Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 35

Thread: Ransomeware help

  1. #21
    Junior Member
    Join Date
    Jul 2017
    Posts
    19

    Default

    Hello,

    I ran the Windows repair following your instructions, here is the scan

    I deleted Chrome, using the Revo Uninstaller, which is very nice. I've been using Advanced Uninstaller Pro but Revo looks like it has more options. I reinstalled a fresh Chrome after.

    I will see how it is running now and let you know. Next step?

    Thank you so much

    Mike


    Tweaking.com - Windows Repair 2018 (v4.0.15)
    --------------------------------------------------------------------------------

    System Variables
    --------------------------------------------------------------------------------
    OS: Windows 10 Home
    OS Architecture: 64-bit
    OS Version: 10.0.16299.125
    OS Service Pack:
    Computer Name: NEGROTRES
    Windows Drive: C:\
    Windows Path: C:\WINDOWS
    Program Files: C:\Program Files
    Program Files (x86): C:\Program Files (x86)
    Current Profile: C:\Users\mikef
    Current Profile SID: S-1-5-21-2844788878-880486787-4179794426-1001
    Current Profile Classes: S-1-5-21-2844788878-880486787-4179794426-1001_Classes
    Profiles Location: C:\Users
    Profiles Location 2: C:\WINDOWS\ServiceProfiles
    Local Settings AppData: C:\Users\mikef\AppData\Local
    --------------------------------------------------------------------------------

    System Information
    --------------------------------------------------------------------------------
    System Up Time: 0 Days 00:10:49

    Process Count: 155
    Commit Total: 3.84 GB
    Commit Limit: 10.82 GB
    Commit Peak: 3.92 GB
    Handle Count: 56489
    Kernel Total: 704.55 MB
    Kernel Paged: 423.86 MB
    Kernel Non Paged: 280.70 MB
    System Cache: 2.29 GB
    Thread Count: 2039
    --------------------------------------------------------------------------------

    Memory Before Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 7.89 GB
    Memory Used: 3.62 GB(45.8374%)
    Memory Avail.: 4.28 GB
    --------------------------------------------------------------------------------

    Cleaning Memory Before Starting Repairs...

    Memory After Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 7.89 GB
    Memory Used: 2.86 GB(36.277%)
    Memory Avail.: 5.03 GB
    --------------------------------------------------------------------------------

    Starting Repairs...
    Started at (3/31/2018 4:20:41 PM)

    Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
    Total Missing 'InstallDate' Fixed: 67

    01 - Reset Registry Permissions
    Restore Windows 7/8/10 Default Registry Permissions
    Start (3/31/2018 4:20:44 PM)


    Decompressing & Updating Windows Permission File F:\Programs\files\permissions\10\hku.7z
    Done, 0.27 seconds.


    Decompressing & Updating Windows Permission File F:\Programs\files\permissions\10\hklm.7z
    Done, 5.83 seconds.

    Running Repair Under System Account
    Done (3/31/2018 4:22:24 PM)

    03 - Reset Service Permissions
    Start (3/31/2018 4:22:24 PM)

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/31/2018 4:23:19 PM)

    04 - Register System Files
    Start (3/31/2018 4:23:19 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/31/2018 4:25:25 PM)

    05 - Repair WMI
    Start (3/31/2018 4:25:25 PM)

    Starting Security Center So We Can Export The Security Info.

    Exporting Antivirus Info...
    Spybot - Search and Destroy Exported.
    Emsisoft Anti-Malware Exported.
    Windows Defender Exported.

    Exporting AntiSpyware Info...
    Spybot - Search and Destroy Exported.
    Emsisoft Anti-Malware Exported.
    Windows Defender Exported.

    Exporting 3rd Party Firewall Info...
    No Firewall Products Reported.

    Running Repair Under Current User Account
    Done (3/31/2018 4:28:02 PM)

    06 - Repair Windows Firewall
    Start (3/31/2018 4:28:02 PM)

    Decompressing & Updating Windows Permission File F:\Programs\files\permissions\10\services.7z
    Done, 0.23 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/31/2018 4:28:34 PM)

    07 - Repair Internet Explorer
    Start (3/31/2018 4:28:34 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/31/2018 4:29:47 PM)

    10 - Remove Policies Set By Infections
    Start (3/31/2018 4:29:48 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/31/2018 4:30:03 PM)

    17 - Repair CD/DVD Missing/Not Working
    Start (3/31/2018 4:30:03 PM)
    iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
    Done (3/31/2018 4:30:04 PM)

    19 - Repair Windows Sidebar/Gadgets
    Start (3/31/2018 4:30:04 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/31/2018 4:30:08 PM)

    21 - Repair Windows Snipping Tool
    Start (3/31/2018 4:30:08 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/31/2018 4:30:10 PM)

    26 - Set Windows Services To Default Startup
    Skipping Repair.
    This repair is currently being updated to support the Windows 10 Fall Update

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done at (3/31/2018 4:30:11 PM)
    Total Repair Time: 00:09:31


    ...YOU MUST RESTART YOUR SYSTEM...

  2. #22
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,811

    Default

    Malwarebytes Anti-Rootkit Beta
    • Download Malwarebytes Anti-Rootkit Beta and extract it to your desktop (MBAR will be launched shortly after the extraction)
    • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next
    • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while)
    • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required)
    • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt
    • Copy/paste the content of that log in your next reply


    Post this log when finished and give me an update on how the computer is at the moment.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #23
    Junior Member
    Join Date
    Jul 2017
    Posts
    19

    Default

    Well I just ran the Malwarebytes scan and it came back clean. Nothing found it said!
    So far it seems fine, but I've only been using it for a little bit.

    Mike

  4. #24
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,811

    Default

    Please download Security Analysis by Rocket Grannie from here
    • Save it to your Desktop.
    • Close your security software to avoid potential conflicts.
    • Double click RGSA.exe
    • Click OK on the copyright-disclaimer
    • It will produce a log named SA Log.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
    • Please copy and paste the contents of that log in this topic.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #25
    Junior Member
    Join Date
    Jul 2017
    Posts
    19

    Default

    Hi,

    I ran the RGSA scan. I kept waiting for it to pop up and then I though something was wrong until I noticed the SALog was done and sitting there.

    I still have had a couple of times that I open something and it won't open until I stop it and reopen it again fresh. Also still have some of the strange actions when typing, with the words going backwards when I type, but it only has happend 2 times which is much better. Everything else seems ok, except all my settings are back to the factory settings and microsoft and cortana are trying to make my life difficult haha. It's not problem if I get my laptop back working, I can fix settings easy. Especially with all of the help you have been giving me.
    Let me know what you think the next step for me is.


    Thank you

    Mike

  6. #26
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,811

    Default

    SALog was done and sitting there
    Did it show anything needed to be updated?

    I still have had a couple of times that I open something and it won't open until I stop it and reopen it again fresh.
    I've had this a couple of times and it boiled down to:
    Onboard protection scanning the web site I'm trying to open, I'm trying to use the computer when something is trying to update.
    Have you waited to see if it finally opens without having to close it?

    Also still have some of the strange actions when typing, with the words going backwards when I type, but it only has happend 2 times which is much better. Everything else seems ok, except all my settings are back to the factory settings and microsoft and cortana are trying to make my life difficult haha.
    I've heard of this. Let me throw some items out there for you to check and see if it applies here

    it's possible that you are pressing a key combination that changes the text direction, like Right Ctrl + Right Shift.

    mouse. new battery?
    swap out mouse?
    check the keyboard settings..in the control panel.
    Hardware and devices troubleshooter on the device and check fi it helps. Windows 10 has a built-in troubleshooter to check and fix issues with hardware and devices.

    settings are back to the factory settings
    Yeah, sorry, kinda had to do that.
    Especially with all of the help you have been giving me
    We'll git er done!
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #27
    Junior Member
    Join Date
    Jul 2017
    Posts
    19

    Default

    Hi,

    Here is the SALog, I thought I put it in the last post, but I guess I forgot. Seems like everything is up to date except an Adobe program.



    Result of Security Analysis by Rocket Grannie (x86) Updated: 24th March, 2018
    Running from:F:\Programs (10:45:11 - 04/02/2018)
    ***---------------------------------------------------------***
    Microsoft Windows 10 Home X64
    UAC is Enabled
    Internet Explorer 11
    Default Browser: Microsoft Edge
    ***------------Antivirus - Antispyware - Firewall-----------***
    Spybot - Search and Destroy (Enabled - up to Date)
    Emsisoft Anti-Malware (Disabled - up to Date)
    Windows Defender (Disabled - up to Date)
    Spybot - Search and Destroy (Enabled - up to Date)
    Emsisoft Anti-Malware (Disabled - up to Date)
    Windows Defender (Disabled - up to Date)
    Windows Firewall (Enabled)
    No other Firewall Installed
    ***-------Security Programs - Browsers - Miscellaneous------***
    Adobe Flash Player NPAPI (28.0.0.126) ==> is out of Date
    Google Chrome (65.0.3325.181)
    Malwarebytes (3.4.4.2398)
    Mozilla Firefox (59.0.2)
    Opera (51.0.28
    Spybot - Search & Destroy (2.6.46)
    SUPERAntiSpyware (6.0.1244)

    ***----------------Analysis Complete-------------------------***

    I am trying to pay attention when I am typing to see if I am resting my hands on something, or putting pressure on something, but I don't notice anything yet. I am wondering about my mouse since you mentioned it. It is a cheapo mouse and I have a problem with the cursor jumping to someplace else while typing and maybe it is the mouse. I will look at them today and get a new one, it needs to be replaced with something better. Any thoughts on a mouse that is rood but won't make me broke?

    I ran the trouble shooter before I started talking with you and it didn't seem to help. Should I try it again?

    Let me know and thank you,

    Mike

  8. #28
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,811

    Default

    I got my last mouse (Logitech wireless) at Walmart, maybe $12.00?
    You can run the troubleshooter again but no guarantee it'll work.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #29
    Junior Member
    Join Date
    Jul 2017
    Posts
    19

    Default

    Hi,

    I've been using the laptop trying to see how it's working and is it better. It is better, but it still has some quirks, which may be solved with a new mouse I have coming, it would be great if it fixed it. What do you think? Is there more to do or are we runing out of options? I am also not sure I'm ever going to feel completely secure on this laptop or is there a way to assure my paranoia? I may have buy a new one, I am wondering. I bought a new laptop for my wife and I wanted to see if you had recommendations on antivirus malware the whole setup and any tips you might have on the best way to set up a new windows 10 laptop. Please tell me if I am asking too much. Sometimes my brain shuts down and I don't even see that what I might be asking someone is out of line or inconsiderate, so please tell me. I really appriciate all of the help and time you have given me. Thank you. Mike

  10. #30
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,811

    Default

    Quote Originally Posted by MickD View Post
    Hi,

    I've been using the laptop trying to see how it's working and is it better. It is better, but it still has some quirks, which may be solved with a new mouse I have coming, it would be great if it fixed it. What do you think? Is there more to do or are we runing out of options? I am also not sure I'm ever going to feel completely secure on this laptop or is there a way to assure my paranoia? I may have buy a new one, I am wondering. I bought a new laptop for my wife and I wanted to see if you had recommendations on antivirus malware the whole setup and any tips you might have on the best way to set up a new windows 10 laptop. Please tell me if I am asking too much. Sometimes my brain shuts down and I don't even see that what I might be asking someone is out of line or inconsiderate, so please tell me. I really appriciate all of the help and time you have given me. Thank you. Mike
    As for more scans to see if anything lingers, I don't think so. I've hit it with the hardest things I know of to try to find something and it just wasn't there.

    I can post info on tools you can apply to your computer that will offer help in protection. And your not asking for to much, I want to help you and your wife and especially to remain safe.
    I'll post info at the end of this post.

    ~~
    The below will remove tools used and quarantine folders
    DelFix

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    *************


    Windows Updates

    Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.


    Keeping your programs up-to-date

    Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like UCheck, ]SUMo and Heimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

    Anti-Virus, Anti-Malware, Firewall and Anti-Exploit/Ransomware
    Having a decent security setup (which also includes an Anti-Virus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

    Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

    Anti-Virus


    Anti-Malware
    • Malwarebytes - Has both a free and paid version. The Premium version of Malwarebytes also offers Exploit and Ransomware protection, for a complete package of: Malware, Web, Exploit and Ransomware protection
    • HitmanPro 3 - Free 30 day trial
    • Zemana AntiMalware - Free 30 day trial


    Firewall
    Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
    • GlassWire - Has both a free and paid version (with different packages)
    • Windows Firewall Control - Gives you more control over your Windows Firewall
    • TinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it


    Anti-Exploit/Anti-Ransomware


    Web Browsers and Web Browsing

    Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

    Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
    • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
    • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
    • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
    • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
    • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
    • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)


    As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:

    As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

    Other recommendations

    Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

    Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :


    created by Aura
    The End!
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •