Jump to content

Please HELP my laptop is infected!


Go to solution Solved by AdvancedSetup,

Recommended Posts

Hello,

Thank You for taking the time to read my post! 

I think I am infected!

What I have noticed...at startup...suddenly there are 3 phantom pages there/rapidly disappear. I can see the top bar (black) of the page & the sides, yet the inside is blank/invisible...then the next page...and then page number 3 (all I can make out...top of page/black bar win32 "something"...it happens very fast).

I have done ALL I can/know of, hence I was hoping for some good advice from the good people on these forums.

I brought my situation to the attention of the Norton Community Forums, and posted my problem, this was the response:

Please visit Malwarebytes Help for system security checkup.   
Experts will gather logs & run specialized tools to help you.  

Malwarebytes Malware Removal Help

I THANK YOU for having taken the time to read my post any useful input/solution is gladly welcomed! :o)

Link to post
Share on other sites

  • Root Admin

Good day @IrishAmerican

Is this a Windows PC computer or a Macintosh?

Assuming this is a Windows computer, please do the following

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

AdvancedSetup

Good Morning,

So, first of, thank you ever so much for dealing with the "block," thus allowing me to move ahead and post my problem.

Also thank you ever so much for having read my post, and your willingness to help (something I don't take for granted), THANK YOU!

Not quit sure if I got those 2 steps right, hope so at least, please bear with me...

 

  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool

mbst-grab-results.zip

Link to post
Share on other sites

  • Root Admin

Let's start off by trying the following @IrishAmerican and we'll go on from there as needed

I'm officially off work until Monday, but will try to assist before then if possible.

 

Let's go ahead and run a couple of scans and get some updated logs from your system.


Please make the following changes.

 

  • Temporarily disable your antivirus real-time protection or other security software first if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed.
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

 


Next, run these steps and post back the logs as an attachment when ready.


[ 1 ]

Malwarebytes for Windows

  • If you already have Malwarebytes installed then open Malwarebytes and click on the small gear icon, then click on the "Check for updates" button on the General tab.
  • After any updates, click the middle Scan button from the main page. It will automatically run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed, make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let us know in your next reply that the scanner would not run.

[ 2 ]

Malwarebytes AdwCleaner

  • Please download Malwarebytes AdwCleaner and save the file to your Desktop or Downloads folder.
  • Double-click to run the program - Malwarebytes AdwCleaner guide
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine to finish the cleaning process.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach that log to your next reply.
     
  • If No Detections are found, Click Skip Basic Repair

    WARNING: Do Not click the Run Basic Repair button unless instructed to by a Malwarebytes support agent or authorized helper


 

RESTART THE COMPUTER Before running Step 3

[ 3 ]

Gather MBST Logs

Please do the following so that we may take a closer look at your system for any possible infections.

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

    WARNING: Do Not click the Repair System under Advanced unless requested to by a Malwarebytes support agent or authorized helper

 

Thank you

 

Link to post
Share on other sites

AdvancedSetup,

 

"I'm officially off work until Monday, but will try to assist before then if possible."

Everyone deserves to enjoy their time off, rightfully so, that goes for you as well! :o)

I am, more then content, to wait until Monday...I am glad that you helped undo the "block" & taking on my issues.

Also, luddite that I am, I forgot to mention that my primary cyber security is Norton 360 (which might make a difference).

I shall do my best to try hard and not screw up above instruction by Monday. 

Take care, let your hair down, and enjoy your weekend (Capt. James Tiberius Kirk)! :o)

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

AdvancedSetup,

I hope you are enjoying your time off & thank you, once again, for your willingness to help (much apricated).  :o)

I have been dealing, these last few days, with the staggering costs in healthcare (High Premiums/Deductibles), hence I have been trying hard (outside of Open Enrollment Nov./Dec.) to acquire a better policy (that task, where the ball is not in my court, has kept me busy).

 

Malwarebytes for Windows

THAK YOU!

MBAM scan.txt

Link to post
Share on other sites

AdvancedSetup,

"Captain, my Captain!"

 

 UNDER THE CATEGORY

Malwarebytes AdwCleaner

AdwCleaner

Preinstalled software elements found: 17

Name                                       Vendor

Preinstalled.HPCleanFLC                     HP Inc.

Preinstalled.HPRegistrationService          HP Inc.

Preinstalled.HPSupportAssistant             HP Inc.    

Preinstalled.HPTouchpointAnalyticsClient    HP Inc.      

 

So, the software said it found # elements: 17 (yet only listed 4) Do I, or anyone for that matter, need the above HP software?

THANK YOU for your input/advice! :O)

Link to post
Share on other sites

AdvancedSetup,

"Engine room to bridge. Engineering needs further instructions!"

In step 3...

I did restart my HP laptop

Downloaded Malwarebytes Support Tool (download folder)

Opened mb-support-1.9.977.exe (right click - chose "Open")

Run? MBST Support Tool?

The Control Panel says, "Hello what can we help you with today?"

(please select the best option below)

Options are: I don't have an open Support ticket  or I do have an open Support ticket (Dashboard - to the right)

Or is it just the case of clicking Advanced, Gather logs?

The Techno God hates me!!!

Link to post
Share on other sites

  • Root Admin

The logs indicate you have a hardware issue @IrishAmerican

System errors:
=============
Error: (08/06/2023 07:33:48 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 54) (User: NT AUTHORITY)
Description: Collaborative processor power controls on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

 

Please check with HP support website to see if there may be a BIOS/UEFI Firmware update that can be installed.

BIOS: AMI F.09 07/27/2020
Motherboard: HP 868E
Processor: Intel(R) Core(TM) i5-1035G1 CPU @ 1.00GHz

 

 

Please review the Google Chrome extension. You might want to consider uninstalling the NewTab one.

CHR NewTab: Default ->  Active:"chrome-extension://eoigllimhcllmhedfbmahegmoakcdakd/homePageRedirect.html", Active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"

I'd also remove this search from Google Chrome

CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?limit=10&li=ff&hl=en&q={searchTerms}

 

 

Please TEMPORARILY disable Norton 360 protection to run the following fix. Once the fix has completed make sure that Norton 360 is enabled again.

https://support.norton.com/sp/en/us/home/current/solutions/v116457581

 

 

 

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\Owner\Downloads\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
                Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

Good Morning (once again),

A few questions...

If you scroll up, on a previous reply of mine, regarding adware, I was hesitant to go the Quarantine route & remove the 4 HP files + the unlisted 13 other files.

Your best advice/guess (non-legally binding) go ahead and run the adwcleaner.exe + Quarantine ALL 17 items (possibly some might be bloatware)?

 

"Please review the Google Chrome extension. You might want to consider uninstalling the NewTab one.

CHR NewTab: Default ->  Active:"chrome-extension://eoigllimhcllmhedfbmahegmoakcdakd/homePageRedirect.html", Active:"chrome-extension://mhffmephdchhhbfjmdpoaldedhhdanbn/homePageRedirect.html"

I'd also remove this search from Google Chrome

CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?limit=10&li=ff&hl=en&q={searchTerms}"

 

So, the Techno God has NOT blessed me with additional IT (I.Q.) points, hence my naïve question.

I cannot even find NewTab one (among listed extensions...sneaky bastard hiding from me). 

Under menu/extensions it lists:

Google Docs Offline

Malwarebytes Browser Guard

Norton Home Page

Norton Password Manager 

Norton Safe Search

Norton Safe Search Enhanced

Norton Safe Web

Privacy Badger

Startpage - Private Search Engine

uBlock Origin

(Developer Mode is turned "OFF")

So, this is humble me admitting, despite the fact that you gave me instructions...I don't know how to implement it (and yes, I am very much sober, hence I cannot blame this on alcohol consumption).

If you wouldn't mind how IN PLAIN ENGLISH (for those of us who have been cursed by the Techno God) do I:

***uninstall NewTab one in Chrome Browser extension? You did say as to how, yet "Duh, me so dumb!"

***I'd also remove this search from Google Chrome

CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?limit=10&li=ff&hl=en&q={searchTerms}

Once again how exactly IN PLAIN ENGLISH for those of us cursed by the Techno God, please!

("My Momma says, "Stupid is as stupid does!")

THANK YOU for ALL of your good advice & help so far (much appreciated at my end)

 

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

  • Root Admin

The FIX ran well, thank you for the log.

It found and fixed some Windows issues as well

Windows Resource Protection found corrupt files and successfully repaired them.

 

We'll use another fix from Farbar to remove the entry from Google Chrome

 

Set your default search engine and site search shortcuts for Google Chrome
https://support.google.com/chrome/answer/95426

 

Please save the attached file FIXLIST.TXT as before to the same location as the Farbar program.

Then run the Farbar program with Admin rights. Then click the FIX button

It should run pretty quick When done, please attach the new FIXLOG.TXT file.

fixlist.txt

 

Thanks

 

Link to post
Share on other sites

  • Root Admin

You're quite welcome.

The fix ran well.

"Chrome NewTab" => removed successfully

 

Please run the following now

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

Link to post
Share on other sites

AdvancedSetup,

 

U.S.S. Irish Rose of Starfleet, United Federation of Planets, seems to have been sabotaged by the Romulan Empire.

I read the instructions regarding SecurityCheck by glax24, yet each and every time I click on the link...a small icon travels, quickly, from right/bottom rapidly upwards (direction of the extension icon-top of page-right corner).

In case one of the extensions might be the problem I turned them off one-by-one & tried clicking on link, yet nothing new in my download folder...odd!

Google Docs Offline

Malwarebytes Browser Guard

Norton Home Page

Norton Password Manager 

Norton Safe Search

Norton Safe Search Enhanced

Norton Safe Web

Privacy Badger

Startpage - Private Search Engine

uBlock Origin

 

If its not the Klingons messing with Starfleet then its the Romulans..."Mr. Spock you are needed on the bridge!"

I shall await further instructions..."Captain, my Captain!"

Edited by AdvancedSetup
Corrected font issue
Link to post
Share on other sites

Good Morning,

AdvancedSetup...I didn't skip the adware process, yet I also did not go thru with it the following 4 Pre-installed files to be Quarantined (deleted) as I don't know if I need them this is a HP Laptop & those 4 files are HP software (also it now says there are and additional 11 files...not listed).

Malwarebytes AdwCleaner

AdwCleaner

Preinstalled software elements found: 11

Name                                                                 Vendor

Preinstalled.HPCleanFLC                                 HP Inc.

Preinstalled.HPRegistrationService                HP Inc.

Preinstalled.HPSupportAssistant                    HP Inc.    

Preinstalled.HPTouchpointAnalyticsClient      HP Inc

NO LEGALLY BINDING QUESTION - Would you quarantine the 4 HP files (delete) if it were your laptop? What about the other 11 files (they got an honorable mention) not listed.

 

THANK YOU

Link to post
Share on other sites

  • Root Admin

No, I would not. We are done with AdwClenaer.

Do not allow it to remove the vendor software @IrishAmerican

The Security Check found no issues which is good.

 

 

 

Please run the following

 

Microsoft Safety Scanner

Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.   
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well
 

STEP 1

Please set File Explorer to SHOW ALL folders, all files, including hidden ones.  Use OPTION ONE or TWO of this article

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

STEP 2

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found.

 

Thank you

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.