Jump to content

Recommended Posts

  • Root Admin

Good day @molnaredi95 and :welcome:

Please let us know what kind of an issue you're having or what issues you're seeing?

Then, run the following scans and attach the logs please.

 

 

Let's go ahead and run a few scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:  Please pay close attention the the instructions in all of the following links.

  • If you have not done so already - Enable System Protection and create a NEW System Restore Point
  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

Please run the following scans:  Please pay close attention the the instructions in all of the following links.

 

[ 1 ]
Scan with Malwarebytes
https://forums.malwarebytes.com/topic/304827-scan-with-malwarebytes/

[ 2 ]
Scan with AdwCleaner
https://forums.malwarebytes.com/topic/304822-scan-with-adwcleaner/

[ 3 ]
Scan with Farbar Recovery Scan Tool
https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/

[ 4 ]
Scan with FSS Farbar Service Scanner
https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/

[ 5 ]
Scan with SecurityCheck by glax24
https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/


 

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

Thank you

 

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @molnaredi95

The computer is infected. It looks like it was possibly cleaned before but not very well. We'll go through multiple scans and fixes to get thing working properly again.

Please stay with me as it may take a couple of days to complete depending on how quickly you respond.

 

Please follow the steps below to get started.

[ 1 ]

Please go to Control Panel, Programs, Programs and Features, Uninstall a program

Then right-click and uninstall the following

  1. Safer Web
  2. VPN by RAV
  3. VideoAdsBlocker
  4. Email Extractor From Websites Email Magnet 1.0.0.0 v.1.0.0.0 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it

 

[ 2 ]

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\<user>\Downloads\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
                Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

 

[ 3 ]

ESET Online Scanner

Please run the following and perform a Full Scan
 
Click the following link to save the installer for ESET Online Scanner
https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get started.
  • When presented with the initial ESET screen, click on "Get Started". Read and accept the Terms of use
  • On the "Before we start..." screen chose if you want to send anonymous data and if you want to provide feedback or not, then click Continue
  • When prompted for scan type, Click on the Full Scan button
  • Enable  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click the Start scan button.
  • Have patience.  The entire process may take a few hours or more.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log and give it a name and location you remember.
  • If something was removed and you know it is a false postive, you may click on the blue ”Restore cleaned files”  ( in blue, at the bottom).
  • Press Continue when all done.  You should click to turn off the offer for “periodic scanning”.
  • Enable "Delete application data on closing" - You do not need to submit feedback unless you want to. Simply ignore and close the program.


 
Note: If you do need to do a File Restore from ESET please follow the directions below
[KB2915] Restore files quarantined by the ESET Online Scanner version 3
https://support.eset.com/en/kb2915-restore-files-quarantined-by-the-eset-online-scanner
 
Please attach the ESET scan log you saved at the end to your next reply

 

Thank you

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

  • Root Admin

Try saving the following file to a USB thumb drive from a working computer.

Then take it to the infected computer and run it from there.

AV Block Remover:

  • Download the utility archive from one of these links: AV block remover or from a mirror
  • Extract the archive to any folder on your computer (the executable file should be in a subfolder with a random name, not on the desktop or in the Downloads folder)
  • Rename the file AVBR.exe (for example: AV_b_r.exe), or use a version with a random filename
  • Right-click the renamed AVBR.exe file and run as an administrator
  • Wait for the utility to finish; the computer will be automatically be restarted.
  • If this method doesn't work, run this tool from another folder, NOT from your Desktop or Downloads folder (use any other folder
  • If the malware still blocks the utility, then try to run it in Safe Mode with Networking
  • In the utility folder, a file named AV_block_remove_date-time.log will be created
  • Attach that file in your next reply

 

 

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @molnaredi95

The ESET scanner found several Trojans including one that appears to be a password stealer. We'll suggest password reset once we're done

 

Do you have the FIXLOG.TXT file from Farbar? Please attach that.

 

Then run the following scanner from Microsoft

 

 

Let's go ahead and run a couple of scans and get some updated logs from your system.

Please read the entire post below before starting so that you're more familiar with the process

[ 1 ]

Please make the following system changes.

  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed.
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

[ 2 ]

Microsoft Safety Scanner

I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on the Scan Options & select the FULL scan.

Then start the scan. Have lots of patience. It may take several hours to complete.

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on the screen display.  The only things that count are the End result at the end of the run and saved in the log.
  • The scan may take several hours.  Leave it alone. It will remove any other remaining threats as it goes along.  Take a very long break, do your normal personal errands .....just do not use the computer during this scan.

This is likely to run for many hours as previously mentioned  ( depending on the number of files on your machine & the speed of the hardware. )

The log is named MSERT.log  and the log will be at C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

It is normal for the Microsoft Safety Scanner to show detections during the scan process.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Then it writes into the log on your computer what it found and did.

 

Thank you

 

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @molnaredi95

The fix ran well overall.

I don't think Microsoft was done writing to the MSERT.LOG file. Please wait about 15 minutes and try attaching it again @molnaredi95

 

The logs indicate that both Microsoft Edge and Google Chrome have detected threats. Let me have you try cleaning them up.

[ 1 ]

Please try cleaning the cache, cookies, and possibly the history or Microsoft Edge

https://www.microsoft.com/en-us/edge/learning-center/how-to-manage-and-clear-your-cache-and-cookies?form=MA13I2

Please try to clean and reset ALL sync data from the Microsoft Edge browser

Reset Microsoft Edge data in the cloud
https://learn.microsoft.com/en-us/deployedge/edge-learnmore-reset-data-in-cloud

 

[ 2 ]

At least one of the clean up screens has changed, but the following should be close enough to get you there to clean Google Chrome

Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome. Uninstalling Google Chrome does not clean or clear this data

Resetting Google Chrome to clear unexpected issues
 

 

Once you've cleaned both browsers, please RESTART the computer and get me some new, fresh logs as we will still need to repair some broken services.

 

[ 1 ]
Scan with Malwarebytes
https://forums.malwarebytes.com/topic/304827-scan-with-malwarebytes/

[ 2 ]
Scan with AdwCleaner
https://forums.malwarebytes.com/topic/304822-scan-with-adwcleaner/


[ 3 ]
Scan with Farbar Recovery Scan Tool
https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/

[ 4 ]
Scan with FSS Farbar Service Scanner
https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/

[ 5 ]
Scan with SecurityCheck by glax24
https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/

 

Thanks

 

 

 

 

Link to post
Share on other sites

  • AdvancedSetup changed the title to Help with removal of multiple Trojans
  • Root Admin

No problem. We can come back to that if needed.

 

 

The logs indicate that both Microsoft Edge and Google Chrome have detected threats. Let me have you try cleaning them up.

[ 1 ]

Please try cleaning the cache, cookies, and possibly the history or Microsoft Edge

https://www.microsoft.com/en-us/edge/learning-center/how-to-manage-and-clear-your-cache-and-cookies?form=MA13I2

Please try to clean and reset ALL sync data from the Microsoft Edge browser

Reset Microsoft Edge data in the cloud
https://learn.microsoft.com/en-us/deployedge/edge-learnmore-reset-data-in-cloud

 

[ 2 ]

At least one of the clean up screens has changed, but the following should be close enough to get you there to clean Google Chrome

Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome. Uninstalling Google Chrome does not clean or clear this data

Resetting Google Chrome to clear unexpected issues
 

 

Once you've cleaned both browsers, please RESTART the computer and get me some new, fresh logs as we will still need to repair some broken services.

 

[ 1 ]
Scan with Malwarebytes

 

[ 2 ]
Scan with AdwCleaner

 


[ 3 ]
Scan with Farbar Recovery Scan Tool

 

[ 4 ]
Scan with FSS Farbar Service Scanner

 

[ 5 ]
Scan with SecurityCheck by glax24

 

 

Thanks

Link to post
Share on other sites

  • Root Admin

Please download a NEW, fresh copy of the Farbar Scanner and save it to your desktop.

Currently you have this file:  C:\Users\kappk\Downloads\FRST-OlderVersion\FRSTEnglish (2).exe  

 

Please download the Farbar Recovery Scan Tool and save it to your Desktop 

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Please rename FRST.EXE or FRST64.EXE to FRSTEnglish.exe

 

Then run the following FIX below. when done, please attach the FIXLOG.TXT file. @molnaredi95

 

 

 

 

 

 

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:  C:\Users\kappk\Desktop\FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\kappk\Desktop\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
                Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.