Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

“Debug malware error 895-system 32.exe failure” virus


  • Please log in to reply
13 replies to this topic

#1 lblake

lblake

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 22 August 2015 - 06:26 AM

Using Edge browser on Windows 10 I got this pop-up:

 

1eCNnMO.jpg

 

It has changed the browser default page setting so that when you kill Edge by task manager and restart it, it opens the same window again. I've tried disabling the network, but even with no internet access, when you start Edge it brings up the window. I ran Malwarebytes but it didn't find anything. I ran AdwCleaner, it also didn't find anything. It only affects Edge, IE is OK. Any help appreciated.

 

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:00 AM

Posted 22 August 2015 - 07:15 AM

You can try this: Currently it seems to be not available to reset Microsoft Edge. we may choose to clear browser data under ...->Settings->Clear Browse Data, choose what to clear part.

 

CCleaner will allow you to view and control the startups and tasks for Windows and your browsers. If you can download CCleaner, do this:

Don't know how CCleaner will interact with Edge....

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the three lists mentioned below using CCleaner:

 

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


Edited by buddy215, 22 August 2015 - 07:45 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:00 AM

Posted 22 August 2015 - 08:09 AM

Another option:  Perform a System Restore without removing any of your data/ files.

System Restore Windows 10 - Windows 10 Forums

 

System Restore may not be enabled by default. You should enable it if that is the case.

 

 

QUOTE: System Restore in Windows 10     Why and How to Enable System Restore in Windows 10

..........The good news first: System Restore is available and fully functional in Windows 10. As we mentioned above, however, the bad news is that this feature is turned off by default. Even worse, the interface to enable and manage System Restore is relatively hidden in the legacy Control Panel, and isn’t something that a typical user will stumble upon while browsing the new Windows 10 Settings app. That leaves users on their own to eventually discover the feature, hear about it from colleagues, or find an article like this one on the Web.

While there are new update and restore features built in to Windows 10, including the option to roll the system back entirely to the previous version of Windows, System Restore may still be a good choice for many users. Here’s how you can enable System Restore in Windows 10..................


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 lblake

lblake
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 22 August 2015 - 08:11 AM

Thanks for prompt response.

 

The startup list:

 

Yes HKCU:Run Bitdefender Wallet Agent Bitdefender "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run OneDrive Microsoft Corporation "C:\Users\rjwblake\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes HKCU:RunOnce Uninstall C:\Users\rjwblake\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rjwblake\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
Yes HKCU:RunOnce Uninstall C:\Users\rjwblake\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64 Microsoft Corporation C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\rjwblake\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
Yes HKLM:Run BCSSync Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Yes HKLM:Run Bdagent Bitdefender "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
Yes HKLM:Run NvBackend NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
Yes HKLM:Run ROGNB "C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe"
Yes HKLM:Run WebStorage ASUS Cloud Corporation C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe
 
The install list:
 
ASUS GIFTBOX Desktop ASUS 8/20/2015 1.88 MB 1.1.6
ASUS Live Update ASUS 8/15/2015 8.35 MB 3.3.4
ASUS ROG Gaming Mouse ASUS 7/16/2015 2.00.026
ASUS Smart Gesture ASUS 8/20/2015 102 MB 4.0.5
ASUS Splendid Video Enhancement Technology ASUS 8/20/2015 15.8 MB 3.11.0001
ASUS USB Charger Plus ASUS 8/20/2015 30.8 MB 4.1.6
ASUS Virtual Camera ASUS 7/16/2015 3.16 MB 1.0.29
ATK Package ASUS 8/20/2015 7.46 MB 1.0.0039
Bitdefender Total Security 2015 Bitdefender 8/21/2015 19.2.0.151
CCleaner Piriform 8/22/2015 5.08
Device Setup ASUSTek Computer Inc. 4/10/2015 3.71 MB 1.0.20
Evernote v. 5.8.3 Evernote Corp. 4/10/2015 232 MB 5.8.3.6507
Foxit PhantomPDF Foxit Software Inc. 4/10/2015 507 MB 7.0.59.127
Intel Collaborative Processor Performance Control Intel Corporation 8/17/2015 1.0.0.1018
Intel® Control Center Intel Corporation 8/17/2015 1.2.1.1008
Intel® Management Engine Components Intel Corporation 8/17/2015 10.0.28.1006
Intel® Processor Graphics Intel Corporation 8/17/2015 10.18.14.4062
Intel® Wireless Bluetooth®(patch version 17.1.1440.2) Intel Corporation 7/16/2015 38.5 MB 17.1.1409.0486
Intel® PROSet/Wireless Software Intel Corporation 8/17/2015 251 MB 17.13.2
Malwarebytes Anti-Malware version 2.1.8.1057 Malwarebytes Corporation 8/21/2015 64.6 MB 2.1.8.1057
Microsoft Office Microsoft Corporation 4/10/2015 323 MB 15.0.4693.1005
Microsoft Office Professional Plus 2010 Microsoft Corporation 8/17/2015 14.0.7015.1000
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 8/17/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 8/17/2015 11.1 MB 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 8/17/2015 10.0.50903
NVIDIA Graphics Driver 345.05 NVIDIA Corporation 7/16/2015 345.05
NVIDIA PhysX System Software 9.14.0702 NVIDIA Corporation 7/16/2015 9.14.0702
PixelMaster Video HDR ASUS 7/16/2015 18.3 MB 1.1.23
Realtek Card Reader Realtek Semiconductor Corp. 7/16/2015 6.3.9600.21260
Realtek Ethernet Controller Driver Realtek 7/16/2015 8.34.617.2014
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 8/17/2015 6.0.1.7535
Send To Toys v2.7 Gabriele Ponti 8/19/2015 2.42 MB
Skype™ 6.18 Skype Technologies S.A. 4/10/2015 26.3 MB 6.18.105
TeamViewer 10 TeamViewer 8/22/2015 10.0.45862
VLC media player VideoLAN 8/19/2015 2.2.1
WebStorage ASUS Cloud Corporation 8/17/2015 2.2.2.524
WildTangent Games App WildTangent 8/17/2015 4.0.11.14
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) ASUS 8/20/2015 06/17/2015 1.0.0.262
WinFlash ASUS 7/16/2015 2.82 MB 3.0.1
 
 


#5 lblake

lblake
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 22 August 2015 - 08:15 AM

Another option:  Perform a System Restore without removing any of your data/ files.

System Restore Windows 10 - Windows 10 Forums

 

System Restore may not be enabled by default. You should enable it if that is the case.

 

 

QUOTE: System Restore in Windows 10     Why and How to Enable System Restore in Windows 10

..........The good news first: System Restore is available and fully functional in Windows 10. As we mentioned above, however, the bad news is that this feature is turned off by default. Even worse, the interface to enable and manage System Restore is relatively hidden in the legacy Control Panel, and isn’t something that a typical user will stumble upon while browsing the new Windows 10 Settings app. That leaves users on their own to eventually discover the feature, hear about it from colleagues, or find an article like this one on the Web.

While there are new update and restore features built in to Windows 10, including the option to roll the system back entirely to the previous version of Windows, System Restore may still be a good choice for many users. Here’s how you can enable System Restore in Windows 10..................

 

Unfortunately, this was a new upgrade to Windows 10 and I discovered System restore was not turned on by default, so there were no restore points.



#6 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:00 AM

Posted 22 August 2015 - 09:03 AM

What about Tasks...was there anything mentioned under Tasks? Or did you just miss it?

 

I see you added Team Viewer today....are you using it to get assistance for this issue?

 

Did you do this....clear browser data under ...->Settings->Clear Browse Data


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:00 AM

Posted 22 August 2015 - 09:16 AM

Another option: Run Rkill and possibly find the process causing the popup and then delete it.

RKill Download

Double-click on the Rkill desktop icon to run the tool.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.


Edited by buddy215, 22 August 2015 - 09:16 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 lblake

lblake
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 22 August 2015 - 10:03 AM

The issue has changed. When I open Edge the window is no longer is there. BTW, the site (browsed by error) is facebookdigital.info. If it was hacked, it would appear it got fixed. I am still questioning if there is an infection as I don't understand why the window was there with no internet access (AFAIK I cleared the cache) and how the default page was changed to that URL. If there is anything else I should scan with - or any other advice - please recommend. Otherwise, thanks for the assistance.


Edited by lblake, 22 August 2015 - 10:03 AM.


#9 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:00 AM

Posted 22 August 2015 - 10:38 AM

I don't think it is an infection. I think the website was hacked or a legit ad server was hacked.

Just clearing the browser's cache may have removed the ad. Good that you recognized it as a scam....many won't. Usually just doing a search

using the phone number will give results. In this case it did not. These criminals/ scammers even make cold calls pretending to be a Microsoft employee.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 lblake

lblake
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 22 August 2015 - 02:02 PM

I don't think it is an infection. I think the website was hacked or a legit ad server was hacked.

Just clearing the browser's cache may have removed the ad. Good that you recognized it as a scam....many won't. Usually just doing a search

using the phone number will give results. In this case it did not. These criminals/ scammers even make cold calls pretending to be a Microsoft employee.

 

Just had someone call the landline number claiming to be from Microsoft. They "knew there was a problem with your computer" etc. The question now is how they could have gotten the phone number.



#11 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:00 AM

Posted 22 August 2015 - 02:44 PM

Just a guess...Is your land line listed in the white pages? Were you logged into Facebook when you first saw that scammer's ad? Possible for the site to

be hacked and got your name and general location from there. Or a cookie or some other type of tracking software...spider...picked up your IP which would give the general locale.

 

It could be just one heck of an eerie coincidence.

 

EDIT: did you recognize the language accent?


Edited by buddy215, 22 August 2015 - 02:46 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 lblake

lblake
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 22 August 2015 - 02:56 PM

The person who was using the computer was logged in to Facebook. Needless to say the password has been changed. I didn't hear the call, but understand the caller's accent was probably Asian - could have been Indian.



#13 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:00 AM

Posted 22 August 2015 - 03:05 PM

......could have been Indian...that's typical of several other members comments about other scam attempts here at BC.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:00 AM

Posted 22 August 2015 - 03:21 PM

I mentioned in an earlier post that Team Viewer was installed today. Was it installed by you for a purpose other than allowing the scammers remote access?

That is part of the usual scam.....allowing them remote access.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users