AthernalRage Posted September 12, 2023 ID:1588604 Share Posted September 12, 2023 this file called SetupGame malwarebytes thinks its safe its not its a keylogger and im trying to remove it Link to post Share on other sites More sharing options...
1PW Posted September 12, 2023 ID:1588606 Share Posted September 12, 2023 Hello @AthernalRage and : While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions: Download the Malwarebytes Support Tool. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file. In the User Account Control (UAC) pop-up window, click Yes to continue the installation. Run the MBST Support Tool. In the left navigation pane of the Malwarebytes Support Tool, click Advanced. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer. WARNING: Do Not click the Repair System under Advanced unless requested to by a Malwarebytes support agent or authorized helper. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste. For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted. Thank you. 1 Link to post Share on other sites More sharing options...
AthernalRage Posted September 12, 2023 Author ID:1588614 Share Posted September 12, 2023 here dbupdate.log MBAMSERVICE.LOG mbupdatr.log mbst-check-results.txt mbst-clean-results.txt Addition_12-09-2023 09.55.27.txt FRST_12-09-2023 09.55.27.txt Addition.txt FRST.txt mb-support-log.txt mbst-stub-results.txt PFRO.log setupapi.dev.20230712_192839.log setupapi.dev.20230809_104301.log setupapi.dev.log mbsetup.log Service mbamiservice.log Service mb_errors999.log 1 Link to post Share on other sites More sharing options...
AthernalRage Posted September 12, 2023 Author ID:1588622 Share Posted September 12, 2023 fixed it this is the zip mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 12, 2023 ID:1588641 Share Posted September 12, 2023 Hello, AthernalRage. Do what follows. Show-Hidden-Folders-Files-Extensions https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/ Open an elevated Powershell window as an administrator . On the Taskbar Search box, type in powershell click the line for "run as administrator" It is best to use the Windows Copy ( CTRL+ C ) and paste ( CTRL+V ) for the whole line, as-is On that Command prompt, Copy & Paste this command Remove-Item -Path "C:\Users\clark\Downloads\SetupGame.exe" -force press Enter-key on keyboard and watch & write down the result Link to post Share on other sites More sharing options...
AthernalRage Posted September 12, 2023 Author ID:1588685 Share Posted September 12, 2023 Remove-Item : Cannot remove item C:\Users\clark\Downloads\SetupGame.exe: Access to the path is denied. At line:1 char:1 + Remove-Item -Path "C:\Users\clark\Downloads\SetupGame.exe" -force + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (C:\Users\clark\Downloads\SetupGame.exe:FileInfo) [Remove-Item], Argume ntException + FullyQualifiedErrorId : RemoveFileSystemItemArgumentError,Microsoft.PowerShell.Commands.RemoveItemCommand Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 12, 2023 ID:1588712 Share Posted September 12, 2023 Disable-Fast-Startup https://forums.malwarebytes.com/topic/299350-disable-fast-startup/ Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the Malwarebytes for Windows 😃. Close Malwarebytes. > Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine. The file "setupgame.exe" is locked. Hope to unlock it & also delete it. This system also seems to have a VBS trojan. That too will be removed. NOTE-1: This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will attempt to run some scans with Microsoft Defender antivirus. It will attempt to clear Cache files of web browsers. It will attempt to clear temporary file areas. It rebuilds the Winsock. Depending on the speed of your computer this fix may take 50-55 minutes or more. Please Close all open work before you actually do begin this run. Farbar FRSTENGLISH program location: Downloads folder. The tool is already on system. That is what we will use. Please download the attached fixlist.txt file and save it to Downloads Fixlist.txt <- < - - - - NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work. Right-click with your mouse on FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important. next, press the Fix button just once and wait. You will see a green-color scroll display while FRST is running. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. NOTICE: For potential outside readers, This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm. Link to post Share on other sites More sharing options...
AthernalRage Posted September 12, 2023 Author ID:1588728 Share Posted September 12, 2023 Fixlog.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted September 13, 2023 Solution ID:1588828 Share Posted September 13, 2023 Hi. Thank you. The custom-run is good. The Windows System File Checker has made some corrections. Windows Resource Protection found corrupt files and successfully repaired them. When you have some quiet time, we need to run a new custom-run to recheck integrity, and to also have this new run to do a CHKDSK run to check the integrity of the disc storage. After this run has finished, at the next time system Reboots, be sure you do not interfere with the run of CHKDSK. Please Close all open work before you actually do begin this run. Farbar FRSTENGLISH program location: Downloads folder. The tool is already on system. That is what we will use. Please download the attached fixlist.txt file and save it to Downloads Fixlist.txt <- < - - - - NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work. Right-click with your mouse on FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important. next, press the Fix button just once and wait. You will see a green-color scroll display while FRST is running. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Link to post Share on other sites More sharing options...
AthernalRage Posted September 14, 2023 Author ID:1588928 Share Posted September 14, 2023 Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 14, 2023 ID:1588974 Share Posted September 14, 2023 Alright. Good run. As to the hard to remove file, I am thinking that has been taken care of. As a next step, I suggest the following: This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool. ESET Onlinescanner checks for viruses, other malware, adwares, & potentially unwanted applications. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on CUSTOM scan and select C drive to be scanned Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occurred and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review Link to post Share on other sites More sharing options...
AthernalRage Posted September 15, 2023 Author ID:1589089 Share Posted September 15, 2023 scan log.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 15, 2023 ID:1589161 Share Posted September 15, 2023 Thanks. That is a great result from the ESET Onlinescanner. 😀 I would recommend getting a readout report as to update status of some key apps. Temporarily disable Microsoft SmartScreen to download the next software below Download SecurityCheck by glax24 from here and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
AthernalRage Posted September 16, 2023 Author ID:1589332 Share Posted September 16, 2023 SecurityCheck.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 16, 2023 ID:1589373 Share Posted September 16, 2023 7-Zip 21.07 (x64) v.21.07 Warning! Download Update Uninstall old version and install new one. Discord v.1.0.9003 Warning! Download Update Java 8 Update 321 (64-bit) v.8.0.3210.7 Warning! Download Update Uninstall old version and install new one (jre-8u381-windows-x64.exe). Opera GX Stable 101.0.4843.74 v.101.0.4843.74 Warning! Download Update Bonjour v.3.1.0.1 Uninstall it. Your pc does not need it 👌💢 Temporarily disable Microsoft SmartScreen to download the next software below Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_2-15.exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. You may attach that file to your next reply. (not compulsory) Delete mb-support-1.9.2.982.exe Delete mbst-grab-results.zip on the Desktop. Sincerely. Link to post Share on other sites More sharing options...
AthernalRage Posted September 17, 2023 Author ID:1589497 Share Posted September 17, 2023 kprm-20230917065053.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 17, 2023 ID:1589563 Share Posted September 17, 2023 I am glad to have worked with you. Delete mb-support-1.9.2.nnn.exe Delete mbst-grab-results.zip on the Desktop. Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. I am marking this case for closure. I wish you all the best. Stay safe. Sincerely. Maurice 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 17, 2023 ID:1589564 Share Posted September 17, 2023 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you 1 Link to post Share on other sites More sharing options...
Recommended Posts