bobz Posted August 19, 2016 ID:1057332 Share Posted August 19, 2016 I ran a full scan today and one treat was found Threat: FiskWare.Extension/Mismatch File c:user\xxx\appdata etc Action: Quarantined when I look in Quarantine there is nothing there. Why not? Shouldn't it be there in case I want to restore it? Link to post Share on other sites More sharing options...
bobz Posted August 19, 2016 Author ID:1057345 Share Posted August 19, 2016 In my message above, it should have read: "Threat: RiskWare.......etc." Link to post Share on other sites More sharing options...
Porthos Posted August 19, 2016 ID:1057346 Share Posted August 19, 2016 Have you restarted the computer? If not please do. Link to post Share on other sites More sharing options...
bobz Posted August 19, 2016 Author ID:1057355 Share Posted August 19, 2016 Yes, and still nothing in Quarantine. (Win10) Link to post Share on other sites More sharing options...
Porthos Posted August 19, 2016 ID:1057356 Share Posted August 19, 2016 (edited) We will wait for staff to look at this. If I remember you had issues like this before. Is this the same computer? Was this the same one? Another thought, Do you use Ccleaner? Also, the best way for us to help you would be for us to see the requested Diagnostic Logs for the Windows 10 computer. Edited August 19, 2016 by Porthos Link to post Share on other sites More sharing options...
bobz Posted August 19, 2016 Author ID:1057357 Share Posted August 19, 2016 This is brand new Win10 computer. Yes, I do use CC. Link to post Share on other sites More sharing options...
Porthos Posted August 19, 2016 ID:1057359 Share Posted August 19, 2016 Do you have Malwarebytes checked to clean in CC? Link to post Share on other sites More sharing options...
bobz Posted August 19, 2016 Author ID:1057380 Share Posted August 19, 2016 No. Link to post Share on other sites More sharing options...
bobz Posted August 19, 2016 Author ID:1057382 Share Posted August 19, 2016 (edited) No. Here's the Threat from the Scan report: Files: 1 RiskWare.ExtensionMismatch, c:\users\bobz\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\tempstate\onboarding-static-144.gif, Quarantined, [b1e18ebebedc65d1912fef4609f82bd5], Edited August 19, 2016 by bobz Link to post Share on other sites More sharing options...
Porthos Posted August 19, 2016 ID:1057383 Share Posted August 19, 2016 Ok go ahead with posting the logs. Link to post Share on other sites More sharing options...
bobz Posted August 19, 2016 Author ID:1057390 Share Posted August 19, 2016 Don't know if that file is important if it is not in Quarantine and can't be recovered? I looked up Cortana (mentioned in the threat file) and see that it says "Cortana is your digital agent. She'll help you get things done. The more you use Cortana, the more personalized your experience will be." Something new in Win10 that I doubt I will ever use except to do a search. Link to post Share on other sites More sharing options...
bobz Posted August 19, 2016 Author ID:1057391 Share Posted August 19, 2016 (edited) Don't know if that file is important if it is not in Quarantine and can't be recovered? I looked up Cortana (mentioned in the threat file) and see that it says "Cortana is your digital agent. She'll help you get things done. The more you use Cortana, the more personalized your experience will be." Something new in Win10 that I doubt I will ever use except to do a search. As you said "We will wait for staff to look at this." Should I wait for staff to look at this rather than loading another program (posting logs) which might not work with this new Win10 computer? Edited August 19, 2016 by bobz Link to post Share on other sites More sharing options...
Porthos Posted August 20, 2016 ID:1057400 Share Posted August 20, 2016 Logs work just fine in Win 10. So please post them or the staff wont have any thing to look at. Link to post Share on other sites More sharing options...
bobz Posted August 20, 2016 Author ID:1057403 Share Posted August 20, 2016 FRST.txt Addition.txt Link to post Share on other sites More sharing options...
bobz Posted August 20, 2016 Author ID:1057404 Share Posted August 20, 2016 CheckResults.txt Link to post Share on other sites More sharing options...
bobz Posted August 20, 2016 Author ID:1057405 Share Posted August 20, 2016 I believe the above 3 files are what you needed. I am not that familiar with computers especially with this Win10. I hope the file that was supposed to be in Quarantine, which is now missing, is not a vital part of Win10. i've been told that " Cortana" is a new part of Win10 and used for searches, etc. So it might be "vital/important." I don't know why it says it was in Quarantine and yet it is not in Quarantine? Very confusing indeed. Link to post Share on other sites More sharing options...
daledoc1 Posted August 20, 2016 ID:1057450 Share Posted August 20, 2016 Hi, @bobz: In addition to the 3 logs already posted, it would help if you could please also post (as an ATTACHMENT) the complete MBAM SCAN log that shows the detection you report, not just the snippet. This KB article explains how to locate and export logs: How do I access and save logs from Malwarebytes Anti-Malware? Please make sure it is the SCAN log that picked up the detection you report. Please be sure to export and save it as a *.txt file (not an *.xml) file. Please ATTACH it to your next reply, just like you attached the other 3 logs. Thanks, Link to post Share on other sites More sharing options...
Porthos Posted August 20, 2016 ID:1057471 Share Posted August 20, 2016 Also It looks like you installed Malwarebytes on 7-23 and on 8-3 you upgraded your Windows from the one that came with your new computer to the new anniversary update 1607. Sometimes this can break MBAM. I suggest you do a clean install to rule that out.. clean reinstall of MBAM Free, by following the steps here: MBAM Clean Removal Process 2x Please be sure to reboot the computer when prompted by the removal tool It's a good idea to reboot again after reinstalling MBAM Free Link to post Share on other sites More sharing options...
bobz Posted August 20, 2016 Author ID:1057491 Share Posted August 20, 2016 I am getting very confused. What do you want me to do? Attach copy of original scan. Or must I uninstall MB and then reinstall? What happened to the file that MB supposed to have put into Quarantine. But it is NOT in quarantine? MB Scan 2.txt Link to post Share on other sites More sharing options...
bobz Posted August 20, 2016 Author ID:1057493 Share Posted August 20, 2016 7 minutes ago, bobz said: I am getting very confused. What do you want me to do? Attach copy of original scan. Or must I uninstall MB and then reinstall? What happened to the file that MB supposed to have put into Quarantine. But it is NOT in quarantine? MB Scan 2.txt Add on to my above post: I don't know if the file that was removed by MB (RiskWare.ExtensionMismatch, c:\users\bobz\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\tempstate\onboarding-static-144.gif, Quarantined,) was an important file and might stop my new Win10 from working properly? Cortana is supposed to be an integral part of Win10. Link to post Share on other sites More sharing options...
Porthos Posted August 20, 2016 ID:1057495 Share Posted August 20, 2016 25 minutes ago, bobz said: was an important file and might stop my new Win10 from working properly? Cortana is supposed to be an integral part of Win10. You would have noticed by now. Have you done any searches with Cortana since? Any issues? Link to post Share on other sites More sharing options...
bobz Posted August 20, 2016 Author ID:1057501 Share Posted August 20, 2016 1 hour ago, bobz said: Add on to my above post: I don't know if the file that was removed by MB (RiskWare.ExtensionMismatch, c:\users\bobz\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\tempstate\onboarding-static-144.gif, Quarantined,) was an important file and might stop my new Win10 from working properly? Cortana is supposed to be an integral part of Win10. What am I to do now? I sent the txt file requested by daledoc1 Is he going to respond? Does he want me to uninstall and then reinstall MB? I am in my 80s and sending all these reports, etc. is very new to me and getting me very confused, as I said. Link to post Share on other sites More sharing options...
Porthos Posted August 20, 2016 ID:1057505 Share Posted August 20, 2016 Ok, Lets just take a break. For now we have all the logs we need. I am sure @daledoc1 has alerted an Admin /Staff to look into this. It is the weekend and they have lives as well. Just hang tight. Link to post Share on other sites More sharing options...
daledoc1 Posted August 20, 2016 ID:1057510 Share Posted August 20, 2016 (edited) Hi, @bobz: The reasons I asked for the MBAM scan log BEFORE asking you to reinstall MBAM include: A clean reinstall would wipe out the scan log (and any items in Quarantine), so that the Malwarebytes staff would not be able to see what was detected. That would hamper troubleshooting. The scan log provides additional detail -- in addition to the FRST logs and Mbam-Check log -- to help to determine if the detection might be some sort of false positive. If it is a false positive, then you might not need to bother reinstalling MBAM. Yes, I have asked a Malwarebytes staff member to review your logs. Please try to be patient until they can respond. EDIT: ALSO, I noticed that this was a "Custom" scan. For the record, the Threat scan is all that is routinely needed or recommended. Routine "full" or "custom" scans are neither recommended nor necessary, and could cause excessive wear on your hard drive. Please let us know if you need help configuring your scan settings. Thank you, Edited August 20, 2016 by daledoc1 Link to post Share on other sites More sharing options...
bobz Posted August 20, 2016 Author ID:1057514 Share Posted August 20, 2016 (edited) OK. I know how to use the Threat scan. I will wait for the staff's response. But wanted to let you know that the reason I began this thread was to tell you that MB found a Threat and said it placed it in the Quarantine folder. But when I looked in the Quarantine folder there was no file in there. So I don't know if this can be called a False/Positive? I thought a False/Positive referred to a file that was placed in Quarantine and could still be restored. There is nothing here to restore with this Threat. Edited August 20, 2016 by bobz Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now