Trojan detected by Malawarebytes

[AdvancedSetup]

Don't worry about it too much. Just close the ones that are there obvious running. Then run the scan please. @henrymurray

 

[henrymurray]

I have been trying to 'show all folders' in Windows 11 navigation pane + hidden files but it looks different to the Win 10 example.

Home - shows  folders (with navigation pane checked and hidden files checked)

This PC - shows the drives 

Is this sufficient?

[AdvancedSetup]

Don't worry about it. We can work around it if needed @henrymurray

Please just proceed with the Microsoft Scan

 

[henrymurray]

Thank you for the guidance. I have my custom name emails come through google workspace which I connect with directly (I don't use a mail program on my computer). I also have that connection through my phone - should I avoid using my phone for email whilst the scan is running or will it make no difference?

Henry.

[AdvancedSetup]

No, you can use the phone all you like. It has no effect on it.

 

[henrymurray]

Hi,

The result of the scan: It says there was nothing found. I'll attach the logs. 

The scan only took just over an hour.

Thank you, Henry.

msert.log mrt.log

[AdvancedSetup]

Thanks, nothing found. Please go ahead and run the follwoing @henrymurray

 

 

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool

How to run a scan with Kaspersky Virus Removal Tool 2020
https://support.kaspersky.com/15674

How to run Kaspersky Virus Removal Tool 2020 in the advanced mode
https://support.kaspersky.com/15680

How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan
https://support.kaspersky.com/15681

 

Select the     Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt   Note the space between KVRT.exe and -dontencrypt C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.   That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed...   Thank you

 

 

[henrymurray]

I did the Kaspersky scan and it said nothing found - but I couldn't open the reports folder to find the report - there seemed to be nothing in the folder. This is what I do have above as well as the positive results. I think I inadvertently left a folder open during the scan I don't know if this mattered.

Henry.

[AdvancedSetup]

Good, that's great to see nothing found. @henrymurray

Please run the following

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

• Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
• If Microsoft SmartScreen blocks the download, click through to save the file
• This tool is safe.   Smartscreen is overly sensitive.
• If SmartScreen blocks the file from running click on More info and Run anyway
• Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
• Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
• You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

 

Thank you

 

 

[henrymurray]

I'll run security check a little later today. When I went to the panel of emails I can access through Gmail today I was logged onto the computer as Guest. is that just the safer mode I was left with after the scans. Also Windows Defender had a suggested block on Zoom from Private networks but not Public places. I allowed my own private connection but is this just safe mode the computer is in after a scan? Or could it be something else?

Thank you, Henry. 

[AdvancedSetup]

I'm not sure by description alone. Try restarting the computer.

 

[henrymurray]

Here's Security Check Text: It mentions a CCleaner file although I thought I had uninstalled all. 

SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 08.07.2023 23:09:48
Path starting: C:\Users\13103\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: 13103
VersionXML: 10.62is-08.07.2023
___________________________________________________________________________

Windows 11(6.3.22621) (x64) Core Release: 22H2 Lang: English(0409)
Installation date OS: 07.02.2023 19:12:06
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
SystemDrive: C: FS: [NTFS] Capacity: [476 Gb] Used: [117 Gb] Free: [359 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 3)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 4.5.32.271 v.4.5.32.271
--------------------------- [ OtherUtilities ] ----------------------------
FileZilla 3.62.2 v.3.62.2 Warning! Download Update
OpenOffice 4.1.11 v.4.111.9808 Warning! Download Update
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.23.127.0618.0001
-------------------------- [ IMAndCollaborate ] ---------------------------
Signal 6.16.0 v.6.16.0 Warning! Download Update
Zoom v.5.14.11 (17466) Warning! Download Update
---------------------------- [ ProxyAndVPNs ] -----------------------------
ProtonVPN v.1.25.2 Warning! Download Update
-------------------------------- [ Media ] --------------------------------
Audacity 3.2.4 v.3.2.4 Warning! Download Update
VLC media player v.3.0.18
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 en-US) v.114.0.2 Warning! Download Update
Vivaldi v.6.1.3035.111
Google Chrome v.114.0.5735.199
Microsoft Edge v.114.0.1823.67
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1592
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1229
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe v.4.18.23050.5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe v.4.18.23050.5
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
CCleaner Update Helper v.1.8.1583.3 << Hidden Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
----------------------------- [ End of Log ] ------------------------------
 

[AdvancedSetup]

There is probably a hidden file from CCleaner

Go ahead and run the updates

Then restart the computer and check for Windows Updates and install any found.

Then restart again

Then run the MBST tool again and get me a new set of logs

 

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download the Malwarebytes Support Tool
• In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
• In the User Account Control pop-up window, click Yes to continue the installation
• Run the MBST Support Tool
• In the left navigation pane of the Malwarebytes Support Tool, click Advanced
• In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
• A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

[henrymurray]

There is a cumulative Update for Windows which I tried to install but it failed after going through download and install. I tried a few times.

2023-06 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5027231)  Install error - 0x800f0988

There also seems to be another similar with the number (KB5027303)  

Shall I go ahead and get new logs anyway?

 

[henrymurray]

Here is the results file from the MBST scan I just ran.

 

mbst-grab-results.zip

[AdvancedSetup]

So you have like 15 profiles on Google Chrome

Are you really using 15 different profiles on Google Chrome?

 

[AdvancedSetup]

Please open an elevated Admin command prompt. Then copy and paste the following and press the Enter key

msdt.exe /id WindowsUpdateDiagnostic

Then click the Advanced and place a check mark in the automatic repair

This will scan the system for possible issues with updates.

 

You can also get to the Troubleshooters from Settings

Let me know if that corrects the update issue or not

 

 

[henrymurray]

It didn't cure the problem although it did work on it. Here is the report. I noticed that it is detected as Windows 10 although I had the laptop up dated to Windows 11 some time ago. Could this be problem?  

 

IsPostback_RC_PendingUpdates

IsPostback: False

WaaSMedicService

Issue found by:BinaryHealthPlugin;DynamicProtectionPlugin;AutomaticCorruptionRepairPlugin

IsPostback_RC_PendingUpdates

IsPostback: True

Service Status

Problem with BITS service : The requested service has already been started. System.Management.Automation.RemoteException More help is available by typing NET HELPMSG 2182. System.Management.Automation.RemoteException

Service Status

Problem with BITS service : The requested service has already been started. System.Management.Automation.RemoteException More help is available by typing NET HELPMSG 2182. System.Management.Automation.RemoteException

Collection information
Computer Name:	LAPTOP
Windows Version:	10.0
Architecture:	x64
Time:	Sunday, July 9, 2023 9:02:50 PM

[henrymurray]

I don't use that many Chrome profiles at all often - I'll delete some. Thank you. 

[AdvancedSetup]

Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome IF NEEDED. Not mandatory

Resetting Google Chrome to clear unexpected issues
 

Thank you

 

Edited July 10, 2023 by AdvancedSetup
Updated information

[henrymurray]

Is there anything else I can do about the Defender update issue or is the Chrome cleaning related?

 is it best I go to Malawarebytes live version and an alternative to Defender?

Thank you for all your help.

[AdvancedSetup]

Please get me a new log from this tool. @henrymurray

 

Please download the following tool

Farbar Service Scanner and run it on the computer with the issue
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

 

Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center/Action Center
• Windows Update
• Windows Defender

Click "Scan"

It will create a log (FSS.txt) in the same directory the tool is run.
Please attach the log to your next reply.

 

[henrymurray]

Farbar Service Scanner Version: 30-04-2023
Ran by 13103 (administrator) on 10-07-2023 at 10:51:38
Running from "C:\Users\13103\Downloads"
Microsoft Windows 11 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Policy: 
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\netbt.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\usosvc.dll => File is digitally signed
C:\Windows\System32\WaaSMedicSvc.dll => File is digitally signed
C:\Windows\System32\dosvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

[AdvancedSetup]

That log says that it did not find an obvious issue with any of the security related Services.

What issue are you still seeing or experiencing?

Thank you @henrymurray

[henrymurray]

Today's Updates 7/11/23: This one Failed. This Cumulative Update one was successful on May 11th but not since then. (This update addresses security issues for your Windows operating system.)

2023-07 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5028185) (2)

This one was successful:

2023-07 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 for x64 (KB5028851)