Fwan Posted July 2 ID:1575469 Share Posted July 2 Rvstruck malware has found its way onto my pc, ive gotten as far as malwarebytes scan, quarantined viruses and then i did an adwcleaner scan and it says its found nothing? whats the next move? Is it fixed? Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 2 ID:1575470 Share Posted July 2 Hello I will guide you along on looking for remaining malware. Lets keep these principles as we go along. Removing malware can be unpredictable. Do please have lots of patience. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. I would like you to begin with what follows. Just keep in mind we will be doing several tasks, over multiple passes / replies / sessions. There is not a one-shot cure. I would like a report set for review. This is a report only. Please download MALWAREBYTES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Have patience till the run has finished. Attach the mbst-grab-results.zip from the Desktop to your reply.. Link to post Share on other sites More sharing options...
Fwan Posted July 2 Author ID:1575471 Share Posted July 2 Thank you for your speedy replymbst-grab-results.zip Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted July 3 Solution ID:1575481 Share Posted July 3 Questions and comments: Whre is it you had seen "Rvstruck malware " ? Is it seen by you at this time? I am poring over your report set. Adwcleaner found no adwares. What preceded it, was the scan by Malwarebytes which did ( it appears ) a very thorough cleanup of Adware.Hijacker.E that was found on the EDGE web browser. The main culprit there was a Edge extension PEJHFHCOEKCAJGOKALLHMKLCJKKEEMGJ A same extension was cleaned up off the Chrome browser. Malwarebytes also cleaned up Adware.Hijacker.SD That Edge extension is not now on your Edge browser. Also, the same bad browser extension was cleaned up on the Chrome browser. Next, do a new Malwarebytes scan. Launch Malwarebytes. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 Link to post Share on other sites More sharing options...
Fwan Posted July 3 Author ID:1575525 Share Posted July 3 I would see the popup which would redirect me on Chrome and Edge, it's hard to tell if it's still there because it didn't always show up before doing all these scans and quarantines. After this scan it says it has found nothing. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/3/23 Scan Time: 8:38 AM Log File: 9255802e-1974-11ee-9fff-d85ed3de6f0a.json -Software Information- Version: 4.5.32.271 Components Version: 1.0.2051 Update Package Version: 1.0.71865 License: Trial -System Information- OS: Windows 11 (Build 22621.1848) CPU: x64 File System: NTFS User: fwanpc\fawna -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 252842 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 9 min, 50 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 3 ID:1575563 Share Posted July 3 the scan by Malwarebytes which did a very thorough cleanup of Adware.Hijacker.E that was found on the EDGE web browser & Chrome web browser. The main culprit there was a Edge extension PEJHFHCOEKCAJGOKALLHMKLCJKKEEMGJ & same extension on Chrome. Both problematic extensions were removed ! That is a fact. And now that we see a clean scan report from Malwarebytes, that makes perfect sense. One other scan here. TrendMicro HouseCall scanfrom this Link First, Download & Save to your Downloads folder the appropriate HouseCallLauncher Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it. The program will check with TrendMicro & do a update run. Next it will show the Disclosure window. Click Next to proceed. The end user license agreement is presented. Click the Accept radio button & click Next to proceed. I suggest a CUSTOM scan on C drive. IF you wish a Full scan or a Custom scan, first click on the Settings then you can select which drives you want to include in the scan. The default is a Quick scan. Click Scan now when ready. The scan progress will then be displayed. Monitor the progress or just leave it alone until it finishes this phase. When the scan phase has completed, if any items are tagged, you will see a list, showing the file & its location, the classification of the threat, the type, risk, and Action option. If you see an item that you know is safe, you can click the Action , and select Ignore. When all done & ready, click the Fix now button. Link to post Share on other sites More sharing options...
Fwan Posted July 3 Author ID:1575578 Share Posted July 3 Completed the scan, no threats were found which i assume is a good sign Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 4 ID:1575636 Share Posted July 4 Yes, indeed, it is. As a next step, I suggest the following: This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. Next, This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on CUSTOM scan and select C drive to be scanned Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occurred and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review Link to post Share on other sites More sharing options...
Fwan Posted July 4 Author ID:1575715 Share Posted July 4 once again nothing was found Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 4 ID:1575747 Share Posted July 4 Alright. Thanks that is very good. I need you to run 2 new reports. Temporarily disable Microsoft SmartScreen to download the next software below I also would appreciate this report: Download Farbar's Service Scanner utility and Save to your Desktop. Right-Click on fss.exe and select Run As Administrator. Answer Yes to ok when prompted. If your firewall then puts out a prompt, again, allow it to run. Once FSS is on-screen, be sure the following items are check-marked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Other services Click on "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please attach that file. ( 2 ) I would recommend getting a readout report as to update status of some key apps. Download SecurityCheck by glax24 from here and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt When all done, you may go back to turn ON the EDGE Smartscreen protection. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 16 Root Admin ID:1577871 Share Posted July 16 Hello @Fwan Are you still with us? Do you still need further assistance? Please post a status update when you have a moment. Thank you Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 18 ID:1578218 Share Posted July 18 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts