Torama Posted September 18 ID:1661816 Share Posted September 18 Hello i recently tried malwerbytes and i noticed that i always have this pop up who said a website is blocked called xmrig.moneroocean.stream, how can i fix it ? thank you Link to post Share on other sites More sharing options...
Porthos Posted September 18 ID:1661825 Share Posted September 18 @Torama lthough I will not be directly assisting you, a malware removal expert will be along to assist after you do the following. Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware. Please respond to all future instructions from your helper in a timely manner. Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process Then follow each step in the order provided. Unless otherwise asked, please attach all logs Please make the following system changes: Please pay close attention the the instructions in all of the following links. If you have not done so already - Enable System Protection and create a NEW System Restore Point <<<<< Important. Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed Disable-Fast-Startup Windows 8 and newer only <<<<< Important. Show-Hidden-Folders-Files-Extensions Please run the following scans: Please pay close attention the the instructions in all of the following links. Click the following link and run a Scan with AdwCleaner Click the following link and run a Scan with Malwarebytes RESTART the computer <<<<< Important. Click the following link and run a Scan with Farbar Recovery Scan Tool Example image of where to click to attach files when posting your reply Then be patient for the next expert to take your case. <<<<< Important. Thank you Link to post Share on other sites More sharing options...
Torama Posted September 18 Author ID:1661828 Share Posted September 18 FRST.txtAddition.txtMalwarebytes Compte-rendu d’analyse 2024-09-18 232234.txtAdwCleaner[S02].txt and i noticed that i have two weird thing here in my task manager in the application at start up i dont know if its normal ? I put the screen of it too with de logs thank you Link to post Share on other sites More sharing options...
Torama Posted September 18 Author ID:1661830 Share Posted September 18 To complete the twi thing i have on my task manager is "8" and "d7f48a51-07a7-4bbc-afeb-6990e9171063 D7f48a51-07a7-4bbc-afeb-6990e9171063" as start up application when i want to see the properties its says windows can find those things Malwarebytes Compte-rendu d’analyse 2024-09-18 232234.txt Addition.txt FRST.txt AdwCleaner[S02].txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 19 Root Admin ID:1661844 Share Posted September 19 Run the following @Torama Show-Hidden-Folders-Files-Extensions Then run the following Disable-Fast-Startup Next, As your language is French, please follow the directions to rename the Farbar program OLD NAME: C:\Users\Julien\Desktop\FRST64.exe NEW NAME: C:\Users\Julien\Desktop\FRSTEnglish.exe Then run the Farbar scan as shown and get me NEW fresh logs Scan with Farbar Recovery Scan Tool https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/ Link to post Share on other sites More sharing options...
Torama Posted September 19 Author ID:1661939 Share Posted September 19 Oh yes im sorry here the new logs in english FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 19 Root Admin ID:1662049 Share Posted September 19 Thank you for the logs @Torama The logs indicate this computer is being used to download and run pirated software by someone. In order to best assist you, please uninstall or otherwise remove all cracked, pirated software. Piracy Guidelines Malwarebytes does not condone nor support piracy in any shape or form. Any discussion topics that ask for help with pirating software, circumventing copy protection, or any other illegal activities related to copy righted content in any form will be closed and locked. If you feel this is ever done in error, please report the post or PM an Administrator. As a reminder, using pirated software or utilities that allows one to pirate software (e.g. cracks, key generators, registration/license removal, redirection, or workaround utilities, etc.) is not a safe practice and can lead to malware infection, ransomware attack, or even legal action. Because of these risks, we always recommend that you remove any pirated software or pirating utilities before asking for support on our forums in order to improve our ability to best support you and to help protect yourself and your data from malware or other piracy related consequences. https://forums.malwarebytes.com/terms/ Please follow the steps below [ 1 ] Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following Bonjour (this program is rarely needed on Windows but often causes networking issues) Java 8 Update 401 (64-bit) (this is an old version, if needed please always keep Java up to date and remove old versions) Error: (09/19/2024 12:36:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname Julien.local already in use; will try Julien-2.local instead Error: (09/19/2024 12:36:12 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Julien.local. Addr 192.168.1.109 [ 2 ] Your DNS Servers: 192.168.1.254 Please consider changing your default DNS server settings. Please choose one provider only DNS is what lets users connect to websites using domain names instead of IP addresses Pick just one of these 5 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6 Quad 9 Public DNS IPv4 9.9.9.9 and 149.112.112.112 IPv6 2620:fe::fe and 2620:fe::9 (one of the best for most users) Google Public DNS: IPv4 8.8.8.8 and 8.8.4.4 IPv6 2001:4860:4860::8888 and 2001:4860:4860::8844 Cloudflare: IPv4 1.1.1.1 and 1.0.0.1 IPv6 2606:4700:4700::1111 and 2606:4700:4700::1001 OpenDNS: IPv4 208.67.222.222 and 208.67.220.220 IPv6 2620:119:35::35 and 2620:119:53::53 DNSWATCH: IPv4 84.200.69.80 and 84.200.70.40 IPv6 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b The Ultimate Guide to Changing Your DNS Server https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/ Here is a YouTube video on Changing DNS settings if needed [ 3 ] Please make the following change in Malwarebytes if you're using the Premium or Trial version Please open Malwarebytes. Click on the small gear icon to open the Settings and go to the General tab. Then turn off "Always register Malwarebytes in the Windows Security Center" Restart the computer [ 4 ] I would recommend removal of the following software Driver Booster 11 If a driver does need updating, please visit the manufacturer website for updates. [ 5 ] I would recommend that you consider using another Web browser. The Opera browser used to be a great alternative browser but today it does not care about your privacy. Using Firefox or Brave would be a much better, safer option, but the choice is yours. [ 6 ] Please run the following fix NOTE: Please read all of the information below before running this fix. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program: FRSTEnglish.exe Save the attached file: FIXLIST.TXT to this folder C:\Users\Julien\Downloads\ NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. Run the Farbar program with Admin rights and press the Fix button just once and wait. The fix may possibly take up to 60 minutes to complete If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply. NOTE: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks Link to post Share on other sites More sharing options...
Torama Posted September 19 Author ID:1662073 Share Posted September 19 Here the fixlog i tried to do the dns thing but i dont know if i did it correctly, thank you for helped me to mix my computer Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 20 Root Admin ID:1662228 Share Posted September 20 Overall the fix ran well @Torama Please run the following AV scan Lets try another scanner: ESET Online Scanner Please run the following and perform a Full Scan Click the following link to save the installer for ESET Online Scanner https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe It will start a download of "esetonlinescanner.exe" Save the file to your system, such as the Downloads folder, or else to the Desktop. Go to the saved file, and double click it to get started. When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue When prompted for scan type, Click on the Full Scan button Enable ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click the Start scan button. Have patience. The entire process may take a few hours or more. When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”. Click The blue “Save scan log” to save the log and give it a name and location you remember. If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files” ( in blue, at the bottom). Press Continue when all done. You should click to turn off the offer for “periodic scanning”. Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program. Note: If you do need to do a File Restore from ESET please follow the directions below [KB2915] Restore files quarantined by the ESET Online Scanner version 3 https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner Please attach the ESET scan log you saved at the end to your next reply Link to post Share on other sites More sharing options...
Torama Posted September 20 Author ID:1662316 Share Posted September 20 Thank you here the scan texte file SCAN.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 20 Root Admin ID:1662324 Share Posted September 20 Thank you for the log. The ESET scanner found a few threats and removed. @Torama Please RESTART the computer and then run the following to get me NEW fresh logs Scan with Farbar Recovery Scan Tool https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/ Scan with FSS Farbar Service Scanner https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/ Scan with SecurityCheck by glax24 https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/ Link to post Share on other sites More sharing options...
Torama Posted September 20 Author ID:1662334 Share Posted September 20 FSS.txtAddition.txtFRST.txtSecurityCheck.txt Thank you again for your help here the new logs Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 21 Root Admin ID:1662346 Share Posted September 21 Overall the logs look pretty good @Torama Please Uninstall, Update, or otherwise address the following as appropriate for your computer Audacity 3.4.2 v.3.4.2 Warning! Download Update Discord v.1.0.9034 Warning! Download Update iTunes v.12.13.2.3 Warning! Download Update | ^Please use Apple Software Update tool.^ Microsoft Silverlight v.5.1.50918.0 Warning! This software is no longer supported. Opera GX Stable 112.0.5197.115 v.112.0.5197.115 Warning! Download Update VLC media player v.3.0.20 Warning! Download Update Then RESTART the computer and check for Windows Updates and install any found How is the computer running now? Are there still any signs of infection or any other unresolved issues? Link to post Share on other sites More sharing options...
Torama Posted September 21 Author ID:1662360 Share Posted September 21 Thank you for all i dont have any issues now ! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 21 Root Admin ID:1662367 Share Posted September 21 Excellent, glad to hear all is well again. I'll go ahead and close your topic now and wish you well. Please follow the directions below to remove the logs and tools we've used. If any are still left after that you can manually uninstall or delete them. Take care and stay safe out there. Try to follow as much of the advise below as you can as well. Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. You can close it. We're glad that we were able to assist you. The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal Link to post Share on other sites More sharing options...
Recommended Posts