HarryZ

Aloha, I believe I've found a false positive. I downloaded a product called Antivirus Removal Tool. Un-zipped it into the directory where I want to keep it and everything is OK. However, as soon as I click on the .exe file, Malwarebytes quarantines it. The .zip file is too large to attach to this forum entry, so please download it from the link provided. I will attach the text output from Malwarebytes for Windows showing the detection. Also please note that scanning the folder also shows the 'malware' detection. I will also let the program author know about this issue. There are also a couple related issues, if I need to report these in a different forum, just let me know 1) There was no pop-up message from Malwarebytes to notify me that it had quarantined the file. I'm assuming there would be one in this type of instance 2) After opening the Detection History, selecting the file, and clicking 'Restore', Malwarebytes quarantines the file when I try to run it after the restore. I'm assuming that running the Restore would create an exception, or do I have to do that manually? Mahalo, Harry Z malwarebytes detection log.txt

Aloha @mbam_mtbr. App list generated and sent per your request. Also sent the incident number via PM. Mahalo for your assistance!

Aloha everyone. I have a Google Pixel 4, Android 10 security patch level July 5, 2020, Malwarebytes V 3.7.5.8. A couple of weeks ago, it started showing me ads when I would unlock the phone. It did this most of the time, but not all of the time. See attachment Pixel ads.zip. All the ads had the same look, and seemed to be for reputable companies, so I just thought google was targeting me with unwanted ads. Could not find a way to turn them off, so I just ignored them. The ads were full screen, and I was unable to figure out what program they were associated with. (I'd love a link to instructions on how to do this...) Yesterday, the ads changed. They were in Chrome and obviously fake (Congratulations! you've just done the 5 billionth search on google! Click here....). Also links to some fake cleaners and other junkware. Always in Chrome, so I disabled Chrome. Now they come up in Brave. Again, this only shows up when I unlock my phone from the home screen. If I lock my phone while in an app, then I see that app when I unlock the phone. And, it does not do this 100% of the time. I've reviewed all installed apps, and do not see any that I did not install personally. The one app that I installed around the time all of this started, I have already uninstalled. Manual scan with Malwarebytes shows my phone as clean. Any assistance would be greatly appreciated. Mahalo, Harry Z Pixel ads.zip

Aloha @AdvancedSetup. Removing File Assassin has fixed the problem! Mahalo for your assistance! Unless you have something else for me to do, then I consider this 'Solved'. One item left to take care of. I got bounced around the forums trying to locate the forum that provides support for Support Tool. Can you update the page with the list of forums to indicate which one is the correct one for MBST issues. Mahalo! Harry Z

Aloha @AdvancedSetup Ran FRST as requested. Fixlog.txt attached. Also attached the chkdsk output from the event log. Deleting those two programs did not change anything. SDIO is "Snappy Driver Installer Origin" - a device driver update program (link). Only one I've found that does not serve up ads or malware. Generally recommended over at TechNibble. I will keep CCleaner. Don't like any of the alternatives mentioned in the article. Plus I have CCleaner installed on a few hundred customer's machines. I need to see what it's doing in case I get calls about it. Ran Support Tool after running FRST with the fix list and rebooting. Had to step away from the machine while it was running, and came back to the GUI showing 'Collect Logs' and 'Run FRST' with green checkmarks and this message: "We were unable to create mbst-grab-results.zip, please notify Malwarebytes Support". I have a vague recollection that I've seen this before, so I'm not sure if I have just not been patient enough to let Support Tool run, or something has changed on my system. Before opening this thread, I let support tool run for 5 minutes at the 'Collect Logs' stage before cancelling it. On my other PC the Collect Logs stage took about 5 seconds, so I figured it was hung or looping. What's next? Harry Z chkdsk output.txt Fixlog.txt

Per your request, here are the frst.txt and addition.txt. These are from the FRSTEnglish.exe that gets downloaded by the Support Tool. FRST.txt Addition.txt

@Porthos Seems to be unique to this computer. No problem on my other PC

@Porthos - no change after turning off ransomware

Aloha @Maurice Naggar. Mahalo for the reply. The original reason to run the Support Tool has been resolved. No need to re-hash this here. My only concern at this point is getting the Support Tool running. As such, I will be pursuing that in this thread Harry Z

Aloha @AdvancedSetup. ESET has been uninstalled from my PC. Same problem - the tool hangs at the 'Collect Logs' phase. I did notice something interesting, as pointed out in one of my other threads. When looking at the Security Center section of Addition.txt, ESET is still listed there a couple of times. This is AFTER uninstalling ESET using the normal Settings -> Apps process, and also running the ESET Manual uninstall program and rebooting. Let me know if I need to resolve this anomaly, and how to do it. If this isn't worth spending time on, then what's next in figuring out why the support tool is not running? ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B} Mahalo, Harry Z

Aloha. I was trying out the Malwarebytes Support Tool to see if it would work (having issues with this tool on a different PC). The tool worked, but Malwarebytes detected FRSTEnglish.exe as ransomware. Here is the info from the detection log: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/27/20 Protection Event Time: 3:54 PM Log File: 3b15e818-a086-11ea-8018-001b2163ad39.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.24560 License: Premium -System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, C:\Users\harry\AppData\Local\Temp\mwbF3A7.tmp\FRSTEnglish.exe, Delete-on-Reboot, 0, 392685, 0.0.0 (end) I am attaching a .7z file with the log output and the executable involved (FRSTEnglish.exe from my Downloads folder. If you need the file(s) from the Quarantine directory let me know). Harry Z FRST_malware.7z

FWIW, I tried the support tool on a different computer, and the gather logs function took about 5 seconds. Harry Z

Aloha. This is the 3rd forum I'm posting this to. Hopefully I've finally found the correct place for my problem. I'm trying to get the Malwarebytes Support Tool to run. My original intent was to gather logs as I was looking for something. This original issue has been resolved, but I could never get the Support Tool to run. I run the Support Tool, click on Advanced Options, then click Gather Logs. And it just sits there with the spinning logo. No error messages (that I could find). I gave up after 5 minutes, maybe I need to let it run longer? Anyway, I would like to get this tool working in case I actually need it at some point in the future for a problem. This is on Windows 10 x64 V1909 with all maintenance installed. Support Tool mb-support-1.6.1.784.exe Mahalo, Harry Z

After a reboot, the Support Tool is still not running, so I will open up a 3rd discussion on this topic in the suggested forum. Also, here is what the Security Center part of the Addition.txt looks like after your suggested changes and a reboot: ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440} AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B} FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B} Let me know if there is anything more you want me to do. Harry Z

Aloha Maurice, Made the change suggested in Malwarebytes. Than ran 'sfc /scannow'. Got 'Windows Resource Protection found corrupt files and successfully repaired them.'. Do you want to see the CBS logs. I've never found anything useful in them when I see this message that the files have been fixed. Ran the DISM command, received No component store corruption detected. The operation completed successfully. I'm going to reboot and try running the support tool again. Harry Z