Jump to content

Recommended Posts

I recently installed Malwarebytes because I have some security Concerns. So far I scanned my device over a couple of times and it shows nothing was found but then while I was doing my work, Malwarebytes recently popped up a notification indicating that a website with no domain was blocked. When I checked on this, it says it has malware/malvertising. I have the logs of the blocked website along with other blocked websites namely "Propu.sh" and , "AstivySauran.com", "outbraixenr.com"(I also included this websites because I am concerned about this too). Please help me solve this problem. At the time of this writing, there are 12 blocked outbound connections in my system.Outbraixenr.txtPropush.txtAstivysauran.txtNo Domain.txtScreenshot2023-06-12200919.png.20a119f599b49a311c9c981a17ef2ab9.png

Link to post
Share on other sites

Hello @Terrencu and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted.

Thank you.

  • Thanks 1
Link to post
Share on other sites

Hello :welcome: 

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Please run the Support-tool-report cited above by 1PW
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.
  • IF you were using Chrome browser, please close all of its windows and Exit out, and instead only use EDGE browser
  • The flagging of "malvertising" just may be due to one or more of your browsers allowing "Site Notifications"

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

  • Thanks 1
Link to post
Share on other sites

added note. Indeed suppress the site notifications like in article I cited. Also, Exit out of Chrome and for the remainder of this case, only use EDGE browser. Each one of the block events you provided involve Chrome browser.

In addition, also do all listed on this pinned posting

  • Thanks 1
Link to post
Share on other sites

Hi. Thanks for the support-zip file. I am glad to know that the block notices appear to have ceased. At this point, I am wondering whether this machine really has 2 different "antivirus" programs and if so why. Did this computer when it was bought new, come with McAfee VirusScan ? is it a trial ? or is it licensed ?

and when did you install Reason Cybersecurity? Answer these after you have completed all actions listed here. Do all that follows.

Take these actions so that Windows 11 is set to show all hidden files and folders.
Open File Explorer from the taskbar.

Select View > Show > Hidden items.

Select ViewShowFile name extensions

next, Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center

Click the Security Tab. Scroll down to

"Windows Security Center"

Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".
{ We want that to be set as Off   .... be sure that line's  radio-button selection is all the way to the Left.  thanks. }

This will not affect any real-time protection of the Malwarebytes for Windows    😃.

Close Malwarebytes.

>

 Please save and close any open work or programs now open. This next job will end all open applications and then do its work. Please read all of this. and remember, there is much more to do even after this here.

The tool FRSTENGLISH.exe tool  is already on this machine

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt<-- - - - -

 

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRSTENGLISH and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will reset the Winsock file. It will also attempt to  run scans with MS Defender antivirus. Depending on the speed of your computer this fix may take 50-55 minutes or more.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. We will do more, later.

  • Thanks 1
Link to post
Share on other sites

Now that you've mentioned it. I don't remember installing this two antiviruses but I used them. About 3  months ago, I just found Mcafee antivirus installed in my system and Mcafee antivirus says I have a 1 year trial so I used it. And then after a week or two, I installed a software called "Qbittorent" and after that, Reason Cybersecurity just pops up and I assume it was with the software I installed. I thought to myself that having 2 antiviruses can provide me more protection so I used that 2 antiviruses for some time. After 2 months, this 2 antiviruses slowed my computer especially that Mcafee antivirus so I uninstalled them and searched how to speed up my computer in the internet like deleting temporary files and increasing virtual ram. Right now, all the softwares I mentioned earlier are uninstalled like a month ago. Just tell me what are the next steps before I get considered as cleared. Thank you. By the way here is the Fixlog.txt that you requested.

Fixlog.txt

Link to post
Share on other sites

The custom-fix-run is good. I need for you to insure that any remains of McAfee are removed.The MCAFEE still has remains left. Please see this following MCAFEE article
https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS101331

Scroll down on the page. Look for the red arrow & Method 2

click down on that arrow to see the details.
about using the MCPR  Mcafee Consumer Product Removal tool.

Download the MCPR,save it, then run it.Follow the guide. Let me know after that is done. We still have more to do ( for later).

  • Thanks 1
Link to post
Share on other sites

  • Solution

Good. Bravo. The following does not make changes. It will get a refreshed list of applications installed for my review. There is no reboot with this run. It should go quickly. Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt<-- - - - -

 

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRSTENGLISH and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait. You should see a visual message when it has finished the run.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

  • Thanks 1
Link to post
Share on other sites

Bravo. Thank you. There is no further indication of McAfee. Do uninstall Java 8 Update 351 (64-bit). That version is way out of date. Keeping out-of-date versions of Java on your system may present a serious security risk. To help you remove out-of-date Java installations, Oracle has created a Java Uninstall Tool

( 2 )

Temporarily disable Microsoft SmartScreen to download the next software below 

I would recommend getting a readout report as to update status of some key apps.
Download SecurityCheck by glax24 from here

and save the tool on the desktop.

                   If Windows's  SmartScreen block that with a message-window, then
                         Click on the MORE INFO spot and over-ride that and allow it to proceed.

                             This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

When all done, you may go back to turn ON the EDGE Smartscreen protection.

Edited by Maurice Naggar
amended for Java uninstall tool
  • Thanks 1
Link to post
Share on other sites

Per the SecurityCheck report, here are what need your attention.
NVIDIA GeForce Experience 3.20.3.63 v.3.20.3.63  Warning! Download Update

Node.js v.18.16.0  Warning! Download Update
]
Python 3.11.3 (64-bit) v.3.11.3150.0  Warning! Download Update
 
WinRAR 6.11 (64-bit) v.6.11.0  Warning! Download Update

Discord v.1.0.9011  Warning! Download Update

Let's go ahead and do some clean-up work and remove the tools and logs we've run.
Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_2.14.exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • You may attach that file to your next reply. (not compulsory)
  • Delete mb-support-1.8.7.918.exe
  • Delete mbst-grab-results.zip on the Desktop.


Sincerely.

Edited by Maurice Naggar
  • Like 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.