stumpymattycat Posted April 7 ID:1628409 Share Posted April 7 I was on my pc when I saw windows defender had found a threat. What I saw is in the image below. Before I could do something, it reverted to normal. I booted up safe mode and ran a scan on malwarebytes. Nothing. Windows security came up like the second picture, and when I eventually got up the scanning section using the search bar, no progress was made at all. I am using my phone for this at the moment, as you can tell from the photos. Link to post Share on other sites More sharing options...
MKDB Posted April 7 ID:1628417 Share Posted April 7 Hello @stumpymattycat and My name is MKDB and I will assist you. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure. Please download the Malwarebytes Support Tool (MBST). Run MBST and accept license agreement. In the left navigation pane of MBST, click Advanced. In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine. A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply. Link to post Share on other sites More sharing options...
stumpymattycat Posted April 7 Author ID:1628419 Share Posted April 7 2 things. A: I do not know how to back up my stuff without it being connected. B: Shall it be in safe mode, or normal mode? Link to post Share on other sites More sharing options...
stumpymattycat Posted April 7 Author ID:1628420 Share Posted April 7 I have turned off my pc while I wait for a reply, so, if possible, try give step by step instructions. It was in safe mode prior to me turning it off. Link to post Share on other sites More sharing options...
Porthos Posted April 7 ID:1628426 Share Posted April 7 35 minutes ago, stumpymattycat said: A: I do not know how to back up my stuff without it being connected. This means plugging in an external and backing your data up then unplugging the drive. 37 minutes ago, stumpymattycat said: B: Shall it be in safe mode, or normal mode? You should do everything in regular mode unless otherwise instructed. 1 Link to post Share on other sites More sharing options...
stumpymattycat Posted April 7 Author ID:1628427 Share Posted April 7 I have the file. Keep in mind the last malwarebytes scan I did was in safe mode, and the one before was 3 weeks ago. I was on holiday. mbst-grab-results.zip 1 Link to post Share on other sites More sharing options...
Porthos Posted April 7 ID:1628428 Share Posted April 7 @stumpymattycat Something either blocked the download of FRST (part of the support tool) or you may have some type of issue with your networking setup. Please manually download and run the tool Please download Farbar Recovery Scan Tool and save it to your desktop. Please rename FRST.EXE or FRST64.EXE to FRSTEnglish.exe Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you 1 Link to post Share on other sites More sharing options...
stumpymattycat Posted April 7 Author ID:1628429 Share Posted April 7 I have turned off my pc for now. I am in not too long going to sleep. I shall do it at approximately 5pm BST. I will say that upon installation of malwarebytes support tool, I did see the file appear in downloads. Link to post Share on other sites More sharing options...
MKDB Posted April 7 ID:1628433 Share Posted April 7 (edited) @stumpymattycat Please follow the instructions given by @Porthos here when you have time for it. Regarding FRST, which you have already noticed in your download folder... you can just rename the tool as written by Porthos, and run it again. Usually, there is no need to download it again. Please note: Due to different time zones, it may take some hours until you will get an answer from me. Edited April 7 by MKDB Link to post Share on other sites More sharing options...
stumpymattycat Posted April 7 Author ID:1628434 Share Posted April 7 It appears you have both misunderstood. It was FRSTEnglish, not just FRST. Also, just for reference, 5pm is around the same time I originally posted. I posted at 4:30. 1 Link to post Share on other sites More sharing options...
MKDB Posted April 8 ID:1628558 Share Posted April 8 @stumpymattycat Thanks for your explanations. Run FRSTEnglish again as suggested. The logfile was incomplete. Take care! Link to post Share on other sites More sharing options...
stumpymattycat Posted April 8 Author ID:1628559 Share Posted April 8 I'm sorry, my day has been quite a stressful one. I don't want to be dealing with this today for now. Perhaps tommorow or Wednesday I will. Link to post Share on other sites More sharing options...
MKDB Posted April 8 ID:1628564 Share Posted April 8 @stumpymattycat Thanks for keeping me updated. Get in touch as soon as it suits you. Link to post Share on other sites More sharing options...
stumpymattycat Posted April 8 Author ID:1628566 Share Posted April 8 Just so I'm 100% sure for when I do do it, do I run it through malwarebytes support like last time, or just directly. Link to post Share on other sites More sharing options...
Porthos Posted April 8 ID:1628567 Share Posted April 8 3 minutes ago, stumpymattycat said: or just directly. Directly. Link to post Share on other sites More sharing options...
stumpymattycat Posted April 9 Author ID:1628747 Share Posted April 9 I've not got the time today, as I have an event to attend. Wednesday I'll do it. Thursday I'll be busy as well. Link to post Share on other sites More sharing options...
MKDB Posted April 9 ID:1628776 Share Posted April 9 @stumpymattycat Thanks for letting us know. Link to post Share on other sites More sharing options...
stumpymattycat Posted April 10 Author ID:1629049 Share Posted April 10 Should it say this? Link to post Share on other sites More sharing options...
Porthos Posted April 10 ID:1629053 Share Posted April 10 8 minutes ago, stumpymattycat said: Should it say this? Yes. Pleas click ye to allow it to run. Link to post Share on other sites More sharing options...
stumpymattycat Posted April 10 Author ID:1629055 Share Posted April 10 Also, I should also say some things in task manager have duplicated themselves. Like, for example, svchost.exe. Just look. Link to post Share on other sites More sharing options...
stumpymattycat Posted April 10 Author ID:1629056 Share Posted April 10 Done it now btw. Do I go to support again, or are there other instructions I should do instead. Link to post Share on other sites More sharing options...
Porthos Posted April 10 ID:1629058 Share Posted April 10 Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you Link to post Share on other sites More sharing options...
stumpymattycat Posted April 10 Author ID:1629063 Share Posted April 10 So far, this bit has been taking the longest. It also says (0) shortcuts for whatever reason. Is this normal? Link to post Share on other sites More sharing options...
stumpymattycat Posted April 10 Author ID:1629065 Share Posted April 10 Here it is. Ok so on double checking, it mentions MegaHackInstaller.zip and WinRar. MegaHack is a relatively well known geometry dash mod menu, and is widely used throughout the community. Thought it was safe. Doing any research tells you that. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
stumpymattycat Posted April 10 Author ID:1629068 Share Posted April 10 WinRar I don't think I need to introduce. Link to post Share on other sites More sharing options...
Recommended Posts