

FRST.TXTFRST.txt
ADDITION.TXT

 

Thank you

 

 

 

Link to post
Share on other sites

  • Root Admin

The computer does not appear to be infected. It does need some cleanup work that we can assist  you with if you like.

I would suggest that you start by temporarily uninstalling ALL Avast software (we can reinstall it when done if wanted)

Avast AntiTrack Premium
Avast Cleanup Premium
Avast Driver Updater
Avast Secure Browser
Avast Update Helper

 

Then permanently uninstall both of these

Bonjour
Java 8 Update 251

 

Then restart the computer and get me a new set of FRST logs.

FRST.TXT
ADDITION.TXT

 

Thank you @toolboxx

 

Link to post
Share on other sites

On 6/6/2023 at 7:08 PM, AdvancedSetup said:

The computer does not appear to be infected. It does need some cleanup work that we can assist  you with if you like.

I would suggest that you start by temporarily uninstalling ALL Avast software (we can reinstall it when done if wanted)

Avast AntiTrack Premium
Avast Cleanup Premium
Avast Driver Updater
Avast Secure Browser
Avast Update Helper

 

Then permanently uninstall both of these

Bonjour
Java 8 Update 251

Hi AdvancedSetup,

I uninstalled all the above except for Avast Update Helper which I could not find in my Programs, then did a restart, but PC would not restart, so I have now done a Reset which is still running Windows Installation so I have left running as its been about 2 hours on the Reset so far.

So cannot run the other Runtime until I'm back online.

Many thanks thus far, Regards ToolBox

Link to post
Share on other sites

  • Root Admin

Well, that's not good to hear. @ToolBox

You might want to backup all your personal data to an external drive and consider doing a CLEAN install of Windows.

Backup Software
https://forums.malwarebytes.org/index.php?/topic/136226-backup-software

 

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

 

 

Link to post
Share on other sites

13 minutes ago, AdvancedSetup said:

Well, that's not good to hear. @ToolBox

You might want to backup all your personal data to an external drive and consider doing a CLEAN install of Windows.

Backup Software
https://forums.malwarebytes.org/index.php?/topic/136226-backup-software

 

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

 

I will have to finish the Reset first to be able to access my PC, I did a backup to an external hard drive a little while ago so I won't lose all my Files and folders!

I will get back to you when Reset If all goes well.

Many Thanks, AdvancedSetup.

Regards ToolBox

  • Like 1
Link to post
Share on other sites

23 hours ago, AdvancedSetup said:

Okay, keep me posted

 

Reset did not work, the message was "inaccessible boot device" then a message after trying the advanced setting "Re-image your computer" so I found a disc that came with PC which is trying to set the PC to Windows 7, on 86% at the moment. I will check to see what happened later!

Regards ToolBox.

Link to post
Share on other sites

  • Root Admin

Again, still say that ensuring your personal data is backed up and doing a clean install of either Windows 10 or 11 is the way to go

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

 

Link to post
Share on other sites

3 minutes ago, AdvancedSetup said:

Again, still say that ensuring your personal data is backed up and doing a clean install of either Windows 10 or 11 is the way to go

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

 

The problem being that until the PC is working I cannot click on the clean Install Windows 10 link above

Link to post
Share on other sites

  • Root Admin
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.