Maurice Naggar Posted December 13, 2023 ID:1604874 Share Posted December 13, 2023 (edited) Leave Malwarebytes & MS Defender antivirus as is. MS Defender is in good state, & up-to-date & its Tamper protection is fine. Let us find some quiet time, where you can get, Save, then run a KB5033372 cumulative update from Windows Update Catalog. Save the download to the Desktop. The CAB file download link is this. This is 2023-12 Dynamic Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5033372) Once the download is all saved, this is how to apply the update, using the Windows DISM on a elevated Command prompt. Open an elevated Command window i.e. run Command Prompt as an administrator . On the Taskbar Search box, type in cmd.exe click the line for "run as administrator" It is best to use the Windows Copy ( CTRL+ C ) and paste ( CTRL+V ) for the whole line, as-is On that prompt-window, Copy & Paste this command the whole line AS-IS it is a long line. insure to get all of it copied. dism /Online /Add-Package /PackagePath:"C:\Users\David\Desktop\windows10.0-kb5033372-x64_42568aafdedaf72a9699250eb48da5f876cdc7c2.cab" press Enter-key on keyboard Monitor & have patience & write down the result The command line above is based on having saved the download-file to the Desktop Edited December 13, 2023 by Maurice Naggar Link to post Share on other sites More sharing options...
Porthos Posted December 13, 2023 ID:1604884 Share Posted December 13, 2023 2 hours ago, D1117 said: Io change any of the Malwarebytes settings, Tamper Protection seems to be set to ON and it does not want to all me to change anything.. Should I remove that? I think that will require a re-install of the program. Note: If you forget your Tamper Protection password, it can be reset using your license key, or the key portion of your license, if your license is in the older ID and Key format. In the Tamper Protection window, click Reset password, then enter your license key (capitalized and including dashes) to set a new password. 1 Link to post Share on other sites More sharing options...
D1117 Posted December 13, 2023 Author ID:1604927 Share Posted December 13, 2023 I will give things a day or so to settle down. On my end I have been dealing with several medical issues and fixing the financial problems caused by my original, badly chosen, response to the phishing letter. I am learning that several top scientists my wife worked with have also been badly bitten by the same scam. I am very appreciative of your assistance. Have a good day. Dave Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 13, 2023 ID:1604963 Share Posted December 13, 2023 Do take care of yourself as the first priority. Later on, after a few days, check back here and advise about the overall computer situation. I hope to hear back from you by the 20th of December. Link to post Share on other sites More sharing options...
D1117 Posted December 14, 2023 Author ID:1605261 Share Posted December 14, 2023 I did complete running that .CAB file install without any issues. Have not yet removed the tamper protection on the Malwarebytes, but will try that tomorrow. Otherwise, the system seems to be running well. No new unauthorized purchases. Should I run full scans more often for a few days rather than once-a-week scans? Any other advice? Regards, Dave K Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 15, 2023 ID:1605265 Share Posted December 15, 2023 Hello. For one thing, I had not realized till just now that you had been a victim of a phishing document. In future, if you get a random email with some document, do not Open it right away. You ( if you insist on looking at the document) should SAVE it as-is first to some folder. Then use your Antivirus to scan that document. Review the result before even ever opening the document in the first instance. As far as Malwarebytes' Tamper protection, (a) that is about protecting from a outsider uninstalling the Malwarebytes program. Thus it is not a Windows OS related thing. This is a opt-in option in Malwarebytes settings. See this support article https://support.malwarebytes.com/hc/en-us/articles/4402964326419-Restrict-uninstallation-of-Malwarebytes-for-Windows-v4 I believe we are close to wrapping up this case. The Malwarebytes you have is on a Premium license. So Malwarebytes would be doing a daily scan. You may run on-demand manual Scans with Microsoft Defender antivirus. At this point, I'd like to gather 3 fresh sets of reports. ( 1 ) I would like a report set for review. This is a report only. This is the first beginning step so I can see what is what on this particular machine. Please download MALWAREBYTES MBST Support Tool Once you start it click Advanced >>> then Gather Logs Have patience till the run has finished. Attach the mbst-grab-results.zip from the Desktop to your reply.. ( 2 ) SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications. Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe If Microsoft SmartScreen blocks the download, click through to save the file This tool is safe. Smartscreen is overly sensitive. If SmartScreen blocks the file from running click on More info and Run anyway Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt ( 3 ) Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine. This is a Inquiry report only. It will run quickly. Please Close all open work before you actually do begin this run. FRSTENGLISH,exe program location: Downloads folder. The tool is already on system. That is what we will use. Please download the attached fixlist.txt file and save it to Downloads Fixlist.txt<- < - - - - NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work. Right-click with your mouse on FRSTENGLISH and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important. next, press the Fix button just once and wait. You will see a green-color scroll display while FRST is running. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. Link to post Share on other sites More sharing options...
D1117 Posted December 15, 2023 Author ID:1605371 Share Posted December 15, 2023 I will be doing the steps above today. Thought you might be interested in the article link I am attaching. My wife knows the woman described in the article. https://www.washingtonpost.com/dc-md-va/2023/12/14/cyber-crime-scams-irs-taxes/ Dave Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 15, 2023 ID:1605405 Share Posted December 15, 2023 << ughh cybercrime & scams. Such a horror >> Link to post Share on other sites More sharing options...
D1117 Posted December 16, 2023 Author ID:1605478 Share Posted December 16, 2023 I will have to take a few days off the testing plans. We have a houseguest using that room, so I expect to be offline for the time. I will get back to you in a few days. Thanks again. Dave Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 16, 2023 ID:1605481 Share Posted December 16, 2023 Thanks. I do appreciate your letting me know. 🙂 Link to post Share on other sites More sharing options...
D1117 Posted December 17, 2023 Author ID:1605715 Share Posted December 17, 2023 I think I ran everything. Let me know if I missed attaching a results file. I also have noticed that I am unable to get other PCs in the house to attach to a shared printer I have on this PC, as well as a file share that I used to connect to using the Apple Files program SMB connection from my iPad. These aren't crucial, but I am wondering if there is a firewall issue going on? I have a net analyzer program on my iPad that seems to say there are lots of blocked ports. I have very little firewall experience. I can ping this PC from other computers on my network, I just cannot connect to shared files from the iPad or the shared printer. I can connect from this PC to another PC on the network and copy file to this one, so it seems to affect only incoming attempts. Thanks for your help. I will be out of town most of Monday. Regards, Dave mbst-grab-results.zip Fixlog.txt SecurityCheck.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted December 18, 2023 Solution ID:1605748 Share Posted December 18, 2023 First of all, per the SecurityCheck report ---------------------------- [ Antivirus_WMI ] ---------------------------- Windows Defender (enabled and up to date) Microsoft Defender antivirus is ON. --------------------------- [ FirewallWindows ] --------------------------- Windows Defender Firewall (mpssvc) - The service is running The system firewall is on. These applications need your attention & follow-up to insure they get updated to latest publisher release version. AMD Software v.22.6.1 Warning! Download Update Microsoft 365 - en-us v.16.0.17029.20068 [+] Microsoft SQL Server 2008 Setup Support Files v.10.3.5500.0 Warning! This software is no longer supported. Oracle VM VirtualBox 6.1.26 v.6.1.26 Warning! Download Update Microsoft SQL Server 2012 Native Client v.11.2.5643.3 Warning! This software is no longer supported. Microsoft Office Professional Plus 2010 v.14.0.7015.1000 Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice TrueCrypt v.7.1a Warning! This software is no longer supported. Please use VeraCrypt. Microsoft SQL Server 2005 Compact Edition [ENU] v.3.1.0000 Warning! This software is no longer supported. Backup and Sync from Google v.3.57.4256.0809 Warning! This software is no longer supported. Please use Google Drive. 7-Zip 19.00 (x64) v.19.00 Warning! Download Update Uninstall old version and install new one. TreeSize Free V2.4 v.2.4 Warning! Download Update IrfanView 64 (remove only) v.4.42 Warning! Download Update Microsoft Teams v.1.3.00.4461 Warning! Download Update Zoom v.5.9.3 (3169) Warning! Download Update Skype™ 7.6 v.7.6.103 Warning! Download Update Java 8 Update 73 v.8.0.730.2 Warning! Download Update Uninstall old version and install new one (jre-8u391-windows-i586.exe). Audacity 3.2.5 v.3.2.5 Warning! Download Update VLC media player v.2.2.4 Warning! Download Update Audacity 2.1.2 v.2.1.2 Warning! Download Update QuickTime v.7.1.3.100 Warning! This software is no longer supported. Please uninstall it and use another software. Windows Live Essentials v.16.4.3528.0331 Warning! This software is no longer supported. IS way way obsolete. UNINSTALL this Microsoft has officially discontinued support for Windows Live Essentials, and as a result, the applications included in the suite may no longer receive updates or security patches. This lack of support could potentially leave your system vulnerable to security threats and compatibility issues. Bonjour v.3.1.0.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Your pc does not need it. Wondershare Helper Compact 2.6.0 v.2.6.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems. Important note: While this Windows 10, as of 13th Dec 2023, does have the latest OS update, Build 19045.3803. That is good. It is a fact that this Windows had no Windows Updates in the period 06/18/2023 to 12/10/2023. As to the iPad and the printer sharing, I would refer you to the General PC help forum area You may want to also check the Mac ( iPad) area at Bleepingcomputer forum this link For printers https://www.bleepingcomputer.com/forums/f/138/external-hardware/ On networking https://www.bleepingcomputer.com/forums/f/21/networking/ The sole port reported as blocked by firewall rule, from your latest reports, is 9034 . Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 19, 2023 ID:1606051 Share Posted December 19, 2023 Hello. Your system is good-to-go. This here is to cleanup the tools I had you use. 👌💢 Temporarily disable Microsoft SmartScreen to download the next software below Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_2-15.exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. Delete mb-support-1.9.5.199.exe Delete mbst-grab-results.zip on the Desktop. Your system is good-to-go. Sincerely. Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 19, 2023 ID:1606052 Share Posted December 19, 2023 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts