AdvancedSetup

Root Admin
  • Content count

    61,915
  • Joined

  • Last visited

5 Followers

About AdvancedSetup

  • Rank
    Staff

Contact Methods

  • Website URL
    http://www.malwarebytes.org

Profile Information

  • Location
    US

Recent Profile Visitors

320,814 profile views
  1. adware

    You have to check the check box for Additions.txt to get a new log for that. Please run the following. Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller. PC Winvids - How to run Kaspersky TDSSKiller If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection. Once the tool has completed scanning make sure to re-enable your other security applications.
  2. Can you please post the logs from the program and attach her so that we can review them. https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/ Thank you
  3. @John L. Galt @AlexSmith @Decrypterfixer I personally don't like this approach. I don't like having to modify permissions if you don't have to. Linux can easily put the file back and for any advanced user is pretty easy to do. I'd rather do that, or use this tool. Both methods bypass the need to modify rights to the system. https://github.com/jschicht/RunAsTI
  4. Please run the FIXLIST.TXT file with FRST as described above. Then post back that log please. I'll check back with you again sometime tomorrow. Thanks
  5. There you go :-)
  6. Hello @ThatGuyBenny and It depends on what it is. We do detect and remove some. If you're having issues that you think may be due to such activity we can help you scan and remove it. I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.
  7. I have no idea if the program is or not, but we can help you scan it and look for signs of it behaving as an adware threat. Cleaning the computer and looking at ways to stop it from getting infected. I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue. Thank you
  8. Hi @KenW I've moved your topic to the malware removal section so we can do some cleanup. The logs shows some issues including network which is probably why MBAE is having trouble. Application errors: ================== Error: (07/23/2016 06:54:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (07/23/2016 09:30:35 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 17.7.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. etc.. Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Once that's done we'll run some other scans. Thanks
  9. ROFL - haha, someone bit up a bit too late
  10. As this is not a request for assistance with malware removal I've moved your topic to the General PC support forum. It is not wise to play with malware unless you really know what you're doing. You can easily lose data or potentially even send out infected data to friends by accident.
  11. @mbw62 Yes, we see the URL is wrong but we're unable to duplicate at this time. If you continue to see this issue though please let us know. Thank you Ron
  12. I don't know myself, David. @Khadijah says it's a Stellers Jay
  13. Hi @tonytis The only obvious issue may be some sort of conflict with the antivirus program or some sort of IP or program block. Without logs from an affected system, it's difficult to say. In a remote chance if it was system level then it may be recorded in the Windows Event Logs. You might try reviewing the Event Logs from one of the affected systems to see if something was recorded. What antivirus are they using? When they do printing, is it over wireless or wired connections?
  14. Hello @robdun and Someone from our Support Team will be in touch with you shortly to assist you. Thank you
  15. At this time there are no more signs of an infection on your system. However if you are still seeing any signs of an infection please let me know. Let's go ahead and remove the tools and logs we've used during this process. Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time. They are often updated daily so if you went to use them again in the future they would be outdated anyways. The following procedures will implement some cleanup procedures to remove these tools. Download Delfix from here and save it to your desktop. (you may already have this) Ensure Remove disinfection tools is checked. Click the Run button. Reboot Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete) IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall. If there are any other left over Folders, Files, Logs then you can delete them on your own. Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time. How to Delete System Protection Restore Points in Windows 7 and Windows 8 Remove all but the most recent Restore Point on Windows XP As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers How do I disable Java in my web browser? - Disable Java A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data. Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor. How Malware Spreads - How did I get infected Best Practices for Safe Computing - Prevention of Malware Infection Avoiding those unwanted free applications A close look at how Oracle installs deceptive software with Java updates IAC / Ask.com toolbars Malwarebytes Unpacked Blog If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.