Jump to content

Same Spyware detected at every scan


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello!

I have noticed that from the latest scans Malwarebytes detectes always the same spyware, even if eliminated through the quarantine. They are always the same number 67, and today I decided to try to follow some other thread that had a similiar issue. Via the AdwCleaner I tried some scans, it detected the same number of Spyware. Now the Adwcleaner doesn't detect anything anymore, but malwarebytes scan still detect the Spyware, I don't know what to do to resolve this, any tips will be very appreciated. I'll leave the log of my last Malwarebytes scan here, I have the software in italian, so it's all in italian, and this time it detectes 59 not 67.

-Dettagli log-
Data scansione: 11/08/23
Ora scansione: 12:39
File di log: 48865e40-3833-11ee-b058-94c69193e9c2.json

-Informazioni software-
Versione: 3.6.1.2711
Versione componenti: 1.0.527
Aggiorna versione pacchetto: 1.0.30807
Licenza: Free

-Informazioni sistema-
SO: Windows 10 (Build 22621.2134)
CPU: x64
File system: NTFS
Utente: DESKTOP-LQ84LB5\Mikasagori

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 276562
Minacce rilevate: 59
Minacce messe in quarantena: 0
Tempo impiegato: 13 min, 7 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 1
Spyware.Extension, HKU\S-1-5-21-4132656563-3988042758-1534523521-1004\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mmnbenehknklpbendgmgngeaignppnbe, Nessuna azione intrapresa, [11009], [1082994],1.0.30807

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 7
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\_locales\en, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\_metadata, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\_locales, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\USERS\MIKASAGORI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\mmnbenehknklpbendgmgngeaignppnbe, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\USERS\MIKASAGORI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\mmnbenehknklpbendgmgngeaignppnbe, Nessuna azione intrapresa, [11009], [1082994],1.0.30807

File: 51
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Alien.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Batman.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\ChickenLeg.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Chocobar.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Cinderella.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Cookie.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\CptAmerica.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\DeadPool.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\edit.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Exit-Unhover.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Goofy.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Hamburger.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\hide.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\hidebtn.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\hotdog.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\IceCream.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\IronMan.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Link.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Mulan.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Pizza.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Poohbear.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Popcorn.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\refresh.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Sailor Cat.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Sailormoon.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Snow-White.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\img\Wolverine.svg, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\_locales\en\messages.json, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\_metadata\computed_hashes.json, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\_metadata\verified_contents.json, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\128.png, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\16.png, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\32.png, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\background.html, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\background.js, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\common.css, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\content_script.js, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\g_32.png, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\jquery.js, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\manifest.json, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\normalize.css, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\popup.css, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\popup.html, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnbenehknklpbendgmgngeaignppnbe\2.2.6_0\popup.js, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\USERS\MIKASAGORI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\USERS\MIKASAGORI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmnbenehknklpbendgmgngeaignppnbe\000003.log, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmnbenehknklpbendgmgngeaignppnbe\CURRENT, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmnbenehknklpbendgmgngeaignppnbe\LOCK, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmnbenehknklpbendgmgngeaignppnbe\LOG, Nessuna azione intrapresa, [11009], [1082994],1.0.30807
Spyware.Extension, C:\Users\Mikasagori\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmnbenehknklpbendgmgngeaignppnbe\MANIFEST-000001, Nessuna azione intrapresa, [11009], [1082994],1.0.30807

Settore fisico: 0
(Nessun elemento nocivo rilevato)

WMI: 0
(Nessun elemento nocivo rilevato)

 

Link to post
Share on other sites

Hello @AshEss and :welcome::

FYI. The forum prefers that diagnostic reports be made attachments instead of copy and paste.

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.  WARNING: Do Not click the Repair System under Advanced unless requested to by a Malwarebytes support agent or authorized helper.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted.

Thank you.

Edited by 1PW
Link to post
Share on other sites

Hello @AshEss:

Quote

“I'm new so I didn't know.”

It's all good now and not to worry.

By the way. Your computer's version of Malwarebytes is over four and one-half years old. Please wait for your helper to assist you with the proper way to update it, so you will not have additional difficulties.

Thank you.

 

Edited by 1PW
Link to post
Share on other sites

Hello :welcome: @AshEss

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Thank you for providing the zip report file.
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

Sorry, we have to get you to stop and get the very latest verison of Malwarebytes. Your machine has a ancient and obsolete version 3.6.  The very latest is version 4.5

 

Edited by Maurice Naggar
amended
Link to post
Share on other sites

I would ask you to use the Malwarebytes Support tool which you already have
to have the tool uninstall & re-install the Malwarebytes for Windows.
Use this support article as a guide  https://support.malwarebytes.com/hc/en-us/articles/360039023473-Uninstall-and-reinstall-Malwarebytes-using-the-Malwarebytes-Support-Tool

Skip line 1 for download.  Locate where you saved it & use it.
Have infinite patience after the Reboot ( restart ) and just wait till the prompt window comes on
Reply YES when prompted to re-install Malwarebytes

Link to post
Share on other sites

May I presume that you completed all that I listed recently ?  and that now, the latest Malwarebytes IS installed ?

Launch ( start) Malwarebytes.  Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

MB4_scan_tick_ALL.jpg.d5c4071c62ed66534301fbb217b93bc0.jpg

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.6c45445994d4125c0b617ac7c5551e03.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

😉

 

Link to post
Share on other sites

That is a very good run & cleanup by Malwarebytes. It found & removed PUP.Optional.ByteFence plus 1 Spyware.Extension  ( on Chrome ).

As a next step, I suggest the following:
This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool. ESET Onlinescanner checks for viruses, other malware, adwares, & potentially unwanted applications.
This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on CUSTOM scan  and select C drive to be scanned
  • Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"
  • and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours.

  • At screen "Detections occurred and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
Link to post
Share on other sites

Now a different scan with another security scanner. 

You should first Close as many of your open-user app-screens as possible. That is to say, Exit all that you do not need to have open.

This with Kaspersky KVRT tool.

Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop.

Next, Select the Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\Mikasagori\DESKTOP\KVRT.exe will now show in the run box.

user posted image

add
-dontencrypt

Note the space between KVRT.exe and -dontencrypt

C:\Users\Mikasagori\DESKTOP\KVRT.exe -dontencrypt 

should now show in the Run box.

user posted image

That addendum to the run command is very important.


To start the scan select OK in the "Run" box.



The Windows Protected your PC window "may" open, IF SO then select "More Info"

user posted image

A new Window will open, select "Run anyway"

user posted image

A EULA window will open, tick both confirmation boxes then select "Accept"

user posted image

In the new window select "Change Parameters"

user posted image

 
  • In the new window ensure the following boxes are ticked:
    • System memory
    • Startup objects
    • Boot sectors
    • System drive
  • Then select "OK" and „Start scan“.

The Kaspersky tool is very thorough so will take a considerable time to complete, please allow it to finish. Also while Kaspersky runs do not use your PC for anything else..

  • completed: If entries are found, there will be options to choose. If "Cure" is offered, leave as it is. For any other options change to "Delete", then select "Continue".
  • Usually, your system needs a reboot to finish the removal process.
  • Logfiles can be found on your systemdrive (usually C: ), similar like this:

Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20230815_203000.klr

  • Right click direct onto those reports, select > open with > Notepad.
  • Save the files and attach them with your next reply
Link to post
Share on other sites

  • Solution

One other scan here.

TrendMicro HouseCall scan
from this Link

First, Download & Save to your Downloads folder the appropriate HouseCallLauncher
Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.

The program will check with TrendMicro & do a update run.

Next it will show the Disclosure window.

Click Next to proceed.

The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.

I suggest a CUSTOM scan on C drive.

IF you wish a Full scan or a Custom scan, first click on the Settings

then you can select which drives you want to include in the scan.

The default is a Quick scan.

Click Scan now when ready.

The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.

When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.

If you see an item that you know is safe, you can click the Action  , and select Ignore.

When all done & ready, click the Fix now button.

Link to post
Share on other sites

That is very good! I would recommend getting a readout report as to update status of some key apps.
Temporarily disable Microsoft SmartScreen to download the next software below 

Download SecurityCheck by glax24 from here

and save the tool on the desktop.

                   If Windows's  SmartScreen block that with a message-window, then
                         Click on the MORE INFO spot and over-ride that and allow it to proceed.

                             This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

When all done, you may go back to turn ON the EDGE Smartscreen protection.

Link to post
Share on other sites

Avast Free Antivirus v.23.7.6074 is on, enabled, and running.  I assume that is what you are sticking with. IF that is so, then you need to Uninstall Norton Security v.22.20.5.39.

IF on the other hand, you prefer to stay with Norton, then you need to Uninstall Avast.

After you have made the change, then you need to Restart Windows. There is more attention & action after that.

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

get & first SAVE & then run the AVASTCLEAR tool
Get, Save & Run the Avast clear tool. This is to insure there are no leftover remains of Avast.
https://support.avast.com/en-us/article/Uninstall-Antivirus-Utility/
Save the tool first; then run it.

[   2   ]
Then do a Windows RESTART  from the Start menu.

I would recommend getting a readout report as to update status of some key apps.
Temporarily disable Microsoft SmartScreen to download the next software below 

Download SecurityCheck by glax24 from here

and save the tool on the desktop.

                   If Windows's  SmartScreen block that with a message-window, then
                         Click on the MORE INFO spot and over-ride that and allow it to proceed.

                             This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

When all done, you may go back to turn ON the EDGE Smartscreen protection.

Link to post
Share on other sites

Below are the highlighted apps on SecurityCheck report.
Norton Security v.22.20.5.39  Warning! Download Update

Microsoft Office Professional Plus 2010 v.14.0.6029.1000 Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice

Microsoft Office 2010 Service Pack 1 (SP1) Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice

Notepad++ (32-bit x86) v.8.1.4 Warning! Download 
Update

OpenOffice 4.1.6 v.4.16.9790  Warning! Download Update

7-Zip 19.00 (x64) v.19.00  Uninstall

[/b][/color]

7-Zip 22.00 (x64 edition) v.22.00.00.0  Warning! Download Update
Uninstall old version and install new one.


WinRAR 5.61 (64-bit) v.5.61.0  Warning! Download Update
 

GIMP 2.10.10 v.2.10.10 Warning! Download Update

Discord v.0.0.309  Warning! Download Update

uTorrent Web v.1.2.8  Warning! Ad-supported P2P-client.

Java 8 Update 311 (64-bit) v.8.0.3110.11  Warning! Download Update
Uninstall old version and install new one (jre-8u381-windows-x64.exe).

VLC media player v.3.0.17.4  Warning! Download Update

Adobe AIR v.2.6.0.19140  Warning! This software is no longer supported. Please uninstall it.

Adobe Creative Cloud v.4.9.0.504  Warning! Download Update

Mozilla Firefox 64.0 (x64 en-US) v.64.0 Uninstall this very very old version

Mozilla Firefox 70.0.1 (x86 en-US) v.70.0.1  Warning! Download Update

Opera Stable 101.0.4843.43 v.101.0.4843.43  Warning! Download Update

Edited by Maurice Naggar
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.