-
Posts
713 -
Joined
-
Last visited
Reputation
0 NeutralAbout Android8888
- Birthday 08/25/1969
Contact Methods
-
Website URL
http://android8888.comlu.com
Profile Information
-
Location
Portugal
-
Interests
IT, malware fighting, reverse engineering, electrical and electronic engineering, technology, cinema.
Recent Profile Visitors
-
Hi @Helter_Skelter I'm glad to know your computer is running well. Malwarebytes Premium does not interfere with updates for the most part of programs unless you are updating suspicious programs that may represent a threat for the system. Generally speaking, there is no need to do that from my point of view. Below I have included several recommendations to help keep your computer safe. Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain check-boxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars and add-ons in your favorite web browser. I advise you to keep Malwarebytes installed and updated and perform a regular scan to your system as it will make it harder for malware to reside on your computer. A complete guide on using the program can be found here A number of programs have resident protection and it is a good idea to run it to maintain active protection. However, it is important to run only one resident protection program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program with resident protection at a time. Windows 10 has a good built-in antivirus and firewall which offers an excellent active protection. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, DO NOT click on it. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. A similar category of programs is called "scareware". These type of programs are active infections that will pop-up on your computer and tell you that you are infected when you are not. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection up-to-date and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the Internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. Another most feared threat at the moment is an infection by a Ransomware. This type of infection encrypts all data on drives and asks for a ransom to provide the decryption key that will never be provided. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here. Program vulnerabilities are often exploited in order to install malware. To keep the operating system up-to-date, make sure that Windows Update is enabled on your computer. Keeping all software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety Stay away from P2P software; even with a 'clean' P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here In addition, I also recommend you reading all the interesting information in the 'Learn' menu (in the blue line) at the top of the main page of the forum and also in the following articles for more complete information about cybersecurity: How Malware Spreads - How your system gets infected? Answers to common security questions - Best Practices - by quietman7 Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams How to Keep Your Windows PC and Apps Up to Date What’s the Best Way to Back Up My Computer? Pirated Software is All Fun and Games Until Your Data is Stolen Do You Need Anti-Ransomware Software for Your PC? How Safe Are Password Managers? Why Windows Slows Down Over Time I hope these steps will help to keep you error and malware free. If you run into more difficulty, we at Malwarebytes will certainly do what we can to help. Happy surfing and stay safe. Best regards, Android8888
-
Hello! You're very welcome. If you have Malwarebytes Premium yes, it is an excellent combination for effective protection of your computer. It's the one I also use in my computer. It has no intrusive and annoying advertisements on the machine like most third-party anti-viruses, especially the free versions. Another good thing is that they don't conflict one each other so you don't need to add exclusions to each other. Are there any other issues or concerns with the computer?
-
Hello, Looking over your latest Farbar logs, I see no signs of infection. Your system is clean. Yes, you can do that, please read this article: https://www.windowscentral.com/how-exclude-files-and-folders-windows-defender-antivirus-scans One explanation for the false positive is that Microsoft Windows Defender may not have enough information about the file to determine that it is safe. Yes, the temporary folder itself is being detected as a false positive. Yes there is a way to exclude and prevent a false positive in Windows Defender like instructed above. Now please run the attached script fix file using FRST. This fix may take some time consuming, so please be patient. Warning for other users: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to the operating system. Follow the instructions below to execute a script fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!Right-click on the FRST executable and select Run as Administrator;Click on the Fix button;On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;Please attach the Fixlog.txt in your next reply; Concerning Malwarebytes issue, I would suggest you completely remove and reinstall the program by using its removal tool as instructed below: Uninstall and reinstall using the Malwarebytes Support Tool Please close all browsers and programs before running the tool. After reinstall, open Malwarebytes and run a new scan with it. Please let me know what issues still remain. Thank you. Android8888 fixlist.txt
-
Hi @Helter_Skelter Thank you for the logs. That detection may have to do with I already stated in my previous post: Which log is this? Please attach that log for my review. From your Addition.txt log: Name: Trojan:Win32/Wacatac.B!ml Path: file:_C:\Users\Pete\AppData\Local\Temp\tmp0000007b\tmp000ef2e5 Process Name: C:\Program Files\Emsisoft Emergency Kit\bin64\a2emergencykit.exe It appears the EEK program creates a temporary folder which is being detected as a false positive. I would like to see fresh FRST logs. Re-run a new scan with FRST and attach the two new logs (FRST.txt and Addition.txt) in your next reply for my review. Android8888
-
Hello Helter_Skelter, Looking over your logs I see no signs of malware installed on this computer. It seems the threat Windows Defender found was located in a temporary folder and was removed. However I would like you to run the following fix to cleanup some orphaned entries in your system. Warning for other users: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to the operating system. Now follow the instructions below to execute a script fix on your system using FRST, and provide the log in your next reply. Download the fixlist.txt file attached at the bottom, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!Right-click on the FRST executable and select Run as Administrator;Click on the Fix button;On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;Please attach the Fixlog.txt in your next reply; Next, Please download the latest version of AdwCleaner and save the file to your computer Desktop. Right-click on AdwCleaner.exe and select Run as Administrator to start the tool.Click Yes to accept the UAC security warning that may appear.Click Agree to accept the EULA (End User License Agreement).Click the Scan Now blue button and wait until the scan is complete.Once the scan completes, a Scan Results window will open.Make sure that every item listed is checked and then click the Quarantine button.Click Next.If any pre-installed software was found on your machine, a prompt window will open.Click OK to close it.Now check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any).Click Quarantine.A prompt to save your work will appear.Click Continue when you're ready to proceed.A prompt to restart your computer will appear.Click Restart Now.Once your computer has restarted a Notepad file will open after logging in.If it doesn't open automatically, please start AdwCleaner.Click the Log Files tab on the left pane.Double click on the latest Clean log (Clean logs are like AdwCleaner[Cxx].txt, where xx is replaced by a number, the latest scan will have the largest number)Please attach that file to your next reply. Now to ensure all is clean, please run the following scan with Microsoft Safety Scanner. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for and remove malware or potentially unwanted software from a system. The download links and the how-to-run-the tool are at the following link at Microsoft: https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download I will need to see the scan results. The log is named MSERT.log and it will be located in %SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log. Please attach that log to your next reply. To summarize, please attach the following logs in your next reply: Fixlog.txt AdwCleaner clean log. msert log. Thank you. Android8888 fixlist.txt
-
Android8888 started following PowerShell blocked prosses warning 4104 , Win32/Wacatac.B!ml and Help, I got some viruses
-
Hello @Helter_Skelter and I'm Android8888 and I will be glad to help you with your computer issues. Please feel free to ask questions if anything is unclear to you. Okay, let's see what we can find out. Please download the Farbar Recovery Scan Tool and save it to your computer's Desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit. Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually. Please attach both logs to your reply for my review.
-
Help, I got some viruses
Android8888 replied to ifrahthepeople's topic in Resolved Malware Removal Logs
Hello @ifrahthepeople and Please read the instructions in this topic and attach the requested logs. We need to analyze those logs in order to help you. Thank you. Android8888 -
PowerShell blocked prosses warning 4104
Android8888 replied to JusTRun7's topic in Resolved Malware Removal Logs
@JusTRun7 Is your problem solved or do you still need help with it? Android8888 -
PowerShell blocked prosses warning 4104
Android8888 replied to JusTRun7's topic in Resolved Malware Removal Logs
Hi, These are legit files from Microsoft. The two detections are false positives. Don't worry with them. It appears you ran RogueKiller in Safe Mode. Tools need to be run in Normal Mode. Please restart the computer in Normal Mode and run RogueKiller again, then post its log for my review. -
PowerShell blocked prosses warning 4104
Android8888 replied to JusTRun7's topic in Resolved Malware Removal Logs
Hi JusTRun7, The files detected by SecureAPlus are not essentially malicious. This happens when too many security programs are used simultaneously, causing conflicts between them and detecting false positives. You are using too many security programs at the same time (AVG, Kaspersky, Malwarebytes, SecureAPlus). Please uninstall Secure Aplus and leave only Malwarebytes and just one antivirus installed. Then run the scan with RogueKiller according to my previous instructions here and post the created log. I need to see that log to proceed. Thank you. Android8888 -
PowerShell blocked prosses warning 4104
Android8888 replied to JusTRun7's topic in Resolved Malware Removal Logs
@JusTRun7 Do you still need help? Android8888 -
PowerShell blocked prosses warning 4104
Android8888 replied to JusTRun7's topic in Resolved Malware Removal Logs
Hello, Let's run the following scan. Please download the correct portable free version (32-bit or 64-bit) of RogueKiller for your system and save the file to your computer Desktop. Right-click on the file and select Run as administrator to start the tool.Click Yes to accept the UAC security warning that may appear.Click Accept to agree with the EULA (End User License Agreement) and close the browser tab it will open.Now click the Scan blue button and under the Standard Scan (recommended) click on the Scan button.When the scan is complete, click on Results button. NOTE: DO NOT delete anything it find. All listed items that he can find should be carefully analyzed.Then click on Report button.Click Export button and select "Text file".Give a name to the file such as RKlog.txt and save it to the Desktop or in a location where you can easily find it.Click the Finish button and close RogueKiller window.Copy and paste the entire contents of that log into your next reply. Let me see the content of the log and wait for further instructions. Thank you, Android8888 -
PowerShell blocked prosses warning 4104
Android8888 replied to JusTRun7's topic in Resolved Malware Removal Logs
Hi, All your logs were looking good. FRST logs did not show signs of any of those threats that you mentioned. Let's just run one more scan using Microsoft Safety Scanner to ensure all is clean. This is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. The download links and the how-to-run-the tool are at the following link at Microsoft. https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download I will need to see the scan results. The log is named MSERT.log and it will be located in %SYSTEMROOT%\debug\msert.log which in most cases is C:\Windows\debug\msert.log. Please attach that log to your next reply for my review. Android8888 -
PowerShell blocked prosses warning 4104
Android8888 replied to JusTRun7's topic in Resolved Malware Removal Logs
Hello Your logs look good. What type of notifications are you getting? Is it by e-mail or in Internet browsers? -
PowerShell blocked prosses warning 4104
Android8888 replied to JusTRun7's topic in Resolved Malware Removal Logs
Hello JustRun7 and I'm Android 8888 and I'll be helping you with your computer issues. Please ask questions if anything is unclear. I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier. Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST/FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach that file in to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. Please download the latest version of AdwCleaner by Malwarebytes and save the file to your computer Desktop. Right-click on AdwCleaner.exe and select Run as Administrator to start the tool.Click Yes to accept the UAC security warning that may appear.Click Agree to accept the EULA (End User License Agreement).Click the Scan Now blue button and wait until the scan is complete.Once the scan completes, make sure that every item listed in the different tabs is checked unless your want to keep the item(s) or suspect that it is a false positive.NOTE: If you are in doubt about any of the identified malware entries detected, please do not proceed to the next "Clean" step. Just select Log Files on the left pane and double-click the AdwCleaner[Sxx].txt name, where xx is replaced by a number (the largest number is from the more recent log and is the one I need to see). Copy and paste the entire contents of the scan log into your next reply for my review.IF you are satisfied that all of the checked entries are malware-related, click on the Quarantine button.Now you may also be asked to Run Basic Repair or skip it. This is optional. I would suggest you skip it for now.Once the cleaning process is complete, AdwCleaner will ask you to restart your computer.Close all other open windows and allow it to restart.After the restart, Notepad will open with the AdwCleaner cleaning log when logging in. The log can also be found at C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt (where xx is replaced by a number, the largest number is from the more recent log and is the one I need to see).Please attach that log into your next reply. Please download Malwarebytes from here and install it on your computer. Open Malwarebytes with administrator privileges.Go to "Settings" (upper right corner wheel), "Security" tab, and ensure that "Automatic quarantine" button is turned On.Now scroll down a bit until "Scan options" and ensure the Scan for rootkits button is turned On.Close the "Settings" panel and click the Scan blue button to perform a new scan.Once the scan is completed click on the View report button, then on Export and select Export to TXT.Save the file as a Text file to your Desktop or other location you can find it.Please attach that file in your reply. Please attach the 3 logs in your reply and let me know how is the computer running now. Thank you. Android8888 fixlist.txt