Maurice Naggar

Moderators
  • Content count

    16,537
  • Joined

  • Last visited

1 Follower

About Maurice Naggar

  • Rank
    Staff

Profile Information

  • Location
    USA
  • Interests
    Security, Windows, Windows Update, malware prevention

Recent Profile Visitors

69,174 profile views
  1. Any progress on this? Where do things stand?
  2. Thanks for the reports. I do not see a obvious sign of a infection. The ip block may very well be due to some malvertising on some website when surfing the web. I would like for you to do the following. First, make real sure to save any open work files ( if any) are in use. Before you do what follows. Then RESTART Windows from the Start menu. Wait for it to reload normally. If you get stuck on any step, just move on to the next step. Disable your AntiVirus and AntiSpyware applications (Not Malwarebytes) "if possible", usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : http://forums.whatthetech.com/index.php?showtopic=96260 Step 1: Potentially Unwanted Programs (PUPs) Adware can be a very real nuisance and very difficult to remove. While we do identify and remove some adware variants, our main focus is on malware so there are many adware variants that we do not target (mostly for legal reasons as they do have a eula and an opt out feature in most cases) You will need to modify your MBAM settings, if you haven't already, and want them checked for removal. By default it will scan them but will not mark them for removal. Please open Malwarebytes. Click the Settings Tab Click the Detections and Protection Tab "check" Scan for RootKits. "check" Use Advanced Heuristics Non-Malware Protection Change the Action for (PUP) and (PUM) to treat Detections as Malware Run a new "Threat" scan and "quarantine" / "Remove" whatever is found. Click on the "History" tab > "Application Logs". Double click on the scan log which shows the Date and time of the last SCAN performed. Please make sure the word SCAN is shown and also that you grab the very latest Date. the most recent Scan run. You can double click the line to get it on screen. Then use the menu at bottom of the window. Click the EXPORT button at the bottom left. Click "TEXT file" Be very aware as to what folder and what NAME you give this report. You have to make a note so you can send it. Then attach that file with your next reply. Step 2: This is a two step process. First run you use "Scan" Second run you use "Clean" Please download "AdwCleaner" from here: You should see a Green Tab to click to download http://forums.whatthetech.com/index.php?autocom=downloads&showfile=55 or https://toolslib.net/downloads/viewdownload/1-adwcleaner/ Note: You can skip the install of the: Hosts Anti-PUP/Adware if asked Double click on AdwCleaner.exe to run the tool. Click the "Options" menu heading on the menu bar and "uncheck" "Reset Winsock Settings" Click on "Scan" Button. Pleas do have lots of patience while it scans & do wait for it to finish that phase. Once the "Scan" part has completed, you will be able to see & then "click" the "Clean" button This tool might remove add-ons that you added by choice like Ask Toolbar. Please uncheck / untick any items you don't want to remove. The contents of the Results section may appear confusing or as gibberish. Unless you see a program name that you know should not be removed,please continue with the next step. Click the "Clean" Button. It will require a reboot, so please be sure to close any other open programs first. A text file will open after the restart. Please attach that log file in your reply. You can find the log file AdwCleaner[Co].txt ('o' is the scan run number). The folder where it is stored is in one of these: in the C:\Program Files (x86)\AdwCleaner folder on 64-bit systems or folder C:\Program Files\AdwCleaner on 32-bit Windows. Attach the report files AdwCleaner in your next reply. Please save using the default Notepad format, DO NOT USE WORD or any other office type of software. DO NOT COPY & PASTE the log, send it as an attachment. Reply to THIS ticket, DO NOT create a new one. Please be sure you turn back on your antivirus program. Also let me know how it's running now
  3. One more quick note. I am a big fan of using Keyboard shortcuts in Windows. These below can be especially helpful to you in your situation. Windows ( every version) has had the ability of built in keyboard shortcuts. Make use of these as needed when you get in a tight spot like this one, or even for every day use. Press & hold Windows-key on keyboard + the T key to get the TASKBAR. Press the Windows-key on keyboard + the D key to get the DESKTOP view. Press the Windows-key on keyboard + the R key to get the Windows RUN menu. You can also use CTRL + ESCape keys to the Windows Start menu display. Use Windows-key + E key to start Windows Explorer. I would give all of those a try ( as needed) given that you said that you had a partial display on-screen. These hopefully will be useful in a pinch.
  4. Locking the thread while other thread is under way.
  5. Hello. I will be guiding you as we go forward. I will need to see diagnostic information from this system, so that I can see about pinning down the source of this issue. I would like to ask that you always attach any report or file I ask for, from time to time. Just a regular attachment. You said this is on Windows 10 laptop. Just for the record, what brand is it and what model ? ( just in case we need that info, later). Be sure that the laptop is connected to a power cable for power. Lets not just be in battery mode power. You described a few minimal things on the monitor screen. It may be handy to have a picture snapshot of it ....if at all possible. One more tip, just in case, if the laptop has any CD or DVD or connected USB drive, disconnect those while this case is on going. Also, if there is any connected printer or the likes, disconnect that as well ( or at least power it off). IF you have a working computer at home, and a clean or new USB flash drive, this next special procedure is worth doing as our first pass. For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive. For x64 bit systems download FarRecovery Scan Tool x64 and save it to a flash drive. Disconnect any external storage drives from the computer. Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. Select English as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account an click Next. OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc: Insert the installation disc. Restart your computer. If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings. Click Repair your computer. Select English as the keyboard language settings, and then click Next. Select the operating system you want to repair, and then click Next. Select your user account and click Next. On the System Recovery Options menu you will get the following options: Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt Now, Plug the flashdrive with FRST tool into the PC. In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. In addition, also provide a copy of Addition.txt
  6. Hello. At this point, do a clean removal and new installation for Malwarebytes Anti-Malware. See and follow this how to article link and after the installation finishes, be sure to click the blue-color line in the program, on the first screen, marked Update then RESTART Windows when all that is done.
  7. Hello, I will be guiding you as we go forward. I do need to see diagnostic information from this system. I would like to ask that you always attach any report or file I ask for, from time to time. Before we proceed further, please read all of the following instructions carefully. If there is anything that you do not understand kindly ask before proceeding. If needed, please print out these instructions. Please do not post logs using CODE, QUOTE, or FONT tags. Just always attach files / reports. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable, it is unlikely, but things can go wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen / flash drive Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. The removal of malware is not instantaneous; please be patient. Often we are also in a different Time Zone. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. You can check here if you're not sure if your computer is 32-bit or 64-bit As we go along, from time to time, Windows User Account Control ( U A C ) will prompt whether to allow a tool or procedure to proceed forward. Approve the Windows’ UAC prompt on by clicking on Continue or Yes. When we are done, I'll give you instructions on how to clean up all the tools and logs Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. Your topic will be closed if you haven't replied within 3 days. Please download Farbar Recovery Scan Tool and save it to your desktop. You may wind up needing to temporarily turn off your antivirus program IF it interferes with the diagnostic tool-reports listed below. Right-click on *FRST* icon and select *Run as Administrator * to start the tool , and reply *YES* to allow it to proceed and run. _Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line *More info* information on that screen and click button *Run anyway* on next screen._ Click YES when prompted by Windows U A C prompt to allow it to run. Approve the Windows’ UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. Click Yes when the* disclaimer* appears in FRST. The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach FRST.txt & Addition.txt along your next reply. F.Y.I. The ip block messages are from our malicious website protection. That is protecting your pc. Please see/review these references on MBAM’s IP blocks https://support.malwarebytes.org/customer/portal/articles/1835325?b_id=6438 Malicious code from Ad networks might be present in pop-ups or advertisement banners. When the banners attempt to load or the pop-up attempts to navigate to the malicious website, we block it before it has a chance to cause any damage to your system. https://blog.malwarebytes.com/malwarebytes-news/2013/05/oh-the-sites-you-will-never-see/
  8. Hello, I will be guiding you as we go forward. I may need to see diagnostic information from this system. I would like to ask that you always attach any report or file I ask for, from time to time. Before we proceed further, please read all of the following instructions carefully. If there is anything that you do not understand kindly ask before proceeding. If needed, please print out these instructions. Please do not post logs using CODE, QUOTE, or FONT tags. Just always attach files / reports. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable, it is unlikely, but things can go wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen / flash drive Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. The removal of malware is not instantaneous; please be patient. Often we are also in a different Time Zone. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. You can check here if you're not sure if your computer is 32-bit or 64-bit As we go along, from time to time, Windows User Account Control ( U A C ) will prompt whether to allow a tool or procedure to proceed forward. Approve the Windows’ UAC prompt on by clicking on Continue or Yes. When we are done, I'll give you instructions on how to clean up all the tools and logs Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. Your topic will be closed if you haven't replied within 3 days. I see that this PC has Advanced SystemCare 9. If you did not pay for it, please uninstall it. If you purchased it, please turn it off while this case is on going. Iobit software is not regarded well. They have been known to steal from us. Your pc has Avast Free Antivirus, build 12.3 of the free version, which is a good antivirus. Start Avast antivirus. Look for the gear icon up on the top right and click it. That is the control for settings of Avast. Then be sure to be on the tab marked *General*. Then use the scroll bar on the right and scroll down to the section marked *Exclusions* and click on the down arrow. Click the browse button. Navigate to the C drive and look for "C:\Program Files (x86)\Malwarebytes Anti-Malware" when found, then put a check mark by clicking on the check box for that line ( that is our program). Then click OK. verify that this line is set to"C:\Program Files (x86)\Malwarebytes Anti-Malware" Avast will convert that into this C:\Program Files (x86)\Malwarebytes Anti-Malware\* That all goes in the tab marked File paths. Then look for the tab marked URL s click that and then copy and paste this in there *.mbamupdates.com Then click the OK button at the bottom. Then click the X button at the top to Close. After this is done, RESTART Windows. Wait for it to finish re-loading. Have lots of patience. Then you ought to be able to start our Malwarebytes program.
  9. A clean new install of Windows could well be what you need to do. That would insure a clean steady system. Simply make real sure you do not use "wikisend" for that purpose. I would suggest you see this page How to Do a Clean Installation with Windows 7 http://goo.gl/B1XR9h I suggest you delete all existing partitions on the HDD as part of the new Windows 7 install.
  10. I do really regret to hear that you had issues on Chrome browser. There is not much we can do about Chrome. To install something, generally, you should be sure to use the login-account that has administrator level access rights. My suggestion is to switch to using Internet Explorer instead of Chrome. To date, there is no sign that i have seen that this set of issues has anything to do with any "infection". That being so, we will need to plan to close this case.
  11. What you are describing is that either Windows is shutting itself down when you use Chrome or Internet Explorer. Or that those 2 programs are not stable. They crash and then that leads to Windows operating system to shut down. This type of behavior may be due to hardware issues. It could also be due to corrupted browser program. For the Chrome browser, you may try to uninstall it and install a new copy for Chrome. You need to reset Chrome back to defaults to completely clear out what is going on. You can keep the bookmarks by exporting them - http://support.google.com/chrome/bin/answer.py?hl=en&answer=96816 Export Bookmarks Follow instructions to remove all Google Sync data - http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ Now we need to uninstall Chrome make sure to select the "Also delete your browsing data" tick box https://support.google.com/chrome/answer/95319?hl=en-US Re-install Chrome: https://www.google.com/chrome/browser/desktop/ next, If your pc has no ad blocker add-on for your browser(s), I would suggest "AdBlock Ultimate" https://adblockultimate.net/ After you have Chrome reinstalled please check things out and let me know how it is doing. As to Facebook, that site can have its own issues. But so far, there is no indication that anything of our software is keeping you out of Facebook. We cannot help you very much on Facebook issues.
  12. Bravo. Good. Delete the following files in the Downloads folder: FRST64.exe FRST.txt Addition.txt Fixlist.txt Fixlog.txt I am glad to have helped you. Cheers.
  13. I am sorry, but I have to say, you are not being clear about what you mean by << help i cant log in my account again >> ! What account is that ? What do you mean ? or do you mean this is about the Malwarebytes Anti-Malware program ? and that you had something set on it ? Please describe what you mean in detail. Is it some other program? maybe you mean some website? Having good details is so important. also, I need to see a fresh report: This tool will collect some information on the installation of Malwarebytes and create a report I need to review: NOTE: You may need to temporarily turn off your antivirus if it interferes with this tool. Download mbam-check.exe and save it to your desktop "from this link" http://downloads.malwarebytes.org/file/mbam_check On Windows 7, Right-click on mbam-check-2.3.2.0.exe & select Run as Administrator & allow to Run when prompted by User Account Control. Do have patience while the tool runs. It may take a while, and will flash a command prompt window. And then it will start your text editor ( default is typically NOTEPAD). It should then open a log file CheckResults.txt. Just do a File >> Exit in NOTEPAD. You should attach the CheckResults.txt file located on your desktop so that I can review.
  14. You need to unpatch that "patch". Apply the methods described on this article. How can I reset the Hosts file back to the default http://support.microsoft.com/kb/972034