AdvancedSetup

I'm going to head out. Been off work now for about 5 hours. I'll go ahead and close this topic tomorrow, but again, if you run into any issues or have questions, please let us know. Have a good day Cheers

Yes, friends can be compromised too. Then links sent for what looks safe or interesting and it turns out to be a zero day exploit that most AV doesn't yet detect. Just friendly advice on keeping things safe. I don't run any of that stuff on my main system.

If you're gaming and using Discord on the same computer you're doing financial work on that can potentially be a recipe for danger too sooner or later. Hundreds of people infected over Discord just this year alone. Perhaps look at isolating financial work onto a smaller system you keep very protected and don't game on it, don't do P2P uTorrent, no Discord, Facebook, etc.

Not sure if you followed the advice about these items that were listed above, but I would recommend you set it and keep it that way. Disable-Fast-Startup Show-Hidden-Folders-Files-Extensions Please make the following change in Malwarebytes so that both Malwarebytes and Windows Defender work in conjunction with each other to add possible improved detections. Please open Malwarebytes. Click on the small gear icon to open the Settings and go to the Security tab. Then turn off "Always register Malwarebytes in the Windows Security Center" Restart the computer It is highly unlikely that you need to setup exclusions for Windows Defender, however if you experience any issues, please see the following article and setup exclusions between Malwarebytes and Windows Defender Malwarebytes for Windows antivirus exclusions list https://support.malwarebytes.com/hc/en-us/articles/360038522974-Malwarebytes-for-Windows-antivirus-exclusions-list

Understandable. We truly want your data safe as well. No one wants to be a victim of these bad actors out there. Though our program is excellent in prevention, detection, and removal - no security product out there can promise you 100% that nothing will ever get in. It takes work on the user's part as well keeping things up to date and practicing safe computing habits Please open Malwarebytes and check for updates. We do have a newer version MB5 that is being rolled out. If you don't get the update and want to update to the latest you can manually do it. Some users don't like the included VPN on the main panel so you may want to remain on version 4 if that might bother you. They're working on moving the panels around some but not sure when that will be ready. MB5 Offline Installer https://downloads.malwarebytes.com/file/mb5_offline If there is anything else I can do to assist you, please let me know. Thank you

I can promise you the programs are safe. Thousands of users not only here on our forums but on almost all forums around the Internet that due malware detection and removal use them. I'll provide you with some other information to help you keep your data and computer safer The following information will help you to keep your computer and data safer as well as improve your overall privacy. Don't forget to setup a good backup routine to an external USB drive that you do not keep connected. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal

I apologize for the post moving around. I just saw the post tonight and I'm trying to help show you the system is safe and that my guess is that yes it was a False Positive block alert. Are you still getting an IP or Domain block from Malwarebytes? The Dr Web Cureit AV scanner found no issues. Please update the following programs on your computer. Discord v.1.0.9032 Warning! Download Update LibreOffice 24.2.0.3 v.24.2.0.3 Warning! Download Update Python 3.11.8 (64-bit) v.3.11.8150.0 Warning! Download Update Thank you

It's possible to potentially infect any device. One would verify and match the HASH file of the downloaded file to verify that what you download matches the ISO from Microsoft. That article I posted explains ALL of it in extremely detailed postings It may take a while to read but it's very complete

Thank you

We just scanned your system last week or so. The logs do not indicate any type of infection. If you're still scared or suspicious, then please backup your personal data and do a CLEAN install of Windows. Clean Install Windows 10 & 11 (2023) https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587 Also, please review the following topic Bypass Microsoft Online Account Creation during installation of Windows 11 https://forums.malwarebytes.com/topic/296613-bypass-microsoft-online-account-creation-during-installation-of-windows-11/

You are the one that was suspicious, thus the recommendation to run another 3rd party antivirus scan to double-check the system. SecurityCheck looks at the software on your system to see if it can find old or outdated software that might need updating FSS scanner looks for services that manage Windows Updates and Windows Defender to determine if something might not be correct All the tools involved are very safe and used thousands of times for many users

There is the proof the file is safe and normal. 0/70 detection from VT https://www.virustotal.com/gui/file/2d743da40309ac1eec1013f1d61ec866075875864b097aa643e73141a371a9b5/detection Please use antivirus scans such as Malwarebytes and Windows Defender to scan your system. Simply reading posts or looking for trouble where there is no trouble can potentially wreak havoc on your system.

This should be a valid file. Directory of c:\windows\system32 5/06/2022 10:19 PM 122,880 atl.dll Please upload it to https://virustotal.com and have them scan it. The post back the URL to the completed scan. c:\windows\system32\atl.dll

Thank you for the logs @mekpsy Please run the following Please download and run the following Kaspersky Virus Removal Tool 2020 and save it to your Desktop. (Kaspersky Virus Removal Tool version 20.0.10.0 was released on November 9, 2021) Download: Kaspersky Virus Removal Tool https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe How to run a scan with Kaspersky Virus Removal Tool 2020 https://support.kaspersky.com/15674 How to run Kaspersky Virus Removal Tool 2020 in the advanced mode https://support.kaspersky.com/15680 How to restore a file removed during Kaspersky Virus Removal Tool 2020 scan https://support.kaspersky.com/15681 Select the Windows Key and R Key together, the "Run" box should open. Drag and Drop KVRT.exe into the Run Box. C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box. add -dontencrypt Note the space between KVRT.exe and -dontencrypt C:\Users\{your user name}\DESKTOP\KVRT.exe -dontencrypt should now show in the Run box. That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file. Reports are saved here C:\KVRT2020_Data\Reports and look similar to this report_20210123_113021.klr Right-click direct onto that report, select > open with > Notepad. Save that file and attach it to your reply. To start the scan select OK in the "Run" box. A EULA window will open, tick all confirmation boxes then select "Accept" In the new window select "Change Parameters" In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start... When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue" When complete, or if nothing was found select "Close" Attach the report information as previously instructed... Thank you

Thank you for the logs @lesmoque Are you using the following software? Avast SecureLine VPN [ 1 ] Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following CCleaner (computer experts no longer recommend using this program) CCleaner Browser (computer experts no longer recommend using this program) [ 2 ] The following files are certificate files and normally should not be stored here. Did you save them there yourself and know what they're for? 2024-03-30 20:16 - 2024-04-24 21:27 - 000000004 _____ () C:\Users\duibh\AppData\Local\rootCert_lock.pfx 2024-03-30 20:16 - 2024-03-30 20:16 - 000002536 _____ () C:\Users\duibh\AppData\Local\WindowsUpdateCertificate.pfx [ 3 ] Please run the following fix NOTE: Please read all of the information below before running this fix. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program: FRSTEnglish.exe Save the attached file: FIXLIST.TXT to this folder C:\Users\duibh\OneDrive\Desktop\ NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. Run the Farbar program with Admin rights and press the Fix button just once and wait. The fix may possibly take up to 60 minutes to complete If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply. NOTE: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks