Jump to content

Malware Detected & Quarantined - What steps to take now?


Go to solution Solved by AdvancedSetup,

Recommended Posts

Hello!

Just this evening Malwarebytes detected two unwanted programs or malware files, and I went ahead and quarantined them. I have not deleted them yet, they remain in MWB quarantine.

What steps should I take now to further scan and protect my system, and is there any way of knowing if any harm has been done? Also - Do you have any idea how these programs made it onto my computer in the first place? I have not downloaded anything which would have warranted these new files being on my system.

Please advise, and thank you in advance!!

Link to post
Share on other sites

  • Root Admin

Hello @-Swigs-

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes 
       RESTART the computer
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
     

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

Link to post
Share on other sites

Hi @AdvancedSetup and thank you for your assistance!

Please find attached the requested logs. I am including two Malwarebytes logs; one which indicated the two detected malware items, and the second after the two items were quarantined with MWB, with no further detections. Adwcleaner did not detect anything, so no log.

Please let me know further steps, and whether any harm was done from those two detections? 

Thanks again!

MWB Scan 3.5.24 10.12PM - 2 DETECTIONS.txt MWB Scan 3.5.24 11.16PM - After Quarantine - No Detections.txt FRST.txt Addition.txt

Link to post
Share on other sites

  • Root Admin

The one file looks to be SecurityCheck. I've submitted to our Research team to check and remove the detection as it looks like a False Positive

Please run the following @-Swigs-

 

The canned message may be a little out of date but you should hopefully be able to figure it out and post back the log.

 

 

Sophos Scan & Clean

Download Sophos Free Virus Removal Tool and save it to your desktop.

  • If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
  • Please close all other open applications and Do Not use your PC whilst the scan is in progress... This scan is very thorough so it may take several hours to complete, please be patient...

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

  • Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

 

Attach the results in your next reply

  • Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

 

If no threats were found please confirm that result...

  • The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

 

Saved logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs 

Please attach that log on your next reply

Thank you

 

Link to post
Share on other sites

Hi @AdvancedSetup,

Please find attached the Sophos log; It didn't find any threats, just a few cookies. I am glad to hear that the one file (security check) seems to be a false positive. Any idea on the other file - what it might be and if it may have done any harm?

Also - Those two files are still in MWB quarantine. Please advise what to do with them, or any next steps I should take.

Thank you again so much!! It is critical that I keep my systems clean and safe - you guys rock!

Sophos Log 3.6.24 12.22PM.log

Link to post
Share on other sites

No signs of infection other than the 2 MWB detections prompting this thread, which were quarantined and now deleted.

If you think I am good to go and no further steps you would recommend, I can mark this as solved.

Let me know, thanks!

Link to post
Share on other sites

  • Root Admin

Let's go ahead and run one more AV scanner just to be sure.

 

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

 

 

 

Link to post
Share on other sites

Hi @AdvancedSetup - I am not comfortable with the terms on the Dr.Web scanner, I will skip this step.

Given the steps and scans already taken, in your opinion do you think I am in the clear, or should further action be taken? (Besides the Dr.Web scanner) Thanks again.

 

Link to post
Share on other sites

  • Root Admin

I believe the computer is probably safe but I'd still recommend another AV scan to make sure.

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

[ 1 ]

Please make the following system changes.

  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed.
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

[ 2 ]

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run.
  • The scan will take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware.)

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found.

 

Thank you

Link to post
Share on other sites

  • Root Admin

Correct, please uninstall, update, or otherwise address the following as appropriate for your system.

 

  • Adobe Flash Player 17 NPAPI v.17.0.0.134 Warning! This software is no longer supported. Please uninstall it.
  • Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 v.14.32.31326.0 Warning! Download Update
  • Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 v.14.32.31326.0 Warning! Download Update
  • NVIDIA GeForce Experience 3.5.0.70 v.3.5.0.70 Warning! Download Update
  • Spotify v.1.1.99.878.g1e4ccc6e Warning! Download Update

 

 

Then RESTART the computer and check for Windows Updates and install any found.

 

Let me know if there are still any signs of infection or any other unresolved issues

 

Thanks

 

Link to post
Share on other sites

  • Root Admin

Let's go ahead and do some clean-up work and remove the tools and logs we've run. @-Swigs-

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please attach that file to your next reply. (not compulsory)

We're glad that we were able to assist you.

The following information will help you to keep your computer and data safer as well as improve your overall privacy

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/780233/best-password-manager/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download     https://patchmypc.com/about-us
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity

 

Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.