Kungel Posted December 6, 2023 ID:1603768 Share Posted December 6, 2023 I recently signed up for the premium edition of Malwarebytes, and after each scan I quarantine anything that the scan finds, but on the next scan the same items show up again. How can I correct this?Malware Bytes.doc Link to post Share on other sites More sharing options...
Porthos Posted December 6, 2023 ID:1603778 Share Posted December 6, 2023 @Kungel Let's get the info to get the process started. Please do the following so that we may take a closer look at your system for any possible infections. Do these 2 steps FIRST so that files and folders are set to SHOW, plus also, Turn OFF Windows Fast Start. Show-Hidden-Folders-Files-Extensions https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/ Disable-Fast-Startup https://forums.malwarebytes.com/topic/299350-disable-fast-startup/ Then please restart the computer and do the following. WARNING: Do Not click the Repair option under Advanced unless requested by a Malwarebytes support agent or authorized helper NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to the Desktop or on the hidden Public desktop (usually C:\Users\Public\Desktop), please upload that file on your next reply Then be patient for the next expert to take your case. Thank you Link to post Share on other sites More sharing options...
Kungel Posted December 6, 2023 Author ID:1603785 Share Posted December 6, 2023 Ok the two steps have been done. Attached is the filembst-grab-results.zip Link to post Share on other sites More sharing options...
Porthos Posted December 7, 2023 ID:1603788 Share Posted December 7, 2023 15 minutes ago, Kungel said: Ok the two steps have been done. The reason this keeps coming back is because the sync function of Edge brings it back after you clean it with Malwarebytes. You need to clear the sync data on MS servers for the clean up by Malwarebytes to work. https://learn.microsoft.com/en-us/deployedge/edge-learnmore-reset-data-in-cloud. Link to post Share on other sites More sharing options...
Kungel Posted December 7, 2023 Author ID:1603790 Share Posted December 7, 2023 I do not use Edge, but I see that it is in fact on my computer. So should I just uninstall Edge, but I suspect the next time Windows updates Edge will be reinstalled? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 7, 2023 Root Admin ID:1603821 Share Posted December 7, 2023 Normally MS Edge requires special PowerShell coding to fully remove from the system. Nothing wrong with having the browser on the system just don't enable the Sync which Microsoft tries to set up all the time Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 8, 2023 Root Admin ID:1603966 Share Posted December 8, 2023 Please go ahead and run the following scan Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe How to run a scan with Kaspersky Virus Removal Tool 2020 https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced mode https://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan https://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencrypt C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you Link to post Share on other sites More sharing options...
Kungel Posted December 8, 2023 Author ID:1604011 Share Posted December 8, 2023 Okay I have run Kaspersky, but there is nothing in C:\KVRT2020_Data\Reports that look similar to this report_20210123_113021.klr. Please see the attached. The scan did find 1 object which I deleted.scan results.doc Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 8, 2023 Root Admin ID:1604056 Share Posted December 8, 2023 Okay, let's try another scanner @Kungel Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply Link to post Share on other sites More sharing options...
Kungel Posted December 8, 2023 Author ID:1604076 Share Posted December 8, 2023 Sorry, but I have been looking for about 30 minutes and can not find an email address? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 8, 2023 Root Admin ID:1604078 Share Posted December 8, 2023 https://free.drweb.com/ An error has occurred Friends, our website is temporarily down. We are working hard to resolve this issue as quickly as possible. Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process [ 1 ] Please make the following system changes. Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed. Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions [ 2 ] Malwarebytes AdwCleaner Let's do a special run of Malwarebytes AdwCleaner to help prepare the computer to be able to run other scanning software that may be blocked Please read all the information below before starting so that you have a good understanding of the process. Take your time and be careful. Make sure you select all of the listed items below - before- pressing the scan button. Please download Malwarebytes AdwCleaner and save the file to your Desktop or Downloads folder. Here is another link to download if the link above does not work: Malwarebytes AdwCleaner alternative link Locate the program where you downloaded it. Double-click to start AdwCleaner. Do not rush. There are a few choices to set as listed below. Malwarebytes AdwCleaner guide Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt. Accept the End User License Agreement. Wait until the database is updated. Do Not click on anything yet. When AdwCleaner starts, on the left side panel of the window, click on Settings and enable these repair actions on the Application tab Clicking their button to the far-right will enable the ON status Delete IFEO keys Delete tracing keys Delete Prefetch files Reset Proxy Reset Chrome policies Reset IE Policies Reset Winsock Reset Hosts file (If you're not having any issues accessing security or other websites you can uncheck this item) ONLY after you have set the selections above ....only after that ..... Now On the left side of the AdwCleaner window, click on the Dashboard panel and then click the Scan button to perform a computer scan. DO NOT uninstall or remove the Preinstalled software if found. Uncheck any items listed for Preinstalled When finished, if items are found please click Quarantine to finish the cleaning process. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Attach that log to your next reply. You can also open the Log Files panel to locate. This can take several minutes to complete, please be patient. When the AdwCleaner scan is completed it will display all of the items it has found. Click on the Quarantine button To remove what it found. AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean. Click on the Continue button to finish the removal process. If No Detections are found, Click the Basic Repair button to have it reset the checked items above. [ 3 ] Malwarebytes for Windows If you already have Malwarebytes installed then open Malwarebytes and click on the small gear icon, then click on the "Check for updates" button on the General tab. After any updates, click the middle Scan button from the main page. It will automatically run a Threat Scan. If you don't have Malwarebytes installed yet, please download it from here or alternative link and install it. Once installed then open Malwarebytes and select Scan and let it run. Once the scan is completed, make sure you have it quarantine any detections it finds. If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let us know in your next reply that the scanner would not run. View Reports and History in Malwarebytes for Windows v4 https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows Malwarebytes for Windows v4 guide https://support.malwarebytes.com/hc/en-us/articles/360038984693-Malwarebytes-for-Windows-v4-guide RESTART THE COMPUTER Before running Step 4 [ 4 ] Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Please rename FRST.EXE or FRST64.EXE to FRSTEnglish.exe After renaming the file right-click over FRSTEnglish.exe and select "Run as administrator" When the tool opens click Yes to the disclaimer Make sure there is a check mark in the Addition.txt check box Press the Scan button. It will make a log FRST.txt and Addition.txt in the same directory the tool is run from. Please attach both logs to your next reply. Thank you Example image of where to click to attach files when posting your reply Link to post Share on other sites More sharing options...
Kungel Posted December 8, 2023 Author ID:1604141 Share Posted December 8, 2023 1.) I already had Malwarebytes Ad cleaner installed and have been running it for quite some time. Whenever it did find something I quarantined those items. I was not able to attach the details of each scan, but have attached a snippet (Adw Scans.doc) of all the scans so far this year.. 2.)Also attached are the file FRST.txt and Addition.txt Addition.txtFRST.txt I hope this makes sense? Link to post Share on other sites More sharing options...
Kungel Posted December 8, 2023 Author ID:1604142 Share Posted December 8, 2023 sorry I forgot the snippet. Adw Scans.doc Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 8, 2023 Root Admin ID:1604149 Share Posted December 8, 2023 Please follow the steps [ 1 ] Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following Bonjour (normally not needed on Windows but often causes network issues on Windows) [ 2 ] Your current DNS Servers: 64.59.144.93 - 64.59.150.139 Please consider changing your default DNS server settings. Please choose one provider only DNS is what lets users connect to websites using domain names instead of IP addresses Pick just one of these 4 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6 Google Public DNS: IPv4 8.8.8.8 and 8.8.4.4 IPv6 2001:4860:4860::8888 and 2001:4860:4860::8844 Cloudflare: IPv4 1.1.1.1 and 1.0.0.1 IPv6 2606:4700:4700::1111 and 2606:4700:4700::1001 OpenDNS: IPv4 208.67.222.222 and 208.67.220.220 IPv6 2620:119:35::35 and 2620:119:53::53 DNSWATCH: IPv4 84.200.69.80 and 84.200.70.40 IPv6 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b The Ultimate Guide to Changing Your DNS Server https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/ Here is a YouTube video on Changing DNS settings if needed [ 3 ] Please run the following fix NOTE: Please read all of the information below before running this fix. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program: D:\Documents\Downloads\FRSTEnglish.exe Save the attached file: FIXLIST.TXT to this folder D:\Documents\Downloads\ NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. Run the Farbar program with Admin rights and press the Fix button just once and wait. The fix may possibly take up to 60 minutes to complete If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply. NOTE: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt [ 4 ] The logs indicate that something is wrong with your installation of Firefox. Please uninstall Firefox, Restart the computer. Then download and install Firefox again Thank you Link to post Share on other sites More sharing options...
Kungel Posted December 9, 2023 Author ID:1604163 Share Posted December 9, 2023 1) Bonjour is gone. 2) Google Public DNS: IPv4 8.8.8.8 and 8.8.4.4 3)repair log attached Fixlog.txt 4) Firefox uninstalled and then downloaded and reinstalled Firefox I hope this did it? Link to post Share on other sites More sharing options...
Kungel Posted December 9, 2023 Author ID:1604165 Share Posted December 9, 2023 Update, just ran malwarebytes and pups are still there! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 9, 2023 Root Admin ID:1604177 Share Posted December 9, 2023 Please post back the log showing the detection You can find Scan and Protection logs within the Malwarebytes 4 program in the following location RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged If you click on the View option you should get something similar to the following with other options available. Link to post Share on other sites More sharing options...
Kungel Posted December 9, 2023 Author ID:1604184 Share Posted December 9, 2023 Ok here you go attached are two scans. Scan 1.txtScan 1.txtScan2.txtScan2.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 9, 2023 Root Admin ID:1604189 Share Posted December 9, 2023 You need to clean up Microsoft Edge. That is the issue. Disable SYNCING of your data and clear up all the cache and check and/or reset the settings. Please review the following link -- DO NOT -- download anything, just read how to reset Microsoft Edge. https://www.geeksinphoenix.com/blog/post/2020/08/09/how-to-clean-up-and-reset-microsoft-edge Link to post Share on other sites More sharing options...
Kungel Posted December 9, 2023 Author ID:1604255 Share Posted December 9, 2023 Sorry, if this is a dumb question, but Microsoft Edge is not the browser that I use. My main browser is Brave and Firefox is the alternate. My question is do I need to launch Edge to make the suggested changes and then reset Brave as my default browser? Link to post Share on other sites More sharing options...
Porthos Posted December 9, 2023 ID:1604259 Share Posted December 9, 2023 1 minute ago, Kungel said: My question is do I need to launch Edge to make the suggested changes Yes. Link to post Share on other sites More sharing options...
Solution Kungel Posted December 9, 2023 Author Solution ID:1604281 Share Posted December 9, 2023 THANK YOU TO ALL THAT HELPED! I ran both the Adware and the Malwarebytes programs and bingo nothing was detected. I could never have don it myself. So again thank you for your help, much appreciated. Link to post Share on other sites More sharing options...
Kungel Posted December 9, 2023 Author ID:1604290 Share Posted December 9, 2023 Interesting observation, this computer runs on Windows 10, but my Laptop which runs Windows 11 does not come up with pup errors when I run Malwarebytes or Adware. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 10, 2023 Root Admin ID:1604341 Share Posted December 10, 2023 Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. Please attach that file to your next reply. (not compulsory) Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes Link to post Share on other sites More sharing options...
Kungel Posted December 10, 2023 Author ID:1604357 Share Posted December 10, 2023 Okay all done. Log is attached. kprm-20231209215328.txt Just to make sure, after running the clean up program I ran Malwarebytes and nothing was found. So I am happy. Thanks a lot guys for your patience and help. Much appreciated. Link to post Share on other sites More sharing options...
Recommended Posts