Page 10 of 11 FirstFirst ... 67891011 LastLast
Results 91 to 100 of 105

Thread: Persistent Warning

  1. #91
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    I did the power OFF steps, BUT...my cable provider has combined the modem and router into one box, which I must reboot as a unit, and I have no control over its turn-on or turn-off sequence. Also, I won't be able to say whether this helped until I operate my browser for a while to see if the fake popup occurs again...or not.

    I started FRST as Administrator and clicked Fix. FRST then gave a popup saying it cannot find Fixlist. Do I need to do something to/with the text you instructed me to highlight?

  2. #92
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    I want you to highlight the script below, right click on it and select COPY


    Start::
    CloseProcesses:
    CreateRestorePoint:
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
    2018-03-08 14:39 - 2018-03-08 14:40 - 06625600 _____ (Zemana Ltd. ) C:\Users\Ed\Downloads\Zemana.AntiMalware.Setup.exe
    2018-03-13 06:44 - 2018-02-02 08:26 - 00318629 _____ C:\Windows\ZAM_Guard.krnl.trace
    2018-03-12 05:32 - 2018-02-02 08:26 - 00210874 _____ C:\Windows\ZAM.krnl.trace
    Hosts:
    Emptytemp:
    End::

    Now, you copied it, open Farbar Recovery Scan Tool....look at the bottom of the tool and click on FIX button

    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #93
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    After highlighting/copying text, I run FRST (as Administrator), and when I click Fix button, I get popup shown in attached screen print.
    Attached Images Attached Images

  4. #94
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    OK, I can see FRST on desktop.


    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    Or use this method Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.
    Type Notepad and and click the OK key.

    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


    start
    CreateRestorePoint:
    CloseProcesses:
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
    2018-03-08 14:39 - 2018-03-08 14:40 - 06625600 _____ (Zemana Ltd. ) C:\Users\Ed\Downloads\Zemana.AntiMalware.Setup.exe
    2018-03-13 06:44 - 2018-02-02 08:26 - 00318629 _____ C:\Windows\ZAM_Guard.krnl.trace
    2018-03-12 05:32 - 2018-02-02 08:26 - 00210874 _____ C:\Windows\ZAM.krnl.trace
    Hosts:
    Emptytemp:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #95
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    Created and saved fixlist.txt on Desktop, and then ran FRST. Fixlog follows:

    Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
    Ran by Ed (2018-04-02 10:12:15) Run:1
    Running from C:\Users\Ed\Desktop
    Loaded Profiles: Ed (Available Profiles: Ed)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
    2018-03-08 14:39 - 2018-03-08 14:40 - 06625600 _____ (Zemana Ltd. ) C:\Users\Ed\Downloads\Zemana.AntiMalware.Setup.exe
    2018-03-13 06:44 - 2018-02-02 08:26 - 00318629 _____ C:\Windows\ZAM_Guard.krnl.trace
    2018-03-12 05:32 - 2018-02-02 08:26 - 00210874 _____ C:\Windows\ZAM.krnl.trace
    Hosts:
    Emptytemp:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => key removed successfully.
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    ZAM => service removed successfully.
    ZAM_Guard => service removed successfully.
    C:\Users\Ed\Downloads\Zemana.AntiMalware.Setup.exe => moved successfully
    C:\Windows\ZAM_Guard.krnl.trace => moved successfully
    C:\Windows\ZAM.krnl.trace => moved successfully
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    EmptyTemp: => 501.4 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 10:13:21 ====


    After reboot, I attempted to use Zemana AntiMalware, but got a popup saying license expired.

  6. #96
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    try downloading it again

    Zemana AntiMalware - Fix
    • Download and install Zemana AntiMalware
    • Open Zemana AntiMalware, and click on the Scan button
    • Wait for the scan to complete
    • Once done, click on any threats it detected, then select Apply to all and Quarantine to quarantine all threats, and click on the Next button

    • If it asks you to reboot your computer to finish the clean-up, do so
    • After that, click on the most upper right button to go to the Reports tab, select the latest System Scan entry and click on the Open Report button
    • A log will open in Notepad
    • Copy/paste the content of that log in your next reply


    ~~~~~~~~~~~~~~~~~~~~~~~~~`
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #97
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    The fake alert popup appeared again yesterday. I opened Task Manager and did a screen shot of the so-called app it displayed. See Attachment.

    I also downloaded Zemana AntiMalware again and tried to run it, but got the "License Expired" popup again. See Attachment.
    Attached Images Attached Images

  8. #98
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    OK
    for the Zemana alert, you've used up your free trail version. The next step in my mind would be to buy the product.

    Please follow the below link with help in remove the Internet Security alert.
    https://malwaretips.com/blogs/remove...-055bccac9fec/
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #99
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    I followed the steps in https://malwaretips.com/blogs/remove...-055bccac9fec/ which resulted in my buying HitmanPro.

    The Adwclweaner and Malwarebytes both ran for free, but found nothing. HitmanPro removed (I think) a BUNCH of tracking cookies. I found no step that talked about downloading or running Zemana. Is that something I still must do?

  10. #100
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,810

    Default

    I found no step that talked about downloading or running Zemana. Is that something I still must do?
    No, I wouldn't you will probably end up with to many programs trying to run/scan the system then that, creates a different problem.

    What problems remain?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •