Recommended Posts

Hello,

For the last week everyday, I have been getting a notification from windows defender saying it quarantined a file it found in the Windows/Temp directory. Different antivirus and anti malware programs have been run, some report blocking files from that same folder, some don't find anything, some say it found something different every time.

I am trying to attach the files required.

 

 

Addition.txt FRST.txt

scan_190310-201749.txt

Share this post


Link to post
Share on other sites

Hello,

This is total overkill:

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Emsisoft Anti-Malware (Disabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

Of these, 2 of them need to be uninstalled:

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Emsisoft Anti-Malware (Disabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

With all that installed all kinds of strange things can happen.

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1311960360-2324220091-4079808086-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1311960360-2324220091-4079808086-1001\...\Policies\Explorer: [NoLogOff] 0
GroupPolicy: Restriction ? <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {4A9EF030-71D4-405E-A52A-F19042281D2B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Public\AppData:CSM [468]

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

NOTE: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites

Thank you for the response,

I have attached the fixlog.txt

I do not usually use multiple antivirus programs, I was curious what detections each one would have. I only have one active antivirus.

Fixlog.txt

Share this post


Link to post
Share on other sites

Let's take a fresh look.

Run a fresh scan with FRST, attach the new FRST scan report to your reply.

It is not recommended to run multiple AVs side by side, even when testing.  If you are testing an AV you should always uninstall the currently installed AV.  Even when one is disabled it will still have active running services that can and often do interfere with the active AV.

Share this post


Link to post
Share on other sites

The FRST report looks fine.  I see no malware in the log.

How are things running?

Share this post


Link to post
Share on other sites

I havnt gotten a notification about anything since actually!

Seems to have worked.

What exactly did the fix file do?

Should I start taking other measures such as changing passwords?

Share this post


Link to post
Share on other sites

We fixed some broken policies, deleted some orphaned registry items, removed a broken task, and removed an alternate data stream.

I see no reason to change passwords, based on what I saw on the system.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.