-Swigs- Posted March 6 ID:1621508 Share Posted March 6 Hello! Just this evening Malwarebytes detected two unwanted programs or malware files, and I went ahead and quarantined them. I have not deleted them yet, they remain in MWB quarantine. What steps should I take now to further scan and protect my system, and is there any way of knowing if any harm has been done? Also - Do you have any idea how these programs made it onto my computer in the first place? I have not downloaded anything which would have warranted these new files being on my system. Please advise, and thank you in advance!! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 6 Root Admin ID:1621512 Share Posted March 6 Hello @-Swigs- Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process Then follow each step in the order provided. Unless otherwise asked, please attach all logs Please make the following system changes: If you have not done so already - Enable System Protection and create a NEW System Restore Point Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions Please run the following scans: Click the following link and run a Scan with AdwCleaner Click the following link and run a Scan with Malwarebytes RESTART the computer Click the following link and run a Scan with Farbar Recovery Scan Tool Example image of where to click to attach files when posting your reply Thank you Link to post Share on other sites More sharing options...
-Swigs- Posted March 6 Author ID:1621515 Share Posted March 6 Hi @AdvancedSetup and thank you for your assistance! Please find attached the requested logs. I am including two Malwarebytes logs; one which indicated the two detected malware items, and the second after the two items were quarantined with MWB, with no further detections. Adwcleaner did not detect anything, so no log. Please let me know further steps, and whether any harm was done from those two detections? Thanks again! MWB Scan 3.5.24 10.12PM - 2 DETECTIONS.txt MWB Scan 3.5.24 11.16PM - After Quarantine - No Detections.txt FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 6 Root Admin ID:1621603 Share Posted March 6 The one file looks to be SecurityCheck. I've submitted to our Research team to check and remove the detection as it looks like a False Positive Please run the following @-Swigs- The canned message may be a little out of date but you should hopefully be able to figure it out and post back the log. Sophos Scan & Clean Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please close all other open applications and Do Not use your PC whilst the scan is in progress... This scan is very thorough so it may take several hours to complete, please be patient... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Attach the results in your next reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Please attach that log on your next reply Thank you Link to post Share on other sites More sharing options...
-Swigs- Posted March 6 Author ID:1621621 Share Posted March 6 Hi @AdvancedSetup, Please find attached the Sophos log; It didn't find any threats, just a few cookies. I am glad to hear that the one file (security check) seems to be a false positive. Any idea on the other file - what it might be and if it may have done any harm? Also - Those two files are still in MWB quarantine. Please advise what to do with them, or any next steps I should take. Thank you again so much!! It is critical that I keep my systems clean and safe - you guys rock! Sophos Log 3.6.24 12.22PM.log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 6 Root Admin ID:1621626 Share Posted March 6 I'm not sure what the other file is. It's in the Trash so I would just go ahead and empty the Recycle Bin Are there any other signs of infection or any other unresolved issues at this time? Link to post Share on other sites More sharing options...
-Swigs- Posted March 6 Author ID:1621629 Share Posted March 6 No signs of infection other than the 2 MWB detections prompting this thread, which were quarantined and now deleted. If you think I am good to go and no further steps you would recommend, I can mark this as solved. Let me know, thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 6 Root Admin ID:1621640 Share Posted March 6 Let's go ahead and run one more AV scanner just to be sure. Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply Link to post Share on other sites More sharing options...
-Swigs- Posted March 7 Author ID:1621698 Share Posted March 7 Hi @AdvancedSetup - I am not comfortable with the terms on the Dr.Web scanner, I will skip this step. Given the steps and scans already taken, in your opinion do you think I am in the clear, or should further action be taken? (Besides the Dr.Web scanner) Thanks again. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 7 Root Admin ID:1621779 Share Posted March 7 I believe the computer is probably safe but I'd still recommend another AV scan to make sure. Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process [ 1 ] Please make the following system changes. Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed. Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions [ 2 ] I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on the Scan Options & select the FULL scan. Then start the scan. Have lots of patience. It may take several hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on the screen display. The only things that count are the End result at the end of the run. The scan will take several hours. Leave it alone. It will remove any other remaining threats as it goes along. Take a very long break, do your normal personal errands .....just do not use the computer during this scan. This is likely to run for many hours as previously mentioned ( depending on the number of files on your machine & the speed of the hardware.) The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log Please attach that log with your next reply. It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not. Then it writes into the log on your computer what it found. Thank you Link to post Share on other sites More sharing options...
-Swigs- Posted March 7 Author ID:1621824 Share Posted March 7 Hi @AdvancedSetup - please see attached the MSERT log, showing no detections found. There were 2 detections while the scan was running, but the result is all clear. Please advise, thanks again! msert.log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 7 Root Admin ID:1621829 Share Posted March 7 Great, no issues found. Let's check for any out of date software Please run the following Scan with SecurityCheck by glax24 https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/ Link to post Share on other sites More sharing options...
-Swigs- Posted March 7 Author ID:1621875 Share Posted March 7 Here is the security check - looks like I need to update a couple programs, I will get on that! Please advise. SecurityCheck.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 7 Root Admin ID:1621877 Share Posted March 7 Correct, please uninstall, update, or otherwise address the following as appropriate for your system. Adobe Flash Player 17 NPAPI v.17.0.0.134 Warning! This software is no longer supported. Please uninstall it. Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 v.14.32.31326.0 Warning! Download Update Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 v.14.32.31326.0 Warning! Download Update NVIDIA GeForce Experience 3.5.0.70 v.3.5.0.70 Warning! Download Update Spotify v.1.1.99.878.g1e4ccc6e Warning! Download Update Then RESTART the computer and check for Windows Updates and install any found. Let me know if there are still any signs of infection or any other unresolved issues Thanks Link to post Share on other sites More sharing options...
-Swigs- Posted March 8 Author ID:1621919 Share Posted March 8 All done! I re-ran the Security Check program, and everything is now up to date. Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted March 8 Root Admin Solution ID:1621953 Share Posted March 8 Great, that sounds good. Are there any other signs of infection or any other unresolved issues? Link to post Share on other sites More sharing options...
-Swigs- Posted March 8 Author ID:1622027 Share Posted March 8 No more issues, thank you so much for all of your help @AdvancedSetup! Marked as solved, take care! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 8 Root Admin ID:1622104 Share Posted March 8 Let's go ahead and do some clean-up work and remove the tools and logs we've run. @-Swigs- Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. Please attach that file to your next reply. (not compulsory) We're glad that we were able to assist you. The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal Link to post Share on other sites More sharing options...
Recommended Posts