Maurice Naggar

Moderators
  • Content count

    16,413
  • Joined

  • Last visited

About Maurice Naggar

  • Rank
    Staff

Profile Information

  • Location
    USA
  • Interests
    Security, Windows, Windows Update, malware prevention

Recent Profile Visitors

68,938 profile views
  1. Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!
  2. Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!
  3. Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!
  4. Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!
  5. Hi. Its been several days. How is it going? Do you still need help?
  6. In addition, since what I now think what you meant was some kind of a IP block message.... I also would like this log. Look for the Protection Log for today from the HISTORY section in our program. Start Malwarebytes Anti-Malware. Click on the History tab > Application Logs. Double click on the Protection log which shows today's date. Please make sure the word Protection is shown and also that you grab the very latest Date. You can double click the line to get it on screen. Then use the menu at bottom of the window. Click the EXPORT button at the bottom left. Click *TEXT file* Be very aware as to what folder and what NAME you give this report. You have to make a note so you can send it. Then attach that file with your next reply.
  7. I will be guiding you as we go forward. I do need to see other diagnostic information from this system, so that I can see about pinning down the source of this issue. I would like to ask that you always attach any report or file I ask for, from time to time. Just a regular attachment, just as before. Where and how did you see "filepicker" / "livefyre"? I would like to know the details of where & how. Such as, was this while surfing the web ? Perhaps showing on a web browser ? If so, which one? Neither of those items are reflected in the FRST reports. Start the program by doing a RIGHT-click on the Taskbar icon and select *Open Malwarebytes Anti-Malware*. on the Dashboard, click the Update ( blue link ). click the *Scan Now >>* ( link) button. Click on the first column Threat scan* A Threat Scan will begin. When the scan is complete, Make sure to Review the results. Look over the list please. if there have been detections, if there have been detections, look over the list and insure all lines have check-marks so that they can be removed click **Remove selected** to allow MBAM to clean what was detected. In some cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes. Click on the *History* tab > *Application Logs*. Double click on the scan log which shows the Date and time of the last SCAN performed. Please make sure the word SCAN is shown and also that you grab the very latest Date. the most recent Scan run. You can double click the line to get it on screen. Then use the menu at bottom of the window. Click the EXPORT button at the bottom left. Click *TEXT file* Be very aware as to what folder and what NAME you give this report. You have to make a note so you can send it. Then attach that file with your next reply.
  8. That has been tagged as PUP.Optional.Trotux by our software. P U P are potentially unwanted add-ons. Those are not in the class of malicious malware. These are more like pests. Unwanted pests. The "trotux" was a website address that kept coming up on your Mozilla Firefox browser. The pest was removed as shown on your last scan report. This pest should now be gone. Let me make these following suggestions so that you have some added browser safety. Go into the Options ( settings) of Internet Explorer ( and any other web browser you have). Make sure that the POPUP blocker is ON. Set the option on for rejecting (decline) 3rd-party cookies. And in addition to all that: Use a good browser extension ( add on) ad blocker. If your pc has no ad blocker add-on for your browser(s), I would suggest uBlock Origin. For Mozilla Firefox, use the Mozilla page at this link https://addons.mozilla.org/addon/ublock-origin/ For Google Chrome, see https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm For Internet Explorer browser: https://adblockplus.org/en/internet-explorer ALSO this too To help totally block these types of "popups" I would recommend to only use Firefox browser that also has the addon for NoScript Suite Lite. and just only use that when surfing the web. Tips and how to's for Noscript suite are on this page link http://mybrowseraddon.com/noscript-lite.html We have a free version Malwarebytes Anti-Exploit (MBAE) that protects against exploit attacks in your browsers and Java, and a paid version that also protects additional applications such as MS Office. https://downloads.malwarebytes.org/file/mbae_current/ I would recommend you install the Anti-Exploit in free use mode. ( that is, if you do not have it from before).
  9. I will be guiding you as we go forward. I would like to ask that you always attach any report or file I ask for, from time to time. Just a regular attachment. I noticed that MCAFEE antivirus is installed. I would urge the following adjustments. Malwarebytes softwares work well and should run alongside antivirus software without conflicts. In some instances, exclusions may need to be set for your specific antivirus product to achieve the best possible system performance. To exclude known safe files and applications within the settings of MCAFEE: Open your McAfee Security suite. Click Real-Time Scanning: On. Click Excluded Files. Click Add file. Browse to, and select, the file or .exe you want to exclude from scans. Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts. In some rare instances, exclusions may need to be set for your specific antivirus product to achieve the best possible system performance. I suggest putting in trust settings in your antivirus, as follows: Please "put as Trusted" (i.e., put Trust settings ) for the following MBAM exe files within your Antivirus Software **whitelist** : Note: If using a software firewall besides the built in "Windows Firewall" you'll need to exclude them from it as well For 64 bit versions of Windows Vista or Windows 7 or Windows 8.1, 10: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamdor.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes\Malwarebytes Anti-Ransomware\mbarw.exe Then close McAfee screen. Next, RESTART Windows to finalize all these adjustments and to have a new Windows session. The last 2 items are so important.
  10. Hello and I will be guiding you as we go forward. I would like to ask that you always attach any report or file I ask for, from time to time. Just a regular attachment, just like you did already. Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. Please enable your system to show hidden files: How to see hidden files in Windows Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. When we are done, I'll give you instructions on how to cleanup all the tools and logs Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. Your topic will be closed if you haven't replied within 3 days You have already run a bunch of tools: AdwCleaner, Malware Bytes and Hitman. Please do not run any more. Where is it you notice "Trotux"? Kindly provide a copy of the latest scan from Malwarebytes Anti-Malware. Click on the History tab > Application Logs button. Double click on the scan log which shows the Date and time of the last SCAN performed. Please make sure the word SCAN is shown and also that you grab the very latest Date. the most recent Scan run. You can double click the line to get it on screen. Then use the menu at bottom of the window. Click the EXPORT button at the bottom left. Click TEXT file Be very aware as to what folder and what NAME you give this report. You have to make a note so you can send it. Then attach that file with your next reply.
  11. The methods used by the makers of crypto ransomwares continue to change & evolve at a fast pace. Some of the latest physically change the filenames. See http://www.bleepingcomputer.com/news/security/cryptxxx-ransomware-is-now-scrambling-the-filenames-of-encrypted-files/ Read all about Cryptowall 4 http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#cryptowall4 Regarding Windows XP: I am sure you are aware, Microsoft has ceased making any new security patches for that operating system. You ought to consider migrating to a more secure o.s. See the Microsoft Technet blog http://blogs.technet.com/b/security/archive/2013/08/15/the-risk-of-running-windows-xp-after-support-ends.aspx IF you must stay on Windows XP, then be sure to read and apply the suggestions by Susan Bradley Securing XP PCs after Microsoft has dropped support http://windowssecrets.com/top-story/securing-xp-pcs-after-microsoft-drops-support/ See also Ed Bott's comments http://www.zdnet.com/please-let-windows-xp-die-with-dignity-7000020923/ Five good reasons to leave Windows XP behind https://isc.sans.edu/diary/SIR+v15%3A+Five+good+reasons+to+leave+Windows+XP+behind/16922
  12. Hi. Have you looked at your Documents folder. What do the file name *extensions* look like ? Please *look closely at the file names and also the file extensions of any documents that have been corrupted.* BUT first you need to insure that Windows is set so that it does display EXTENSIONS of filenames; and that it shows hidden file or folders. Do not let the windows' prompts spook you off. It is all good. At this point, set your Windows Explorer ( windows File Manager) to show all files, by doing as described for your version of Windows at this page http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/ The corrupted /encrypted documents & files can't cured or resurrected. (except from offline backups) I always regret to see anyone be a victim to these types of malicious destructive infections. The news is never good. This infection is not a normal type of infection. It is very vicious and has done all the damage already before it even gives you the first clue. By the time you see the first warning, it is all done & has damaged your personal documents. If your computer is on a network, physically disconnect it from the network. There is nothing we can do to restore the files you did not backup. Have you lost access to any other documents? Unfortunately, there's little that can be done to restore those in most cases, but sometimes you can use the "Previous Versions" tab on a file's properties to regain access to the encrypted file. Using a tool called Shadow Explorer can also help, but in many cases, neither of these will work. Malwarebytes detects variants of this infection. However, no security application can detect and remove all threats, it's a statistical impossibility. And our software cannot repair the damaged documents. This infection relies mostly on user execution via opening an attachment from an unknown email source. For most variants, there's no known tool to fix any corrupted documents at this time. You can & should copy all the affected documents to a external storage drive for the future; in the hopes that perhaps some day, a way to decrypt the files would be available. We have no decryptors. If this computer is connected to a home network, disconnect it from that. Be aware this ransomware will have disabled the Windows System Restore service and also the Volume Shadow Copy service, as well. The safest thing in the long term is one of these actions: A system image restore from a clean recent system image backup. Otherwise, a wipe / erase and rebuild of Windows and reinstalling all programs. Backup is your best friend.
  13. I would agree with what David suggested. System needs more physical RAM.
  14. That was a good run. Now then, while I see that your last install for MBAM was on May 2016, the Checkresults shows a lot of old logs from 2014 and some for 2015. I would next suggest a little bit of housekeeping. Open Malwarebytes (MBAM) > click History icon > click Quarantine > click Delete All button. Now click on > Application Logs bar on the left. then lets delete all logs. > Click Delete All button. It's been pointed out to me that this computer only has 1 GB of RAM & runs on Intel Atom CPU N450. That that is under-powered to handle Windows 10. That stated, as long as this setup is able to run Windows, then it seems to me it should be able to use M B A M. Having deleted the old logs, you should now be able to run M B A M. Before starting your next run, first close any of your open work programs & also Exit out of web browsers. Lets reduce the source of any interference. Then do a new scan as follows: Start the program by doing a RIGHT-click on the Taskbar icon and select Open Malwarebytes Anti-Malware. on the Dashboard, click the Update ( blue link ). click the Scan Now >> ( link) button. Click on the first column Threat scan A Threat Scan will begin. When the scan is complete, Make sure to Review the results. Look over the list please. if there have been detections, if there have been detections, look over the list and insure all lines have check-marks so that they can be removed click Remove selected to allow MBAM to clean what was detected. In some cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes. Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the last SCAN performed. Please make sure the word SCAN is shown and also that you grab the very latest Date. the most recent Scan run. You can double click the line to get it on screen. Then use the menu at bottom of the window. Click the EXPORT button at the bottom left. Click TEXT file Be very aware as to what folder and what NAME you give this report. You have to make a note so you can send it. Then attach that file with your next reply.
  15. I will be guiding you as we go forward. I may need to see other diagnostic information from this system, so that I can see about pinning down the source of this issue. I would like to ask that you always attach any report or file I ask for, from time to time. Just a regular attachment. I do not see a obvious reason for why the program would not finish a scan. What follows is a small run just to empty temporary type files and to do a reboot for a fresh session. This should help out to be able to run the next run. I am sending a Fix script which is going to be used by the FRST tool. They will both work together as a pair. Save the attached file FIXLIST and select SAVE AS and save it directly ( as is) in the same general location as where you have FRST....the downloads folder C:\Users\Dent\Downloads NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work. Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version. Click the Fix button just once, and wait. If you receive a message that a reboot is required, please make sure you allow it to restart normally. The tool will complete its run after restart. When finished, the tool will make a log (*Fixlog.txt*) in the same location from where it was run. Please attach the *Fixlog.txt* in your reply. PART 2 This tool will collect some information on the installation of Malwarebytes and create a report I need to review: NOTE: You may need to temporarily turn off your antivirus if it interferes with this tool. Download mbam-check.exe and save it to your desktop from here Right-click on mbam-check-2.3.2.0.exe & select Run as Administrator & allow to Run when prompted by User Account Control. Do have patience while the tool runs. It may take a while, and will flash a command prompt window. And then it will start your text editor ( default is typically NOTEPAD). It should then open a log file CheckResults.txt. Just do a File >> Exit in NOTEPAD. You should attach the CheckResults.txt file located on *your desktop* so that I can review. and obviousl also attach the FIXLOG.txt too Fixlist.txt