AdvancedSetup

Good day, @RainOnThem Please run the following scan. Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply Next, please run the following for me Scan with SecurityCheck by glax24 https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/ Scan with FSS Farbar Service Scanner https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/ Thanks

Hello @WindowzXP Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe How to run a scan with Kaspersky Virus Removal Tool 2020 https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced mode https://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan https://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencrypt C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you

Hello @cryingcrackers Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process Then follow each step in the order provided. Unless otherwise asked, please attach all logs Please make the following system changes: If you have not done so already - Enable System Protection and create a NEW System Restore Point Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions Please run the following scans: Click the following link and run a Scan with AdwCleaner Click the following link and run a Scan with Malwarebytes RESTART the computer Click the following link and run a Scan with Farbar Recovery Scan Tool Example image of where to click to attach files when posting your reply Thank you

I've moved your topic to the False Positive section of the forums.

That is a failed update due to Windows Recovery Environment issues. You can read the KB article and try to correct or ignore it for now until Microsoft fixes this on their own in a future update. KB5034441: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: January 9, 2024 https://support.microsoft.com/en-us/topic/kb5034441-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-january-9-2024-62c04204-aaa5-4fee-a02a-2fdea17075a8 Also, please note this is an ILLEGAL pirated version of Windows. The best thing to do is actually do a CLEAN install of Windows and be rid of an insecure version of Windows Key Management Service client information Client Machine ID (CMID): dbeb7df4-e6ff-4377-b7bb-cb048cef238e Registered KMS machine name: kms.digiboy.ir:1688 KMS machine IP address: 185.86.180.36 KMS machine extended PID: 03612-00206-551-489307-03-1046-14393.0000-0552021 Activation interval: 120 minutes Renewal interval: 10080 minutes KMS host caching is enabled Clean Install Windows 10 & 11 (2023) https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587 Also, please review the following topic Bypass Microsoft Online Account Creation during installation of Windows 11 https://forums.malwarebytes.com/topic/296613-bypass-microsoft-online-account-creation-during-installation-of-windows-11/

Please temporarily uninstall Bitdefender and restart the computer. Then get me a new, fresh set of the same logs

Can you please try to upload the MSERT.log file again. The one uploaded is corrupt. Please make the following change in Malwarebytes if you're using the Premium or Trial version Please open Malwarebytes. Click on the small gear icon to open the Settings and go to the General tab. Then turn off "Always register Malwarebytes in the Windows Security Center" Restart the computer It is highly unlikely that you need to setup exclusions for Windows Defender, however if you experience any issues, please see the following article and setup exclusions between Malwarebytes and Windows Defender Malwarebytes for Windows antivirus exclusions list https://support.malwarebytes.com/hc/en-us/articles/360038522974-Malwarebytes-for-Windows-antivirus-exclusions-list Please uninstall, update, or otherwise address the following as appropriate for your computer. Combined Community Codec Pack 64bit 2015-10-18 v.2015.10.19.0 Warning! This software is no longer supported. Git v.2.39.0.2 Warning! Download Update Java 8 Update 381 v.8.0.3810.9 Warning! Download Update | Uninstall old version and install new one (jre-8u411-windows-i586.exe). Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 v.14.36.32532.0 Warning! Download Update Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 v.14.36.32532.0 Warning! Download Update NVIDIA GeForce Experience 3.12.0.84 v.3.12.0.84 Warning! Download Update paint.net v.4.2.16 Warning! Download Update Python 3.10.6 (64-bit) v.3.10.6150.0 Warning! Download Update TeamViewer v.15.37.3 Warning! Download Update WinRAR 5.80 (64-bit) v.5.80.0 Warning! Download Update Zoom v.5.4.2 (58740.1105) Warning! Download Update Please uninstall the following ---------------------------- [ UnwantedApps ] ----------------------------- Bonjour v.3.0.0.10 (This program is rarely needed on Windows and often causes network issues, please uninstall ) uTorrent Web v.1.0.11 Warning! Ad-supported P2P-client. Please uninstall Then RESTART the computer and check for Windows Updates and install any found Let me know if you're still seeing any signs of infection or any other unresolved issues Thanks

Excellent, glad to hear all is well again. I'll go ahead and close your topic now and wish you well. Please follow the directions below to remove the logs and tools we've used. If any are still left after that you can manually uninstall or delete them. Take care and stay safe out there. Try to follow as much of the advise below as you can as well. Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. You can close it. We're glad that we were able to assist you. The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal

Please restart the computer and post new, fresh logs Scan with SecurityCheck by glax24 https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/ Scan with FSS Farbar Service Scanner https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/ Scan with Farbar Recovery Scan Tool https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/

Please uninstall the following. CCleaner (computer experts no longer recommend this program) Please try to clean and reset ALL sync data from the Microsoft Edge browser Reset Microsoft Edge data in the cloud https://learn.microsoft.com/en-us/deployedge/edge-learnmore-reset-data-in-cloud After you've done the steps above RESTART the computer and run the following Dr.Web CureIt! Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply

Personally I would uninstall it and restart the computer. Windows Defender is going to be a much better antivirus from Microsoft than an old product version of Trend Micro. After you uninstall and reboot, please get me a new set of logs @lesmoque To begin, please do the following so that we may take a closer look at your installation for troubleshooting: NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply Thank you

Please uninstall, update, or otherwise address the following as appropriate for your computer Discord v.1.0.9005 Warning! Download Update Microsoft Visual Studio Code (User) v.1.80.2 Warning! Download Update Notepad++ (64-bit x64) v.8.2 Warning! Download Update Telegram Desktop v.4.14.4 Warning! Download Update WinRAR 6.02 (64-bit) v.6.02.0 Warning! Download Update ---------------------------- [ UnwantedApps ] ----------------------------- CCleaner v.6.23 Warning! (Computer experts no longer recommend this program. Recommend you uninstall it) Then RESTART the computer and check for Windows Updates and install any updates found. If Windows Updates don't work, please let me know Thanks

Thank you for the logs. That is the Scan log for AdwCleaner but if the other does not exist we can ignore for now. @lesmoque The logs indicate that you're running a VERY OLD version of Trend Micro antivirus. Is this a paid version? Are you still using it? If you're not going to keep it up to date I'd recommend you uninstall it and use the built-in Windows Defender which will be much more capable than an old version of Trend Micro

Please get me an updated set of logs Scan with SecurityCheck by glax24 https://forums.malwarebytes.com/topic/307301-scan-with-securitycheck-by-glax24/ Scan with FSS Farbar Service Scanner https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/ Scan with Farbar Recovery Scan Tool https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/

Pardon the intrusion, but can you also please provide the following log To begin, please do the following so that we may take a closer look at your installation for troubleshooting: NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download the Malwarebytes Support Tool In your Downloads folder, open the mb-support-x.x.x.xxx.exe file In the User Account Control pop-up window, click Yes to continue the installation Run the MBST Support Tool In the left navigation pane of the Malwarebytes Support Tool, click Advanced In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply Thank you