Jump to content

Recommended Posts

Hello,

I appear to have something malicious running on our PC.  The proxy settings keep enabling after about 5-10 minutes and I have tracked it down the a powershell process.  If I close it down, I can disable the proxy and internet works OK.  The process will come back, though.  I've attached the FRST logs here.  Thanks for all your time!

Addition.txt FRST.txt

Link to post
Share on other sites

Welcome smile.png
 
I'll be helping you with your computer.
 
Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.
 
Please take note of the guidelines for this fix:

  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. smile.png

Let's begin... 

This Fix will empty the following folders:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns, please ask before running this fix.

The system will be rebooted after the fix has run.

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Sophos Scan & Clean

Download Sophos Free Virus Removal Tool and save it to your desktop.

  • If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....
  • Please close all other open applications and Do Not use your PC whilst the scan is in progress... This scan is very thorough so it may take several hours to complete, please be patient...

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

  • Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

 

Attach the results in your next reply

  • Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

 

If no threats were found please confirm that result...

  • The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

 

Saved logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs 

Please attach that log on your next reply

Thank you

Link to post
Share on other sites

Thanks for the response!  I did as you asked.  The FRST seemed to run but explorer hung and after a few hours we had to just restart the computer but it does look like it created a log file.  We ran the sophos tool as well and we are attaching them here.  Since the reboot, we have not noticed the proxy turn back on yet.  Thanks for your time!

Fixlog.txt SophosScanAndClean_20240306_1119.log

Link to post
Share on other sites

Windows Resource Protection found corrupt files and successfully repaired them. Powershell entries were also removed.
 

Sophos detection is part of RogueKiller, which is installed in your computer. The fix was almost finished.

  • Download the enclosed file  Fixlist.txt
  • Save it in the same location FRST64.exe is saved
  • Start FRST (FRST64) with Administrator privileges 
  • This time around Press the Fix button and wait
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please attach this file in your next reply.

Let me know the current condition of the computer afterwards.

Link to post
Share on other sites

Congratulations.

Use this application to remove tools used and their quarantined items:
 
Please download KpRm by Kernel-panik and save to your Desktop.

  • Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

  • Put a check mark next to these items:

- Delete tools

- Create Restore Point

- Delete now

  • Click the "Run" button.

automatic.png

  • When the tool has finished, it will create and open a log report and delete itself.

A few final recommendations:
 
The following information will help you to keep your computer and data safer as well as improve your overall privacy

Malwarebytes Browser Guard

uBlock Origin

Cybersecurity basics & protection
 
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity
 
Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/
 
Please review the following to help you better protect your computer and privacy
 
Tips to help protect from infection
 
Hopefully, we've been able to assist you with correcting your system issues.
 
Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.