Maurice Naggar

Moderators
  • Content count

    16,403
  • Joined

  • Last visited

About Maurice Naggar

  • Rank
    Staff

Profile Information

  • Location
    USA
  • Interests
    Security, Windows, Windows Update, malware prevention

Recent Profile Visitors

68,922 profile views
  1. That was a good run. Now then, while I see that your last install for MBAM was on May 2016, the Checkresults shows a lot of old logs from 2014 and some for 2015. I would next suggest a little bit of housekeeping. Open Malwarebytes (MBAM) > click History icon > click Quarantine > click Delete All button. Now click on > Application Logs bar on the left. then lets delete all logs. > Click Delete All button. It's been pointed out to me that this computer only has 1 GB of RAM & runs on Intel Atom CPU N450. That that is under-powered to handle Windows 10. That stated, as long as this setup is able to run Windows, then it seems to me it should be able to use M B A M. Having deleted the old logs, you should now be able to run M B A M. Before starting your next run, first close any of your open work programs & also Exit out of web browsers. Lets reduce the source of any interference. Then do a new scan as follows: Start the program by doing a RIGHT-click on the Taskbar icon and select Open Malwarebytes Anti-Malware. on the Dashboard, click the Update ( blue link ). click the Scan Now >> ( link) button. Click on the first column Threat scan A Threat Scan will begin. When the scan is complete, Make sure to Review the results. Look over the list please. if there have been detections, if there have been detections, look over the list and insure all lines have check-marks so that they can be removed click Remove selected to allow MBAM to clean what was detected. In some cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes. Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the last SCAN performed. Please make sure the word SCAN is shown and also that you grab the very latest Date. the most recent Scan run. You can double click the line to get it on screen. Then use the menu at bottom of the window. Click the EXPORT button at the bottom left. Click TEXT file Be very aware as to what folder and what NAME you give this report. You have to make a note so you can send it. Then attach that file with your next reply.
  2. I will be guiding you as we go forward. I may need to see other diagnostic information from this system, so that I can see about pinning down the source of this issue. I would like to ask that you always attach any report or file I ask for, from time to time. Just a regular attachment. I do not see a obvious reason for why the program would not finish a scan. What follows is a small run just to empty temporary type files and to do a reboot for a fresh session. This should help out to be able to run the next run. I am sending a Fix script which is going to be used by the FRST tool. They will both work together as a pair. Save the attached file FIXLIST and select SAVE AS and save it directly ( as is) in the same general location as where you have FRST....the downloads folder C:\Users\Dent\Downloads NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work. Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version. Click the Fix button just once, and wait. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log (*Fixlog.txt*) in the same location from where it was run. Please attach the *Fixlog.txt* in your reply. PART 2 This tool will collect some information on the installation of Malwarebytes and create a report I need to review: NOTE: You may need to temporarily turn off your antivirus if it interferes with this tool. Download mbam-check.exe and save it to your desktop from here Right-click on mbam-check-2.3.2.0.exe & select Run as Administrator & allow to Run when prompted by User Account Control. Do have patience while the tool runs. It may take a while, and will flash a command prompt window. And then it will start your text editor ( default is typically NOTEPAD). It should then open a log file CheckResults.txt. Just do a File >> Exit in NOTEPAD. You should attach the CheckResults.txt file located on *your desktop* so that I can review. and obviousl also attach the FIXLOG.txt too Fixlist.txt
  3. I would like you to do one more scan; this one from ESET security. This is for a second opinion. To be certain all traces of malware & viruses are gone, I'd suggest you run this scan to help look for a virus or possible P U P or rogue that may be lurking. This scan can easily take upwards of an hour, so be run the scan when you don't need to use the computer for a while. { If you need help on this, then see this page http://www.eset.com/us/online-scanner/help/ You may use the stand-alone-eset installer. Use this link to get and SAVE esetsmartinstaller_enu.exe _the ESET Smart Installer. Save it to your desktop. from "(this link)":http://download.eset.com/special/eos/esetsmartinstaller_enu.exe You need to first SAVE the file to your system. Save to the Downloads folder or the DESKTOP ( for ease of use). 2.Double click on the esetsmartinstaller icon on your desktop. 4.Check "YES, I accept the Terms of Use." 5.Click the *Start* button. and proceed just as outlined before. Reply ( click ) YES when prompted to allow the run by Windows U A C ( user account control). Have patience while it downloads antivirus database definitions. Click on *Enable detection of potentially unwanted applications* Click on the blue line *Adanced Settings* Choose the following settings in scan settings: Select (check) Enable detection of potentially unwanted applications. in advanced settings: clear ( leave un-checked) Remove found threats Select ( check-mark) Scan for potentially unsafe applications Click on Start. The virus signature database will begin to download. This may take some time. When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient. When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first! Now click on Finish A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt. Note: Do not forget to re-enable your antivirus application after running the above scan! I will advise you more after I have had a chance to review that log file. You will find a log-file for the results of the ESET scan that is named LOG.txt It will be located under the Program Files structure of Windows in one of the folders listed below. The report file is named *LOG.txt* The folder constaining that report is this for 64-bit Windows. C:\Program Files (x86)\ESET\ESET Online Scanner Thanks for the Scan report. That is a good result, obviously.
  4. Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!
  5. Check on update issues , by getting, installing and using Secunia Personal Software Inspector (PSI) on a regular basis. See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector ( by Flexera) http://www.bleepingcomputer.com/tutorials/tutorial174.html Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware. Sorry about the link.
  6. For Your Information: The IP Block message indicates that a potential risk was blocked by the malicious website protection. It by default will always show each IP block occurrence. The Malwarebytes Anti-Malware Website Blocking feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC. Incoming threats can be ignored, our software is blocking the attack and there is nothing more that can be done. No action is required unless you’re also experiencing malware symptoms or there are multiple IPs (ex;123.23.34 and 4.44.56). A browser is not required to be running, just an active Internet connection with processes running, such as Instant messenger clients, SKYPE or P2P software to trigger these alerts. These are also triggered by banner ads running on websites which is the most common form of alert Windows Vista and Windows 7 & 8 will show the process, but Windows XP does not have the structure in place for this to be displayed by our software Please see/review this reference on MBAM’s IP blocks https://support.malwarebytes.org/customer/portal/articles/1835325?b_id=6438 < Keeping all utilities and applications up to date is so important. Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (PSI) on a regular basis. See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector ( by Flexera) http://www.bleepingcomputer.com/tutorials/tutorial174.html Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.
  7. That's good. Let me suggest that you do this next check to see if other software is up to date. Download Security Check by screen317 from >>here<<. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  8. Thanks for the MBAM scan report. That all was about PUP.Optional.BinEssentials. Just one unwanted add-on that was found & removed. Is the odd/ rogue audio all gone away ? ( the thing that was at the start of this thread.) Things should be good to go. Here are my suggestions: To make sure that Malwarebytes Anti-Malware has all the latest definitions, look for the blue-icon for MBAM on the Taskbar, right-click on it and select *Check for Updates*. Go into the Options ( settings) of Internet Explorer ( and any other web browser you have). Make sure that the POPUP blocker is ON. Set the option on for rejecting (decline) 3rd-party cookies. And in addition to all that: Use a good browser extension ( add on) ad blocker. If your pc has no ad blocker add-on for your browser(s), I would suggest uBlock Origin. For Internet Explorer browser: https://adblockplus.org/en/internet-explorer For Mozilla Firefox, use the Mozilla page at this link https://addons.mozilla.org/addon/ublock-origin/ For Google Chrome, see https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm *ALSO this too* To help totally block these types of "popups" I would recommend to *only use Firefox browser* that also has the addon for *NoScript Suite Lite.* and just only use that when surfing the web. We have a free version Malwarebytes Anti-Exploit (MBAE) that protects against exploit attacks in your browsers and Java, and a paid version that also protects additional applications such as MS Office. https://downloads.malwarebytes.org/file/mbae_current/ I would recommend you install the Anti-Exploit in free use mode.
  9. Hello Cestmoi. I will be guiding you and helping you going forward. As we go along, please only just attach any reports I may request. Looking at your initial write-up at the start of the case, it seems like your web browser just happened to get ( somehow) a scam web page. The rogue audio will go away once you close the tab-window on the browser and Restart Windows. Thanks for the screen image by the way. That does confirm that this is a total scam. You can easily get rid of it by just using a few simple keyboard presses. ( that is, if the page is still there). It looks like the fake page is on the Chrome browser. The same principals apply regardless of what browser is in use that has this same type display. There are lots and lots of different versions of these scams. It is important to always have situational awareness. Please apply the tips I relayed just very recently to another person on this board. The same tips apply to this case. see this link
  10. Happy to have helped out. I believe we are done here, so I am marking this thread for closure. Best to you.
  11. Your system has Avast antivirus. Please run a full scan today with AVAST. Afterwards, let me know what the result is. Thanks.
  12. RKILL is just not something that is a permanent use solution. Please understand that. It is only intended as a one time only use !! IF iexplorers keeps appearing and re-appearing we need to "see" that either thru diagnostic reports. Or a picture-snapshot from you for the screen where you "see" those. Here is a how to http://www.wikihow.com/Take-a-Screenshot-in-Microsoft-Windows
  13. You are welcome. Is there anything else you need help with ?
  14. { I hope David will not mind my intrusion into this thread.}. That is an excellent page at D O J / F B I that David cited. He and I would call these cases as ones where you need to keep your “situational awareness”. What you had experienced is NOT an infection. Not a virus; nor a malware. It is a scam / fake tech support scheme. The fact it *alleged* an "infection" does NOT mean it is actually true that your machine is infected. It making an assertion is not the same as a real proof of infection. Real proof of infection is only done by an antivirus scan locally on your machine and or a scan with reports from our Malwarebytes software program. NOT in the borders of a web browser. The fact that it had shown up within the borders of the web browser should be a big tip of it being fake. The fact of it displaying ( a so-called) support telephone number is another big tip of it being a scam. Real legitimate security programs ( such as a antivirus) do not display in a web browser & they do not ask you to telephone for help. F.Y.I. Contrary to what one may have thought, it does not "lock" the machine. You can still press the Windows-key on keyboard to get the Windows menu. You can use a variety of Windows Keyboard shortcuts to get around to other choices for remedy. When this fake is in the foreground and in a web browser, there are many ways to get it off the screen. I would suggest to do a few keyboard presses to get rid of the windows on-screen. Press and hold *ALT*-key on keyboard and then tap the *F4* function key to get the foreground windows closed and done away with. ( repeat use of ALT + F4 sequence). Another way is to press and hold CTRL key on keyboard and then tap *W* key. CTRL + W That should close the Tab page of the web browser. You can repeat as needed. Another way: is to open a new Tab by using CTRL +T ( that opens a new tab). Then you can use your mouse go to the rogue tab & then click the X control on the upper right top of the rogue tab-window). Have patience when you try this. And, there is always the ability to end the web-browser program thru using Windows' *Task Manager* applet. Click the Start button and type: _taskmgr.exe_ and then press Enter. In the processes tab, find the process for whichever browser you are running: _iexplore.exe, firefox.exe, chrome.exe, MicrosoftEdge.exe, MicrosoftEdgeCP.exe_ and then click _End Process_ or _Terminate_. The "call-this-telephone" message is a fake one. It is a scam trying to lure you into handing over money. ( there are many variations of this type of message.) That is a *scareware*. Certainly if it mentions Microsoft or "some technical support expert" or to "call" some telephone number ! Close the window and Reset the web browser. Which one of the web browsers is this on ? Reset the browser and make real sure it does not re-open same page as last session. Please try to reset your browser settings and see if that helps - These are the ways - the HOW TO pages - for the 3 most popular web browsers. Just click each link to see the specific advice for it. You would want to put back your own choice for Start page / Home page / and also for Search engine preference. Just click the link to the browser you have installed. If you have more than one, then do one at a time. Please try to reset your browser settings and see if that helps - "Internet Explorer in Windows" http://support.microsoft.com/kb/923737 "Google Chrome browser" https://support.google.com/chrome/answer/3296214?hl=en "Firefox:" https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings First, do a refresh for Firefox. Then set your own choices for search engine, and start & home page, etc. https://support.mozilla.org/en-US/kb/reset-firefox-fix-most-problems For EDGE browser in Windows 10 : Edge browser is set by default to "restart on the same page as it was on the last time". So, now you need to set it to your own choice. Either a blank page or a specific website of your own choice. You could make it *bing.com* as one safe example. Please do try to Reset the Edge browser to defaults, with these tips. In Microsoft edge Click the three dots *...* (top right hand corner under the X sign) Click *settings* Change - Open new tabs with *Top sites* Arrow V down and Select - *A blank page* ( *or make some other selection that is right for you* ). This type of message is a scam. Avoid tech support scams: This video features info from Microsoft and appears to be also sponsored by AARP. Well done and easy to understand. This is "the link" https://www.youtube.com/watch?v=Jvh9TZ-pGRs&feature=youtu.be "see our Tech Support Scams – Help & Resource Page" Plus these as well. "Hacking your head: How cyber criminals use social engineering" https://www.malwarebytes.org/articles/hacking-your-head-how-cyber-criminals-use-social-engineering/ https://blog.malwarebytes.org/fraud-scam/2014/08/tech-support-scammers-rip-big-brand-security-software-with-fake-warnings/ http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx Our software does not pre-filter or pre-scan the contents of a particular webpage that is visited. TIP We have a free version Malwarebytes Anti-Exploit (MBAE) that protects against exploit attacks in your browsers and Java, and a paid version that also protects additional applications such as MS Office. https://downloads.malwarebytes.org/file/mbae_current/ I would recommend you install the Anti-Exploit in free use mode. P.S. After clearing out the web browser, you can do a Threat Scan with our program, plus one with the resident antivirus too. You should find that there is no real "infection". That all is a scam window in a web browser. Do not believe all that you see from an unknown source that is "shown" in a web browser !!! More tips: Go into the Options ( settings) of Internet Explorer ( and any other web browser you have). Make sure that the POPUP blocker is ON. Set the option on for rejecting (decline) 3rd-party cookies. And in addition to all that: Use a good browser extension ( add on) ad blocker. If your pc has no ad blocker add-on for your browser(s), I would suggest uBlock Origin. For Mozilla Firefox, use the Mozilla page at this link https://addons.mozilla.org/addon/ublock-origin/ For Google Chrome, see https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm For Internet Explorer browser: https://adblockplus.org/en/internet-explorer For Opera browser, see https://addons.opera.com/en-gb/extensions/details/ublock/ *ALSO this too* To help totally block these types of "popups" I would recommend to *only use Firefox browser* that also has the addon for *NoScript Suite Lite.* and just only use that when surfing the web.
  15. @Dizzycool How are you doing ? I would appreciate a status update. Thanks.