-
Posts
114,639 -
Joined
-
Last visited
Reputation
3,792 ExcellentAbout AdvancedSetup
Contact Methods
-
Website URL
https://www.malwarebytes.com
Profile Information
-
Location
The United Federation of Planets
Recent Profile Visitors
-
possible firmware infection pls help
AdvancedSetup replied to Andrew121's topic in Windows Malware Removal Help & Support
You may want to contact ASUS Support as this looks like a fairly new motherboard. Ask them what's going on here -
possible firmware infection pls help
AdvancedSetup replied to Andrew121's topic in Windows Malware Removal Help & Support
KB5016061: Secure Boot DB and DBX variable update events https://support.microsoft.com/en-us/topic/kb5016061-secure-boot-db-and-dbx-variable-update-events-37e47cf8-608b-4a87-8175-bdead630eb69 When the updated DBX revocation list is applied to a device, and an error occurs that is not covered by the events above, an event is logged, and Windows will try to apply the DBX list to the firmware on the next system restart. Event log information Event ID 1796 occurs when an unexpected error is encountered. The event log entry will include the error code for the unexpected error. -
possible firmware infection pls help
AdvancedSetup replied to Andrew121's topic in Windows Malware Removal Help & Support
Are you 100% sure you have the latest BIOS/UEFI firmware updates installed? Please try a "Default" BIOS/UEFI setting without any overclocking Did you set the Trusted Protection Module (TPM 2) to be used in the UEFI settings? You should not be getting TPM errors. System errors: ============= Error: (05/01/2024 01:28:07 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY) Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931 Error: (05/01/2024 01:28:04 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 12:16:23 on 01/05/2024 was unexpected. Error: (05/01/2024 01:27:58 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY) Description: 3221225684A fatal error occurred processing the restoration data. Error: (05/01/2024 12:00:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240016: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.409.631.0) - Current Channel (Broad). Error: (05/01/2024 11:59:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240016: Update for Windows Security platform antimalware platform - KB5007651 (Version 1.0.2402.27001). Error: (05/01/2024 03:56:34 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (05/01/2024 03:54:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Network Connection Broker service terminated with the following error: A device attached to the system is not functioning. Error: (05/01/2024 03:54:14 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout. -
possible firmware infection pls help
AdvancedSetup replied to Andrew121's topic in Windows Malware Removal Help & Support
The following is a valid Windows 11 ISO x64 download link for the next 24 hours. You do not need though as your hash validates already https://software.download.prss.microsoft.com/dbazure/Win11_23H2_English_x64v2.iso?t=42b50ff3-1212-4938-b915-d6afafe75223&P1=1714680888&P2=601&P3=2&P4=d5O95TbgKea2SzSqStJLh6IWmLiORg%2blsxhq6E0NwZP2u088ZQMUJqB%2fwhtA%2bhTMpnVLTDbTf2wn9at2Flgfns%2fGanMcnccyl7dd6xb9NZXMLkNpxTY%2fXlhC6w2LTi0nv9p5HKaa8YiQIkrdKCllsGW6itNQ8VQ5uo3EykNV2Q5rdKFaIemAoLvtxbrJDJghomkTXAEFu%2fzssq8eNBd4%2fTqytQ30qlbND4uv%2bFbTXD1MoHZIRanwVYIQfA18N4hOVyP0CYlAGVIKVwWijoIBGIIil%2blolMgn8C4jCubQ18%2ff%2f4SJmLlFJ%2fzRdi7JCsXAkhyPlY9y1ncopBXXRdLFAA%3d%3d -
possible firmware infection pls help
AdvancedSetup replied to Andrew121's topic in Windows Malware Removal Help & Support
Yes, that is a valid Windows 11 ISO hash Please get me the following logs Scan with FSS Farbar Service Scanner https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/ Scan with Farbar Recovery Scan Tool https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/ -
Thank you for the log. It did find some items but I'm not sure that was the cause. Please restart the computer. Then let me know if you're still getting an alert Also, after the restart, please get me a new, fresh set of logs for review. Scan with SecurityCheck by glax24 https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/ Scan with FSS Farbar Service Scanner https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/ Scan with Farbar Recovery Scan Tool https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/ Thanks
-
My father did oil and water paintings. Some were featured in local papers fifty years ago. Apparently that gene was not passed on to me 😅
-
AdvancedSetup started following Malware (Clipboard Hijacked) , Malwarebytes Authenticator App and/or Integration , Malwarebytes Teams will not allow an app and 3 others
-
Malwarebytes Authenticator App and/or Integration
AdvancedSetup replied to OmaBytes's topic in Malwarebytes for Android
Thank you for the feedback- 1 reply
-
- authenticator
- 2fa
- (and 11 more)
-
Thank you for the report @XType Can we please get some logs to review To begin, please do the following so that we may take a closer look for troubleshooting: NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply Thank you
-
Camara Light Came On
AdvancedSetup replied to User12391023's topic in Mac Malware Removal Help & Support
Please open a support ticket and one of our agents will be happy to assist you review your system further. Consumer Support https://support.malwarebytes.com/hc/en-us/requests/new Thank you -
Malware (Clipboard Hijacked)
AdvancedSetup replied to Inusatoru's topic in Windows Malware Removal Help & Support
Thank you for the logs @Inusatoru Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome Resetting Google Chrome to clear unexpected issues After you've cleaned Google Chrome, please RESTART the computer and run the following scanner Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process [ 1 ] Please make the following system changes. Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed. Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed. Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions [ 2 ] I suggest a new scan for viruses & other malware. This may take several hours, depending on the number of files on the system and the speed of the computer. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links & the how-to-run-the tool are at this link at Microsoft https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Look on the Scan Options & select the FULL scan. Then start the scan. Have lots of patience. It may take several hours. Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on the screen display. The only things that count are the End result at the end of the run. The scan will take several hours. Leave it alone. It will remove any other remaining threats as it goes along. Take a very long break, do your normal personal errands .....just do not use the computer during this scan. This is likely to run for many hours as previously mentioned ( depending on the number of files on your machine & the speed of the hardware.) The log is named MSERT.log and the log will be at C:\Windows\debug\msert.log Please attach that log with your next reply. It is normal for the Microsoft Safety Scanner to show detections during the scan process. It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection. That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not. Then it writes into the log on your computer what it found. Thank you -
The Chrome clean up article is old and probably needs some updating as Google seems to have changed a few of the names but I'm sure the process is the same. Let me have you go ahead and run the following scan and we'll see what they can find. Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe How to run a scan with Kaspersky Virus Removal Tool 2020 https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced mode https://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan https://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencrypt C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you