Jump to content

Bimq.co pops up before searching something, managed by organization

zygar
 Share
Go to solution Solved by AdvancedSetup,

Recommended Posts

zygar

zygar

Posted
Posted

Hello! I have a problem with a browser hijacker according to reddit posts called "bimq.co", i have tried many options (chronological order) like malwarebytes scan, windows self scan, removing ALL extensions, removing policies in reg edit (which works for a while) but they just keep coming back. cmd prompts, checking control panel for suspicious software, norton power eraser malwarebytes ADW, windows self scan

The removing policies works for like 10 minutes and them comes back with the bimq.co searching problem  but it still says that an organization is keeping me from changing certain settings like this image.png.7e948a4c9436c81315e9136a91d20403.png

 

 

 

 

 

Link to post
Share on other sites
  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Porthos

Porthos

Posted
Posted

@zygar

Although I will not be directly assisting you, a malware removal expert will be along to assist after you do the following.

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes: Please pay close attention the the instructions in all of the following links.

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point  <<<<< Important.
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup <<<<< Important.
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans: Please pay close attention the the instructions in all of the following links.

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes
       RESTART the computer <<<<< Important.
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

Then be patient for the next expert to take your case. <<<<< Important.

 

Thank you

Link to post
Share on other sites
zygar

zygar

Posted
  • Author
Posted
33 minutes ago, Porthos said:

@zygar

Although I will not be directly assisting you, a malware removal expert will be along to assist after you do the following.

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes: Please pay close attention the the instructions in all of the following links.

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point  <<<<< Important.
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup <<<<< Important.
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans: Please pay close attention the the instructions in all of the following links.

  1. Click the following link and run a  Scan with AdwCleaner
  2. Click the following link and run a  Scan with Malwarebytes
       RESTART the computer <<<<< Important.
  3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

Then be patient for the next expert to take your case. <<<<< Important.

 

Thank you

sorry that its taking so long, i ran into some issues. First of all my settings wont open? It just opens and closes immediately, i can only open the security settings by typing “security” and opening that in the search, and i noticed that some of the settings there are disabled like manipulation security it says “This settings is being managed by the systemmanager” (i translated from dutch to english it might not be accurate) 

 

I also used the ADW cleaner, nothing came up and im now doing the malwarebytes scan. So, sorry if its taking long 

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
34 minutes ago, zygar said:

I also used the ADW cleaner, nothing came up and im now doing the malwarebytes scan. So, sorry if its taking long 

Go straight to the FRST step. Post the log from your ADWcleaner scan and the last scan from Malwarebytes.

Details for each one are in the links provided in the first post.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello @zygar

Please run the following AV scan

 

 

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool 

https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe

How to run a scan with Kaspersky Virus Removal Tool 2020
https://support.kaspersky.com/15674

How to run Kaspersky Virus Removal Tool 2020 in the advanced mode
https://support.kaspersky.com/15680

How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan
https://support.kaspersky.com/15681

 


Select the  image.png  Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

image.png

add -dontencrypt   Note the space between KVRT.exe and -dontencrypt

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.
 
image.png


That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr
Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply.

To start the scan select OK in the "Run" box.

A EULA window will open, tick all confirmation boxes then select "Accept"

image.png

In the new window select "Change Parameters"

image.png

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

image.png

Attach the report information as previously instructed...
 
Thank you
 
 

 

 

Link to post
Share on other sites
zygar

zygar

Posted
  • Author
Posted
10 hours ago, AdvancedSetup said:

Hello @zygar

Please run the following AV scan

 

 

Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop.

(Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021)

Download: Kaspersky Virus Removal Tool 

https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe

How to run a scan with Kaspersky Virus Removal Tool 2020
https://support.kaspersky.com/15674

How to run Kaspersky Virus Removal Tool 2020 in the advanced mode
https://support.kaspersky.com/15680

How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan
https://support.kaspersky.com/15681

 


Select the  image.png   Windows Key and R Key together, the "Run" box should open.

user posted image

Drag and Drop KVRT.exe into the Run Box.

user posted image

C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.

image.png

add -dontencrypt   Note the space between KVRT.exe and -dontencrypt

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box.
 
image.png


That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr
Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply.

To start the scan select OK in the "Run" box.

A EULA window will open, tick all confirmation boxes then select "Accept"

image.png

In the new window select "Change Parameters"

image.png

In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...

user posted image

When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"

user posted image

When complete, or if nothing was found select "Close"

image.png

Attach the report information as previously instructed...
 
Thank you
 
 

 

 

@AdvancedSetup
Hello sorry for the late reply i went to sleep because it late and i kept the scanner on overnight since it didnt finish before i went to sleep. And i can't send the reports cause its an KLR file or something?  http://www.mediafire.com/folder/fdz1kqiibiknpo9,qx58xq65j02w6sb/shared i just put it in mediafire 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The scan found and corrected the following.

 

 

<Report>
    <Metadata Version="1" PCID="{5DAEB09F-2621-BCCA-7EAA-D4D70425FE8C}" LastModification="2024.06.12 07:56:36.448" />
    <EventBlocks>
        <Block0 Type="Scan" Processed="4952174" Found="5" Neutralized="6">
            <Event0 Action="Scan" Time="133626103154517257" Object="" Info="Started" />
            <Event1 Action="Detect" Time="133626105336478098" Object="System Memory" Info="HEUR:Trojan.Multi.StartPage.f" />
            <Event2 Action="Detect" Time="133626105452265803" Object="C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\config" Info="Trojan.Script.Agent.pm" />
            <Event3 Action="Detect" Time="133626107877317424" Object="C:\Windows\System32\Tasks\GoogleUpdateDaily" Info="HEUR:Trojan.Multi.GenBadur.genw" />
            <Event4 Action="Detect" Time="133626260012354002" Object="C:\Users\riyos\Downloads\Compressed\Being-a-DIK-PC.zip" Info="HEUR:Trojan.Win32.Gasti.gen" />
            <Event5 Action="Scan" Time="133626295640810019" Object="" Info="Finished" />
            <Event6 Action="Select action" Time="133626447322741808" Object="System Memory" Info="Cure" />
            <Event7 Action="Select action" Time="133626447322741808" Object="C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\config" Info="Delete" />
            <Event8 Action="Select action" Time="133626447322741808" Object="C:\Windows\System32\Tasks\GoogleUpdateDaily" Info="Delete" />
            <Event9 Action="Select action" Time="133626447322741808" Object="C:\Users\riyos\Downloads\Compressed\Being-a-DIK-PC.zip" Info="Delete" />
            <Event10 Action="Disinfection" Time="133626447387125015" Object="" Info="Started" />
            <Event11 Action="Quarantined" Time="133626447454130366" Object="C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\config" Info="" />
            <Event12 Action="Quarantined" Time="133626447464990245" Object="C:\Windows\System32\Tasks\GoogleUpdateDaily" Info="" />
            <Event13 Action="Quarantined" Time="133626447464990245" Object="C:\Users\riyos\Downloads\Compressed\Being-a-DIK-PC.zip" Info="" />
            <Event14 Action="Cured" Time="133626448546761193" Object="System Memory" Info="" />
            <Event15 Action="Cured" Time="133626448577544410" Object="C:\Windows\Setup\Scripts\ErrorHandler.cmd" Info="" />
            <Event16 Action="Deleted" Time="133626449217605274" Object="C:\Windows\Setup\Scripts\ErrorHandler.cmd" Info="" />
            <Event17 Action="Deleted" Time="133626449217917796" Object="C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\config" Info="" />
            <Event18 Action="Delete on reboot" Time="133626449217917796" Object="C:\Windows\System32\Tasks\GoogleUpdateDaily" Info="" />
            <Event19 Action="Deleted" Time="133626449217917796" Object="C:\Users\riyos\Downloads\Compressed\Being-a-DIK-PC.zip" Info="" />
            <Event20 Action="Disinfection" Time="133626449220417834" Object="" Info="Finished" />
        </Block0>
        <Block1 Type="Scan AD" Processed="4893" Found="0" Neutralized="0">
            <Event0 Action="Scan AD" Time="133626449223230517" Object="" Info="Started" />
            <Event1 Action="Scan AD" Time="133626453860412363" Object="" Info="Finished" />
        </Block1>
    </EventBlocks>
</Report>

 

 

Please go ahead and run this other AV scanner @zygar

 

 

 

 

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

 

 

 

Link to post
Share on other sites
zygar

zygar

Posted
  • Author
Posted
7 hours ago, AdvancedSetup said:

The scan found and corrected the following.

 

 

<Report>
    <Metadata Version="1" PCID="{5DAEB09F-2621-BCCA-7EAA-D4D70425FE8C}" LastModification="2024.06.12 07:56:36.448" />
    <EventBlocks>
        <Block0 Type="Scan" Processed="4952174" Found="5" Neutralized="6">
            <Event0 Action="Scan" Time="133626103154517257" Object="" Info="Started" />
            <Event1 Action="Detect" Time="133626105336478098" Object="System Memory" Info="HEUR:Trojan.Multi.StartPage.f" />
            <Event2 Action="Detect" Time="133626105452265803" Object="C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\config" Info="Trojan.Script.Agent.pm" />
            <Event3 Action="Detect" Time="133626107877317424" Object="C:\Windows\System32\Tasks\GoogleUpdateDaily" Info="HEUR:Trojan.Multi.GenBadur.genw" />
            <Event4 Action="Detect" Time="133626260012354002" Object="C:\Users\riyos\Downloads\Compressed\Being-a-DIK-PC.zip" Info="HEUR:Trojan.Win32.Gasti.gen" />
            <Event5 Action="Scan" Time="133626295640810019" Object="" Info="Finished" />
            <Event6 Action="Select action" Time="133626447322741808" Object="System Memory" Info="Cure" />
            <Event7 Action="Select action" Time="133626447322741808" Object="C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\config" Info="Delete" />
            <Event8 Action="Select action" Time="133626447322741808" Object="C:\Windows\System32\Tasks\GoogleUpdateDaily" Info="Delete" />
            <Event9 Action="Select action" Time="133626447322741808" Object="C:\Users\riyos\Downloads\Compressed\Being-a-DIK-PC.zip" Info="Delete" />
            <Event10 Action="Disinfection" Time="133626447387125015" Object="" Info="Started" />
            <Event11 Action="Quarantined" Time="133626447454130366" Object="C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\config" Info="" />
            <Event12 Action="Quarantined" Time="133626447464990245" Object="C:\Windows\System32\Tasks\GoogleUpdateDaily" Info="" />
            <Event13 Action="Quarantined" Time="133626447464990245" Object="C:\Users\riyos\Downloads\Compressed\Being-a-DIK-PC.zip" Info="" />
            <Event14 Action="Cured" Time="133626448546761193" Object="System Memory" Info="" />
            <Event15 Action="Cured" Time="133626448577544410" Object="C:\Windows\Setup\Scripts\ErrorHandler.cmd" Info="" />
            <Event16 Action="Deleted" Time="133626449217605274" Object="C:\Windows\Setup\Scripts\ErrorHandler.cmd" Info="" />
            <Event17 Action="Deleted" Time="133626449217917796" Object="C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\config" Info="" />
            <Event18 Action="Delete on reboot" Time="133626449217917796" Object="C:\Windows\System32\Tasks\GoogleUpdateDaily" Info="" />
            <Event19 Action="Deleted" Time="133626449217917796" Object="C:\Users\riyos\Downloads\Compressed\Being-a-DIK-PC.zip" Info="" />
            <Event20 Action="Disinfection" Time="133626449220417834" Object="" Info="Finished" />
        </Block0>
        <Block1 Type="Scan AD" Processed="4893" Found="0" Neutralized="0">
            <Event0 Action="Scan AD" Time="133626449223230517" Object="" Info="Started" />
            <Event1 Action="Scan AD" Time="133626453860412363" Object="" Info="Finished" />
        </Block1>
    </EventBlocks>
</Report>

 

 

Please go ahead and run this other AV scanner @zygar

 

 

 

 

Dr.Web CureIt!

Please download the Dr.Web CureIt! anti-virus utility
https://free.drweb.com/

 

You will need to send them an email to obtain a link to download the scanner, please do so

  • The downloaded file will normally have a unique name such as:  q7a9tr4p.exe
  • Close all open applications and locate the downloaded file and double-click to run it
  • The program will take a moment to launch and bring up the License and Update screen
  • Place a check mark to agree to the terms and then click on the Continue button
  • Click the underlined link Select objects for scanning
  • On the top left click the Scanning objects that should automatically check all objects
  • Click the small wrench and make sure there is a check on Automatically apply actions to threats
  • Then click the large button on bottom right Start scanning
  • Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad
  • The log is saved in the folder named Doctor Web in the top of your user profile folders
  • Please attach that log on your next reply

 

 

 

@AdvancedSetup

Update:

So the bimq.co has been gone since yesterday (i am expecting it to come back soon but this is longer than usual), but the organization is still not gone neither in settings or google. And i still cant open settings image.png.3c9a66fb00d46869aeb018d648e6f8ca.png

if i open this it just closes immediately. Is this just an computer issue or is the virus doing that? 

anyways heres the dr cureit web report 

cureit.log

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Thank you for the log. Let me have your RESTART the computer again and get me some updated logs. We'll see if we can do a generic clean up to see if that helps

 

Scan with SecurityCheck by glax24
https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/


Scan with FSS Farbar Service Scanner
https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/


Scan with Farbar Recovery Scan Tool
https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/

 

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Thank  you for the logs. There is a broken service and a few other items to clean up.

 

 

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\riyos\Desktop\farbar\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
                Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites
zygar

zygar

Posted
  • Author
Posted
23 hours ago, AdvancedSetup said:

Thank  you for the logs. There is a broken service and a few other items to clean up.

 

 

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\riyos\Desktop\farbar\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
                Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt 61.2 kB · 1 download

Thanks

 

@AdvancedSetup 

Still have the problem with settings and also windows security that some settings are managed by an organization btw
Fixlog.txt

Link to post
Share on other sites
zygar

zygar

Posted
  • Author
Posted

@AdvancedSetup
Maybe this could give you more information, I just noticed this btw. image.png.f09cca5372b82406993a366d81aab05c.png

It says in english "This file does not have an app associated with it for performing this action. Please install an app or, if one is already installed, create an association in the Default Apps Settings Page."

Link to post
Share on other sites
zygar

zygar

Posted
  • Author
Posted
11 hours ago, AdvancedSetup said:

Please try the following repair process @zygar

How to Do a Repair Install of Windows 10 with an In-place Upgrade
https://www.tenforums.com/tutorials/16397-repair-install-windows-10-place-upgrade.html

 

 

@AdvancedSetup So, i can finally open my settings but some settings are still managed by a system organization 
image.png.1c1bbe8567dce280fdc6351309f3e050.png
image.png.400d8c1dad9926fb7d27b93de187de6b.png

 

Sorry for the late reply, left my pc on overnight again since it took super long 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

What applications is this from ? What does it say in English? @zygar

 

What is the BING about? Is that Google Chrome or Microsoft Edge that you're showing?

 

Please RESTART the computer and get me a new fresh set of logs.

 

Scan with SecurityCheck by glax24
https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/


Scan with FSS Farbar Service Scanner
https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/


Scan with Farbar Recovery Scan Tool
https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/

 

 

 

Link to post
Share on other sites
zygar

zygar

Posted
  • Author
Posted
2 hours ago, AdvancedSetup said:

What applications is this from ? What does it say in English? @zygar

 

What is the BING about? Is that Google Chrome or Microsoft Edge that you're showing?

 

Please RESTART the computer and get me a new fresh set of logs.

 

Scan with SecurityCheck by glax24

 


Scan with FSS Farbar Service Scanner

 


Scan with Farbar Recovery Scan Tool

 

 

 

 

@AdvancedSetup
It says in english in the windows security  "This setting is managed by the system administrator" (note: this is a home pc and i am an administrator account.)

And its google chrome, im trying to show that the icon all the way on the right means that its being managed by an administrator and that it is preventing me from removing bing from my search engine.
image.png.e9d3fb5c071b2790157cb4476065777d.png

Also if i click on details it shows this so i kind of know that the bimq.co issue is the reason for this.
image.png.f43716459ea629214434f3dabca24203.png
(under this text is what i see when i click on details.)
image.png.73dee2e2994397fb862383094d60f7dc.png

Translation: 1. Name 2. Shortcut 3. URL with %s instead of search term


1. After i noticed the bimq.co redirection problem (before i made this forum) since then i cant remove bing from my search engine on chrome because its managed by an administrator (this is an home pc and this is also an administrator account.) 

2. Progress: I dont get redirected to bimq.co anymore before searching something up, but i still cant turn on manipulation protection in settings because its managed by an "system administrator" (i am an administrator and ive never had this problem before the bimq.co issue) 



anyways, here are the logs u asked for

SecurityCheck.txtFSS.txtFRST.txtAddition.txt

Link to post
Share on other sites
zygar

zygar

Posted
  • Author
Posted
1 hour ago, AdvancedSetup said:

Please double-check and remove any policies for Google Chrome

 

Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome

Resetting Google Chrome to clear unexpected issues
 

Thank you

 

@AdvancedSetup
did not work, still have the message in windows security and still have the problem on chrome, i also ran malwarebytes and no detections

Malwarebytes Scanraport 2024-06-14 203034.txt

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.