Scan and clean?
I see that a few things have changed.
Printable View
Scan and clean?
I see that a few things have changed.
I clicked Scan and Clean
Attachment 13302
I clicked Malware Scan. After progress bar reached 100%, this showed:
Attachment 13303
Clicking on View Report did nothing. I did nothing more.
Your guidance, please.
Hovering over each of the 2 shows that they are reporting on FRST.exe
scan_220415-161119.txt
-----------------------
Emsisoft Emergency Kit - Version 2021.9
Last update: 2022-04-15 12:42:23
My own Molly\Chris
MOLLY
Windows 7x86 Service Pack 1
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: ON
Scan archives: OFF
Scan mail archives: OFF
ADS Scan: ON
Direct disk access: OFF
Scan start: 2022-04-15 16:11:19
C:\Users\Chris\Desktop\FRST-OlderVersion\FRST.exe detected: Trojan.GenericKD.39437243 (B) [krnl.xmd]
C:\Users\Chris\Desktop\FRST.exe detected: Trojan.GenericKD.48872539 (B) [krnl.xmd]
Scanned 75053
Found 2
Scan end: 2022-04-15 16:12:28
Scan time: 0:01:09
OK
What was found is actually a false positive and several scanners have found this.
We can remove all folder and quarantine files when finished.,
What's the computer doing now?
What's the computer doing now?[/QUOTE]
Still sitting at the Scan Results window
If the scan has finished, what was found we will remove.
Unless more is found?
I've got to sign off for the evening.
If all that was found related to the Farbar Recovery tool then we're in good shape.
Let me know if your ready to remove tools and quarantine folders.
The files we removed with FRST was a tidy up event, they were lose files that added nothing to the machine.
As for having a Ransomeware infection, no signs of it.
And there was no mention of any notes or alerts telling you your computer had been infected and of money to get your files back.
The encrypted files for this specific infection will have the extension '.VXLOCK' appended to the end of the file name and on this machine there were none.
I can't say why, but I think what you saw was a false-positive.
Use this tool to remove quarantined items:
Please download KpRm by Kernel-panik and save to your Desktop.
- Click on KpRm.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator.- Put a check mark next to these items:
- Delete tools
- Delete now- Click the "Run" button.
https://github.com/KernelPan1k/KpRm/.../automatic.png
- When the tool has finished, it will create and open a log report and delete itself.