Johnklen0011 Posted October 1, 2023 ID:1592530 Share Posted October 1, 2023 good evening, I need help, yesterday I downloaded malwarebytes on my computer and did a scan and found nothing, all good and all clean, I told him to do a scan every day and now that he reports today he found 21 items and I am worried, the only thing I have done today was to download an extension called Toucan which is for learning languages. Addition.txt FRST.txt MBSCAN.txt Link to post Share on other sites More sharing options...
Johnklen0011 Posted October 1, 2023 Author ID:1592531 Share Posted October 1, 2023 sorry for the translation of the text Link to post Share on other sites More sharing options...
1PW Posted October 2, 2023 ID:1592535 Share Posted October 2, 2023 Hello @Johnklen0011 and : While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions: Download the Malwarebytes Support Tool. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file. In the User Account Control (UAC) pop-up window, click Yes to continue the installation. Run the MBST Support Tool. In the left navigation pane of the Malwarebytes Support Tool, click Advanced. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer. WARNING: Do Not click the Repair System under Advanced unless requested to by a Malwarebytes support agent or authorized helper. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste. For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted. Thank you. Link to post Share on other sites More sharing options...
Johnklen0011 Posted October 2, 2023 Author ID:1592536 Share Posted October 2, 2023 thanks friend, here I attach the files mbst-grab-results.zip Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 2, 2023 ID:1592594 Share Posted October 2, 2023 (edited) Hello @Johnklen0011 My name is Maurice. I will guide you forward. What the Malwarebytes scan of 1 October had found & removed is classified as Adware.SearchEngineHijack on the Chrome web browser. Removing pesky malware can be an involved set of tasks over separate runs. Have much patience. Follow my directions. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. Only run the tools I guide you to. Do not run online games while case is on-going. Do not do any free-wheeling web-surfing. The removal of malware isn't instantaneous, please be patient. Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure. Please stick with me until I give you the "all clear". If your system is running Discord, please be sure to Exit out of it while this case is on-going. Do these 2 steps so that ALL folders & Files are set to SHOW, plus also, Turn OFF Windows Fast start. Show-Hidden-Folders-Files-Extensions https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/ Disable-Fast-Startup https://forums.malwarebytes.com/topic/299350-disable-fast-startup/ ( ALSO do this ) Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed. It will not take much time, First download & save it guide & download link Then be sure to close all web browsers after the download & before launching the tool. Then go to where the EXE file is saved. Start Adwcleaner. Then do a scan with Adwcleaner Guide article NOTE: IF Adwcleaner in the results shows "no items" flagged, then please click on the button marked "Run Basic Repair" Attach the clean log from Adwcleaner when all completed. Edited October 2, 2023 by Maurice Naggar amended Link to post Share on other sites More sharing options...
Johnklen0011 Posted October 2, 2023 Author ID:1592621 Share Posted October 2, 2023 Hi maurice, thanks for attending to my case, before starting I removed the extension and doing a mb scan it came out all clean but I want to make sure of that, the extension seems reliable with more than 300,000 users. I attach the link https://chrome.google.com/webstore/detail/toucan-by-babbel-language/lokjgaehpcnlmkebpmjiofccpklbmoci?hl=en you can take a look at that, here I attach the files you asked for AdwCleaner[S00].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 2, 2023 ID:1592627 Share Posted October 2, 2023 Please do the following actions, so that Microsoft Defender antivirus runs side-by-side along with Malwarebytes. Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the Malwarebytes for Windows 😃. Close Malwarebytes. > The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted items from a system. This tool does not install. It is run on-demand. This link is for the 64-bit version of MSERT.exe . Be sure you save the file first Upon completion of the save, Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan. That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well Launch MSERT.exe Accept the agreement terms of Microsoft Select CUSTOM scan Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned. Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run. Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those. We only rely on the end result that is on the log-report-file. This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.) The log is named MSERT.log the log will be at Windows\debug\msert.log Please attach that log with your reply It is normal for the Microsoft Safety Scanner to show 'detections' during the scan process on the screen itself. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not. 1 Link to post Share on other sites More sharing options...
Johnklen0011 Posted October 2, 2023 Author ID:1592645 Share Posted October 2, 2023 Thank you Maurice, I did the scan and it dont found nothing, i will attach the files here msert.log Link to post Share on other sites More sharing options...
Johnklen0011 Posted October 3, 2023 Author ID:1592812 Share Posted October 3, 2023 Good afternoon @Maurice Naggar, I hope you're having an excellent day, any update friend? Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 4, 2023 ID:1592993 Share Posted October 4, 2023 Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Safety Scanner Finished On Mon Oct 2 13:27:54 2023 As a next step, I suggest the following: This is for a scan with ESET Onlinescanner (free). ESET is a well-respected, well-known entity and tool. ESET Onlinescanner checks for viruses, other malware, adwares, & potentially unwanted applications. This here you can start & once it is under way, you can leave the machine alone & let it run over-night. No need to keep watch once it starts the actual scan run. Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get it started. When presented with the initial ESET options, click on "Computer Scan". Next, when prompted by Windows, allow it to start by clicking Yes When prompted for scan type, Click on CUSTOM scan and select C drive to be scanned Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button. Have patience. The entire process may take an hour or more. There is an initial update download. There is a progress window display. You may step away from machine &. Let it be. That is, once it is under way, you should leave it running. It will run for several hours. At screen "Detections occurred and resolved" click on blue button "View detected results" On next screen, at lower left, click on blue "Save scan log" View where file is to be saved. Provide a meaningful name for the "File name:" On last screen, set to Off (left) the option for Periodic scanning Click "save and continue" Please attach the report file so I can review 1 Link to post Share on other sites More sharing options...
Johnklen0011 Posted October 8, 2023 Author ID:1593784 Share Posted October 8, 2023 here i attach the file friend. 2.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 8, 2023 ID:1593786 Share Posted October 8, 2023 (edited) That is an excellent scan result. First some housekeeping, and then one Scan. There will be more later after all this. Start Malwarebytes. Click Settings ( gear ) icon. Next, let us make real sure that Malwarebytes does NOT register with Windows Security Center Click the Security Tab. Scroll down to "Windows Security Center" Click the selection to the left for the line "Always register Malwarebytes in the Windows Security Center". { We want that to be set as Off .... be sure that line's radio-button selection is all the way to the Left. thanks. } This will not affect any real-time protection of the Malwarebytes for Windows 😃. now Click the General tab. Under Application updates, click the Check for updates button. When it shows a new version available, Accept it and let it proceed forward. Be sure it succeeds. If prompted to do a Restart, just please follow all directions. Let me know how that goes. Next, the Malwarebytes scan Next, click the small x on the Settings line to go to the main Malwarebytes Window. Next click the blue button marked Scan. When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical. >>>>>> 👉 You can actually click the topmost left check-box on the very top line to get ALL lines ticked ( all selected). <<<< 💢 Please double verify you have that TOP check-box tick marked. and that then, all lines have a tick-mark Then click on Quarantine button. Then, locate the Scan run report; export out a copy; & then attach in with your reply. See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4 Edited October 8, 2023 by AdvancedSetup Corrected font issue Link to post Share on other sites More sharing options...
Johnklen0011 Posted October 8, 2023 Author ID:1593889 Share Posted October 8, 2023 Alright my friend Maurice, I just did the scan and here is the result. MBSCAN.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 9, 2023 ID:1594016 Share Posted October 9, 2023 The Malwarebytes scan result is perfect. Previously, I had you run ESET Onlinescanner and the Microsoft Safety Scanner. as well as Adwcleaner. Tell me, How is the system at this point ? Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted October 9, 2023 Solution ID:1594018 Share Posted October 9, 2023 [ Do a custom scan with Microsoft Defender Antivirus ] Just want to do a visual check in Windows Security to see (visually) that Microsoft Defender is on , and to do a Custom scan. From the Windows Start menu, select Settings, then select Update and Security. Next, look at the left-side menu & select Windows Security Next, In Windows Security section: Click on the grey button Open Windows Security Now, click on the shield Virus and threat protection Look to see that Microsoft Defender is shown & available for use. On the next display, look at all the options. Look down the list and see "Check for Updates" . You should click on that to have the system check for updates for Windows Defender. Watch & wait for that to complete. Please also note that the Scan options (all) can be displayed by clicking on Scan options. Click that & select CUSTOM scan & then pick the C drive & have it go forward. Once it has started the scan phase, you can go take a long break. Let me know the results. 1 Link to post Share on other sites More sharing options...
Johnklen0011 Posted October 9, 2023 Author ID:1594047 Share Posted October 9, 2023 good afternoon, Maurice, since I removed the extension there were no more detections, maybe it is a false positive, I did the scan now with windows defender and there is no record of Malware. Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 9, 2023 ID:1594086 Share Posted October 9, 2023 It is great to read this good news. I would recommend getting a readout report as to update status of some key apps. Temporarily disable Microsoft SmartScreen to download the next software below Download SecurityCheck by glax24 from here and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt 1 Link to post Share on other sites More sharing options...
Johnklen0011 Posted October 10, 2023 Author ID:1594115 Share Posted October 10, 2023 Here is the file Maurice, what do you think at this point, thanks for your help, I believe we are safe, aren't we? SecurityCheck.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 10, 2023 ID:1594271 Share Posted October 10, 2023 1 application needs your attention. and it is the video driver. Get it updated & then do a Windows Restart. NVIDIA GeForce Experience 3.20.5.70 v.3.20.5.70 Warning! Download Update Yes, this machine is good & clear & ready to go. For the cleanup tool, it will be less friction to use Firefox to get the tool downloaded. Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_2-15.exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. You may attach that file to your next reply. (not compulsory) Delete mb-support-1.9.2.982.exe Delete mbst-grab-results.zip on the Desktop. Your system is good-to-go. Sincerely. Link to post Share on other sites More sharing options...
Johnklen0011 Posted October 12, 2023 Author ID:1594661 Share Posted October 12, 2023 Hi Maurice, how are you? here is the file friend kprm-20231012112248.txt 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 12, 2023 ID:1594727 Share Posted October 12, 2023 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts