Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC is automatically shutting down, malware reports


  • This topic is locked This topic is locked
61 replies to this topic

#1 YourFriend0

YourFriend0

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 09 March 2018 - 03:51 AM

Hi Everyone,

 

I would appreciate for a lifetime if someone could please also help me with computer problems I am having that prevent me to do any kind of urgently needed work to do. Whenever I start working on some tasks, often are shown Windows 10 64bit bluescreen error messages:

 

"Your PC ran into a problem and needs to restart. We're just collecting some error info and then we'll restart for you"

 

Same bluescreen error is destroying my work because it crashed everything what is not saved, sometimes it even crashes saved work. Browser firefox is up to date. I did some research and saw information that this error message could be related to outdated drivers. I updated every driver on pc (e.g. graphic card, etc) but problem is still occurring. Windows Defender is all the time reporting malware but when i click on that warning window that occurs from taskbar, there are no malwares found. Some other malware cleaning programs found malware, I cleaned them but it seems like it was not cleaned correctly.

 

I am seriously worried because my entire work is on hold. Unable to do anything. Please if someone could help...

 

Both files are in attachment. Thank you a million times in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 Android8888

Android8888

  • Malware Response Team
  • 89 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:54 PM

Posted 09 March 2018 - 05:31 PM

Hello YourFriend0 and :welcome: to Bleeping Computer.

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.


Next,

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file (at the end of this post), and save it on your computer Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Run as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;

 

 

Next,

  • Download AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator;
  • Accept the EULA (I accept), then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do it;
  • After the restart, a log will open when logging in.
  • Please copy and paste the content of that log in your next reply.

 

 

Next, I need you to run a scan with Malwarebytes.

However, you have installed an old version of Malwarebytes (2.2.1.1043). Please read the instructions below and make a clean install of Malwarebytes from the old version to the latest version 3.4.4.

Download MBAM-clean and save it to your computer Desktop.
 
Right-click on mbam-clean.exe icon and select Run as administrator to start the tool.
It will ask you to reboot the machine - please do so.
Run the MBAM-clean tool again and reboot when complete. NOTE: DO NOT miss this step.

Download Malwarebytes version 3.4.4 from here and save it to your Desktop or anywhere else on your system since you know where is located.

Double click on the installer and follow the prompts to install the program.

When the install completes and is updated do the following:

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Then select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on.
  • Go back to DashBoard and select the blue Scan Now tab.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please copy and paste the contents of the log in your next reply.

 

To summarize, please post the contents of the following logs in your next reply:
Fixlog.txt
AdwCleaner clean log
Malwarebytes log.

Let me also know how is the computer running at this point.

Thank you.

Android8888
(Rui)

Attached Files


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#3 YourFriend0

YourFriend0
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 10 March 2018 - 06:22 PM

Thank you very much for your reply.

 

After using your attached file in FRST, after getting file Fixlog.txt successfully saved and before using ADWCleaner, is it normal that pc automatically reboots without giving any info message? Exactly this happened. Then while rebooting, before ( ! ) coming to desktop, it shows message that there are some repairs of drive going on. When % counter reached 11%, it was stopped for hours. I was waiting a lot which is the reason for my delayed response because i usually answer much quicker. It didn't go pass 11%. Then i forced computer to be turned off from electricity and runned again. Same repairing message occurred. Once again it stucked at 11% again. I turned pc off again. Fortunately there was a message, that occurred before Repairing message, telling me to press any key on keyboard to skip this. I did so. Obviously I rebooted then again to make sure i got rid of this repairing message and it is fortunately gone. I am just wondering if such automated reboot (after getting fixlog.txt) without any info message, is normal?

 

Also: Is it normal that file Fixlist.txt gets automatically deleted as soon as procedure of FRST's work is completed AND file Fixlog.txt saved? I saved Fixlist.txt on Desktop and it is gone from there. I didn't delete it.

 

The program ADWCleaner produced two files:

 

AdwCleaner[S0] is before reboot (note: i am talking about different reboot here - the one caused by ADWCleaner and not the one[s] from above paragraph)

AdwCleaner[C0] is after reboot

 

All FOUR files are in attachment.

Attached Files


Edited by YourFriend0, 10 March 2018 - 06:23 PM.


#4 Android8888

Android8888

  • Malware Response Team
  • 89 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:54 PM

Posted 11 March 2018 - 05:06 PM

Hello YourFriend0.

Thank you for those logs.

The logs you provided are looking good. The tools removed several entries of Potentially Unwanted Programs and Adware. Also, your system was infected with several fake drivers which were removed with the script fix by FRST.

 

To answer your questions:
 

After using your attached file in FRST, after getting file Fixlog.txt successfully saved and before using ADWCleaner, is it normal that pc automatically reboots without giving any info message?

Yes, in this case it is normal because I included a Disk Check in the script fix and that will not give you a message. Sorry for not having previously informed you about that.
 

 

Then while rebooting, before ( ! ) coming to desktop, it shows message that there are some repairs of drive going on.

There are some Code Integrity errors in your FRST logs so I included a Disk Check in the fix. That is why that happened.
 

 

Also: Is it normal that file Fixlist.txt gets automatically deleted as soon as procedure of FRST's work is completed AND file Fixlog.txt saved? I saved Fixlist.txt on Desktop and it is gone from there. I didn't delete it.

This is the way how FRST works. After running the script, FRST will process the instructions included in the fix and will replace the fixlist.txt for Fixlog.txt with the results of the script. Also, nothing to worry about.


Now please do an online scan with ESET to search for leftovers. This is a very thorough scan and can take several hours to complete but it's worth it.

ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file and save it to your computer Desktop.
    • Close all your programs and browsers and disconnect any USB flash drives from the computer.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Right-click on esetonlinescanner_enu.exe and select Run as administrator.
    • Click Yes to accept the User Account Control security warning that may appear. It will open a window with the Terms of Use.
  • Click the Accept button.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.
 

 

Let me know how is your computer running at this point. What issues or concerns are you still experiencing with this machine? Are you still getting those blue screen error messages?

Thank you.

Android8888
(Rui)


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#5 YourFriend0

YourFriend0
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 12 March 2018 - 09:34 AM

I am trying my best to finish the work with eset onlline scanner, which seems to take very long time (e.g. 2+ hours), for a scan to complete but i cannot come to the end. Tried three times. The reason is that bluescreen error message ''Stop Code: Critical Structure Corruption'' always occur before scan is completed and im not really a fan of so called ''Windows SafeMode'' to do anything there. So bluescreen causes pc to reboot and scan doesn't end.

 

Windows Defender is all the time reporting malware. MBAM also does and all the time tells me that something is ''quarantined'' (or something like that). Additional annoying message from MBAM is that i always get info that particular entry of protection is turned off - it is website domain related. I had to turn off because it was all the time blocking access to few, very few, websites. Now this message occurs keep telling me that one (1) entry of protection is off.

 

Again, due to said bluescreen error, it doesn't seem that i will be able to complete eset scan. I am trying my best to solve the bluescreen error first. Any idea?



#6 Android8888

Android8888

  • Malware Response Team
  • 89 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:54 PM

Posted 12 March 2018 - 10:19 AM

Hello,

 

The Blue Screen can happen due to several reasons and that can include malware, corrupted System files, hardware issues, etc.

 

Okay, please do the following:

 

RogueKiller Portable (64-Bit) (Scan Mode)

Please download RogueKiller_portable64.exe by Tigzy and save it to your computer Desktop. This scan can take some time consuming so please be patient and let it finished.

  • Now close all programs and Internet browsers and disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the file RogueKiller_portable64.exeand select Run as administrator to start the tool.
  • Click Yes to accept the User Account Control security warning that may appear.
  • Once the tool is open, click the 'Scan' tab menu and the click the Start Scan button.
  • Wait until the scan has finished. Note: This scan may take some time to complete;
  • Warning: Do NOT remove any entry it found. They may not all be malicious and need to be carefully analyzed.
  • Once finished the results will be displayed. Click on the Open Report button. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop.
  • Close RogueKiller.

Please copy and paste the contents of RKlog.txt to your next reply for my review.

 


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#7 YourFriend0

YourFriend0
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 13 March 2018 - 03:46 PM

I was scanning with ESET several times. One scan takes around two hours. Almost every time bluescreen error occurred, preventing me to finish the scan. I wasn't observing all the time but when i did, lower quantity (e.g. max 3) of infections were found. Due to obvious, already said, reason, there was no way for me to see what infections were.

 

Why did i say ''almost every time'' instead of ''every time''? Because today finally ESET completed the scan and bluescreen error occurred few minutes after the scan which means ESET scan was successfuly completed. NO infections were found. Not sure how is this possible since, due to bluescreen error, the past scans weren't completed and therefore nothing was cleaned. But i repeat: nothing found with ESET and it finished scan completely.

 

Regarding RogueKiller: i didn't clean anything because you told me so. The report is in attached file.

Attached Files


Edited by YourFriend0, 13 March 2018 - 03:47 PM.


#8 Android8888

Android8888

  • Malware Response Team
  • 89 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:54 PM

Posted 13 March 2018 - 07:18 PM

The RogueKiller log is clean. Also, according to your description it looks like ESET cleaned up any threat it may found even though the scan didn't finished. Alright, the Blue Screen issue is definitely not due to active malware related.

 

But i repeat: nothing found with ESET and it finished scan completely.

At this stage I can say that your computer appears to clean and free of malware.

 

Please try running another Check Disk in another way as follow.

Follow the instructions below to run a CHKDSK scan on your Windows partition;

  • On Windows 10, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the command chkdsk /r (there's a space between "chkdsk" and "/r") and press on Enter;
  • A message will be returned, stating that the drive cannot be locked because it's already in use, and you'll be asked if you want to schedule the scan for the next restart. Enter y and press on Enter;
  • Restart your computer, and the chkdsk scan will be launched automatically;
  • Once the chkdsk scan is complete and you're back in Windows, find the log in the Event Viewer and copy and paste it in your next reply;

WARNING: Depending on your hard drive (specs, free space, fragmentation, etc.) this scan can be relatively long to complete. Give it all the time it needs to finish. Do not interrupt it for any reason there is, or you might be damaging your drive in the process and make your Windows unbootable. It's suggested to let this scan run overnight or when you leave the house for a few hours (when you go to work for example). If you are running this scan on a laptop, don't forget to leave it plugged in;

Please let me know if you were able to complete the Check Disk or did you get any Blue Screen while running it?

Android8888
(Rui)


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#9 YourFriend0

YourFriend0
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 14 March 2018 - 03:29 AM

The ''chkdsk /r'' doesn't work in CMD when i run it as an admin. I get the following error message:

 

"The type of the file system is NFTS. Cannot locate current drive. Chkdsk cannot run because the volume is  in use by another process. Would you like to schedule this volume to be checked next time the system restarts? (Y/N)"

 

I chose Y and restarted. The incomplete result was the same as few days ago and I still remember it: The checking was never passed 11%. There is something at exactly 11% which is preventing the checking procedure to go further. It was stucked completely. Fortunately, thanks to God, I had a choice to skip this procedure with pressing any key on keyboard and i hope it will never be attempted to be checked again otherwise it will for sure be stucked at 11% again. Few days ago, when i was doing this, i waited for over 8 hours for checking to move from 11% to 12% and then further. It never did.

 

What should I do with two entries that were found as infected yesterday by RogueKiller? When i open RogueKiller again, i cannot see them anymore. Where can i track them and where (is this needed?) do I delete them? Scan took long time to complete and i prefer to NOT do it again.

 

Both MBAM and Windows Defender are all the time reporting some malware.


Edited by YourFriend0, 14 March 2018 - 03:30 AM.


#10 Android8888

Android8888

  • Malware Response Team
  • 89 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:54 PM

Posted 14 March 2018 - 11:53 AM

Alright, let's leave chkdsk for now.

 

What should I do with two entries that were found as infected yesterday by RogueKiller? When i open RogueKiller again, i cannot see them anymore. Where can i track them and where (is this needed?) do I delete them? Scan took long time to complete and i prefer to NOT do it again.

The Registry Keys (entries) that RogueKiller found are not malicious.

¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

They are related to the User Account Control prompt behavior for system Administrators.

The default value of this key is set to prompt but do not require credentials to be entered. A value of '0' allows administrators to perform operations that require elevation without consent (meaning prompts) or credentials (meaning authentication). So they are not malicious and you should not delete them. That is why RogueKiller entries must be analyzed very carefully before delete anything. Otherwise it can lead to a unbootable computer which is not desirable at all.

 

Both MBAM and Windows Defender are all the time reporting some malware.

Okay, I need to see a new MBAM quarantine log and also a new set of FRST logs, so please do the following in Normal mode:

Perform a new scan with Malwarebytes and quarantine all the threats it finds. Then attach the log in your reply for my review.

Re-run a new scan with FRST and provide me a new set of fresh logs (FRST.txt and Addition.txt) for my review.

Let me see those three new logs to check if there is something which may still be causing problems.


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#11 YourFriend0

YourFriend0
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 15 March 2018 - 03:32 AM

MBAM log file is attached. As visible on the file, two infections were found and I deleted them.

 

Two files from FRST are also attached.

 

As soon as MBAM requested reboot and Windows came back to Desktop after reboot, MBAM found new infection which is most likely NOT included in attached log file because this log file was created before reboot. The new infection found is called Generic.MalwareSuspicious

 

I noticed that whenever (almost always but not always this happens) MBAM finds something automatically, the nasty file is located in:

 

C:\Users\User\AppData\Local\Temp

 

I have CCleaner but it seems like it is not doing its ''job'' accurately. I wish there was some software which would automatically and immediately permanently delete from hard drive whatever occurs in that said Temp folder. Is there any such software?

Attached Files



#12 Android8888

Android8888

  • Malware Response Team
  • 89 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:54 PM

Posted 15 March 2018 - 03:01 PM

Hello YourFriend0.
 

MBAM found new infection which is most likely NOT included in attached log file because this log file was created before reboot.

The Malwarebytes log you attached shows No Action By User which means that you did NOT quarantined the two threats it found.

PUP.Optional.InstallCore.Generic, C:\USERS\UPORABNIK\APPDATA\LOCAL\TEMP\ICReinstall_Setup_ImgBurn_2580_install_2272061043.exe, No Action By User, [5119], [466466],1.0.4364
Adware.Agent.E, C:\WINDOWS\SYSTEM32\R6LSTMP4.DAT, No Action By User, [992], [412507],1.0.4364

 

I have CCleaner but it seems like it is not doing its ''job'' accurately. I wish there was some software which would automatically and immediately permanently delete from hard drive whatever occurs in that said Temp folder. Is there any such software?

Don't worry, we will remove the infection from your computer.

Please proceed with the following instructions in the order listed.

NOTE: If for some reason you start having any difficulty (e.g. blue screen, etc.) in running and finishing the following steps, please let me know.


There are still fake drivers installed on your system. You may want to read here why you should not use driver update programs and the best procedure on how to do it.
That being said, you have one program with dubious purposes installed on your computer that should be removed.

 

Hit Win + X at the same time;
Select 'Programs and Features';
Select the application Driver Booster 5 and click Uninstall;
Please restart the computer.


Now let's cleanup the fake drivers with the following script fix.

Follow the instructions below to execute a fix on your system using FRST, and provide the Fixlog.txt log in your next reply.

  • Download the attached fixlist.txt file at the bottom of this post, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Run as administrator;
  • Click on the Fix button;
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;

 

Next,

Please re-run Malwarebytes (MBAM) and execute a new scan on your system.

  • When the scan completes if potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your computer Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the quarantine log in your next reply.

 

Next,

  • Download AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator;
  • Accept the EULA (I accept), then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do it;
  • After the restart, a log will open when logging in.
  • Please attach the AdwCleaner[Cx].txt log in your next reply.

 

Next,

Follow the instructions below to run a scan using the Emsisoft Emergency Kit (EEK).

  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
  • Once the extraction is complete, the EEK folder will open. Right-click on G0tu5D9.pngstart emergency kit scanner.exe and select Run as Administrator;
  • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, open EEK again (in the C:\EEK folder);
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
  • Save the log on your computer Desktop and attach it to your next reply;

 

Things I would like to see in your next reply:

  • Were you able to uninstall Driver Booster 5?
  • The Fixlog.txt
  • The MBAM quarantine log
  • The AdwCleaner clean log (AdwCleaner[Cx].txt)
  • The EEK quarantine log

Please answer the points above and let me know in detail the state of the computer at this point.

Thank you.

Android8888
(Rui)

Attached Files


Edited by Android8888, 15 March 2018 - 03:04 PM.

Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#13 YourFriend0

YourFriend0
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 15 March 2018 - 06:23 PM

Three questions if you don't mind me asking:

 

1. AdwCleaner automatically deleted one very important software which makes my computer clean and even offers me feature based on functionality how to reduce (re)boot time. It cleans more cookies/cache than CCleaner can recognize and optimizes pc future to make it faster and in better ''shape''. This software is called Advanced SystemCare. How is possible that AdwCleaner automatically deleted such important and quality software?

 

2. You asked me if I uninstalled Driver Booster. Before doing that and before answering your question, I need to ask you: Why is Driver Booster needed to be deleted? It is high quality software for automated recognition of outdated drivers. It downloads and updates drivers automatically. This reduces a lot of manual work. I consider this software as high quality one so I don't understand why I would need to uninstall it?

 

3. Regarding EEK software: You said after scan is completed and everything ticked, I should use Quarantine Selected button and I did so. Therefore, as you instructed, I did NOT click on Delete button but why giving priority to Quarantine instead of Delete? According to my understanding those nasty findings should be deleted, not only quarantined. When do i delete them (note: button ''Delete'' and NOT button ''Clean All'' which is also located in Logs menu) from Quarantine?

 

File EEK is not in English language and therefore contains some nonenglish characters. I would like to translate few of them for you (the translations below have nonenglish characters converted by me to english ones):

 

Visoka stopnja rizika = high level of risk

Malware groznja = malware threat

Uporabnik = user

Okuzba v Karanteni = infection in quarantine

Datum = date

Sestavni del = consisting part

Dejanje = activity (task)

Podrobnosti = details

Skener = scanner

Skeniranje koncano = scan completed

Najdeno = found

Predmeti = items

Drugi predmeti = other items

Uporabnikova odlocitev o nadaljnih dejanjih = user's choice of further activities

Skeniranje zagnano = scan runned

Sprememba nastavitve = change of setting

Zaznavanje PUPs dodatkov je spremenjeno na Vkljuceno = perceiving of PUPs additions is changed to Included

Jedro programa = core of program

Posodobitev = update

Priporoceno branje = adviced reading

Neuspesno z napako Napaka Streznika = unsuccessful with failure Server Error

 

You asked me how computer is performing. Regarding BlueScreen Error: this is impossible to comment yet: It takes few days of observing as you are surely aware of. Cannot say BlueScreen Error is gone (although i wish i could) just because it doesn't occur for few minutes only. However huge report of infections found by EEK can only be a good thing. Regarding performance: The ''only'' clearly visible problem (excluding possibility of bluescreen error) are nonstop reports of MBAM that something is found. Example is here:

 

https://ibb.co/fzFRKc

 

In case if you require any different image uploading website, please let me know. MBAM is reporting this (i am referring to similar report, doesn't necessary be identical file - but different files) all the time. Other than this, it looks OK.

 

Four files are in attachment.

 

One more thing: There may be something seriously wrong with file mentioned in MBAM log (see attachment) because same file has been mentioned by several MBAM logs in very short time, even if it was every time Quarantined and deleted from there.

Attached Files


Edited by YourFriend0, 15 March 2018 - 06:27 PM.


#14 Android8888

Android8888

  • Malware Response Team
  • 89 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:54 PM

Posted 16 March 2018 - 03:20 PM

Hello YourFriend0.

The instructions and procedures provided are always thought to be the most appropriate to the user problem based on the information provided by the user and expressed in the logs.

Let me tell you that from my own experience and other Security and Malware Removal Experts opinions "PC Booster/Tune Up/Optimizers" programs are part of the worst kind of programs you can install on a system. When it comes to messing up your system (Windows), these are as worst as malware. They are completely worthless and useless to use. The worst is that they'll often take action on your system without you knowing, nor authorizing it, which could lead to your system being altered in a way you don't want it to be or even worst, a "broke" system. Every feature they provide, you can either do it natively under Windows, do it via another standalone executable (which is way easier and safer to use) or they aren't providing something you need. Here's a few examples:

  • Cleaning temporary files: TFC (standalone executable), CCleaner (installed), Cleanmgr.exe (built-in);
  • Managing start-up entries: Autoruns (standalone executable), CCleaner (installed), Task Manager and Registry Editor (built-in);
  • Driver Updater: Not needed, all you need is to go on your manufacturer website so you'll be sure to get the right, official, working drivers for your computer or hardware;
  • Registry Cleaner: Completely useless and also dangerous;
  • Disk Defragging: Disk Defrag (built-in), O&O Disk Defrag (installed), Defraggler (installed);
  • Powerful uninstaller: Not needed, only needed when you have to make sure a program is completely uninstalled. Revo Uninstaller and GeekUninstaller are two good alternatives;
  • "Enhanced" Task Manager: ProcExp from Sysinternals Suite (standalone executable), Process Hacker (portable or installed);
  • "Active security": Any Antivirus and Antimalware can beat that, easily. These programs aren't made to replace Antivirus or Antimalware products and shouldn't be seen as such;
  • Repair bad sectors on a hard drive: Simple chkdsk /r command under Windows (built-in);

 

Having such programs (PC Booster/Optimizers) installing on your system will just bloat it down and you have more chances to have issues by using them than without. These products are advertised as a program that can solve all your issues, remove every malware, speed up your computer performance over 100%, etc. The truth is that there's not a single program that can do that. First of all, these programs aren't made to remove virus and malware, leave this in the hands of Antivirus and Antimalware, period. Secondly, there's so many kind of issues under Windows that there's not a single program that can address them all. If you think that BSOD (Blue Screen of Death) issues can be solved by opening a program and clicking on a "Fix" button, then I'm sorry to tell you but, you're wrong. Also, you cannot boost the performance of a hardware over it's hardware capabilities. Of course you can overclock some components, like your CPU, RAM and GPU, but these aren't done via these programs, but via your BIOS interface. I could recommend you a program for every feature these programs advertise, and also tell you exactly in detail why most of them are completely useless, such as Registry cleaner (dangerous to use), and driver updater (dangerous to use, and also completely useless, it'll not improve your system performance). In the end, buying such programs is the exact same as being scammed (because this is what it is, a pure scam) and using one of these programs will result you in having a system less performant than prior to using it.

Relevant articles if you want to read more about PC Boosters/Optimizers and why they are useless:

 

Since I am here to help you, I think it's my duty to inform you based on real facts so you can take your own conclusions and make your decisions.
 

1. AdwCleaner automatically deleted one very important software which makes my computer clean and even offers me feature based on functionality how to reduce (re)boot time. It cleans more cookies/cache than CCleaner can recognize and optimizes pc future to make it faster and in better ''shape''. This software is called Advanced SystemCare. How is possible that AdwCleaner automatically deleted such important and quality software?

As you may or may not know AdwCleaner belongs to Malwarebytes company. IObit have been accused in the past from using shady techniques in order to promote and enhance their products, one of which was to steal Malwarebytes' definition database to include it in their "Antimalware", IObit Malware Fighter. On top of that, their main product, Advanced SystemCare, goes into the "PC Booster" category of program, which are useless programs since there's no proofs or facts that these actually boost the performance of a system. In fact, these programs have a tendency to cause a variety of issues under Windows, that can be solved by uninstalling the software, ironic isn't it? Most of their features can be replaced by using other programs, often, utilities that requires no installation or that are already "built-in" inside Windows.

Below are articles that relates the Malwarebytes VS IObit episode and also why IObit failed as a company and within it's products.

 

There's nothing wrong with continuing to use Advanced System Care or any other software classified as PUP (Potentially Unwanted Programs) as long as you find it useful/want it on your PC. However, I strongly suggest you to uninstall every IObit program you have installed on your system before we continue. You are free to reinstall them after I'm done assisting you if you wish to ignore my warning above.

 

2. You asked me if I uninstalled Driver Booster. Before doing that and before answering your question, I need to ask you: Why is Driver Booster needed to be deleted? It is high quality software for automated recognition of outdated drivers. It downloads and updates drivers automatically. This reduces a lot of manual work. I consider this software as high quality one so I don't understand why I would need to uninstall it?

The answer to this question is already stated above.

 

3. Regarding EEK software: You said after scan is completed and everything ticked, I should use Quarantine Selected button and I did so. Therefore, as you instructed, I did NOT click on Delete button but why giving priority to Quarantine instead of Delete? According to my understanding those nasty findings should be deleted, not only quarantined. When do i delete them (note: button ''Delete'' and NOT button ''Clean All'' which is also located in Logs menu) from Quarantine?

First, thank you for the translations of the log. The EEK log shows that your system is infected with a Rootkit which is a very nasty infection and sometimes difficult to remove. Essentially a rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. RogueKiller did not detected it, for instance. A rootkit allows someone to maintain command and control over a computer without the computer user/owner knowing about it. Once a rootkit has been installed, the controller of the rootkit has the ability to remotely execute files and change system configurations on the host machine. A rootkit on an infected computer can also access log files and spy on the legitimate computer owner’s usage.

 

If I had asked you to delete all the threats that EEK found, I would not be able to see them in the log anymore and would not know what infection is present on the system. Also, be aware that if a threat is quarantined it cannot cause damages to the system anymore. Although it is present, is confined to quarantine and can't do any harm.

 

Removing malware is not that simple and requires the accurate procedures, otherwise we can make things worse rather then solve the problem. We will correctly remove all threats from your computer.


That being said, let's continue.


Please boot the computer in Normal mode, and proceed with the following instructions.

Download Malwarebytes Anti-Rootkit BETA and save it to your computer Desktop.

  • Right-click on the icon and select Run as administrator to start the extraction of the program;
  • Click Yes to accept the security warning that may appear;
  • Click OK to extract it to your Desktop (MBAR will be launched shortly after the extraction);
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, if threats are found, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt (where TODAY'S-DATE is the scan date);

 

Please attach that log in your next reply for my review and wait for further instructions.

Android8888
(Rui)


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#15 YourFriend0

YourFriend0
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 16 March 2018 - 07:14 PM

I never wanted to ignore any of your warning, neither had any kind of doubts. Just needed additional explanation why such ''nasty files cleaning'' or ''driver updating'' or ''performance improving'' programs would be needed to be deleted or even automatically deleted as it happened with Advanced SystemCare. But thank you for already explaining this further to me. It was confusing to me why would I need to update every single driver manually if Driver Booster program does that automatically. Anyway, as you suggested, I deleted it now from my hard drive and also cleared the registry (Ccleaner) just in case if there were some traces left.

 

Mbam log is attached. Same file is all the time being recognized. Impossible to be permanently deleted.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users