Solved I suspect something is not right with my computer

Status
Not open for further replies.

JabbaHut

New Member
Thread author
Sep 7, 2021
15
Hi!
I might have something going on i cant explain and after reading how so many intelligent people in here help others i though i might ask. I need your help finding out if there is something in my computer that should not be there. I have had things starting without me doing it and things closed, like windows defender protection. I have Eset Antivirus and i have used Eset online scaning tool as well. Is there any program i can use to get someone here to go through my loggfiles and se if they can detect anything that shouldnt be there ?

I would be very greatful!

Regards/JabbaHut
 
  • Like
Reactions: Dave Russo

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
500
Hello, Welcome to MalwareTips..! :) Please follow the following instruction ..:

 

JabbaHut

New Member
Thread author
Sep 7, 2021
15
Hi!

I really would appreciate if you take a look in case of on the Farbar files. So here they are.

I forget to write that a few days ago when i discovered that something might be wrong i reinstalled Windows 10 and i had a complete clean done at the same time. After that Defender found something, i guess you can se what it is in these files and what happend. I followed instructions and removed them. Still though i thought that something was wrong the way my computer behaved.

I have a work where i use some tools to connect to the employer and one of them is called "Ibathome", i have ever had any weired or suspicious activty after installing these files before but now when i used the installations file it sad there where a malware. I deleted all of them and removed the files from my computer completly. I will get new installation files so i can work again after this and i will alert them what happend and try to be shure that there is nothing wrong with them in the future. Anyway i thought i tell you this if there is something in the files you se that raise questions for you.

Much appreciated this help!

//Best regards
 

Attachments

  • FRST.txt
    45.6 KB · Views: 36
  • Addition.txt
    21.3 KB · Views: 30
  • Like
Reactions: Dave Russo

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
500
Hello..! I will review your logs ..! This may take some time ..!When I am ready I will give you an answer ..! Thanks..! :)
Any particular reason why you think your computer may not be clean ..if you have any unusual symptoms, or behaviour, from your computer, that is making you feel you may be infected, then please let me know what they are...!!!
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
500
...and something else,..: I want to see the result of the scan with Malwarebytes ..:

  • If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
 

JabbaHut

New Member
Thread author
Sep 7, 2021
15
...and something else,..: I want to see the result of the scan with Malwarebytes ..:

  • If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
It did found something but i dont know the level of threat. I have attached the text files from the first 3 runs i did. First and second found threats then the third showed nothing. I have done 2 more after that that have been clean also.

As for the behaviour of my computer at first, before i reinstalled and cleaned the harddrive the start menu started it self over and over and the computer suddenly whent really slow. I yanked the cord to Internet out as soon as i thought there where something fishy. After reinstallation Windows 10 Defender found threats (as i guess you will se in the files attached) and at one time app protection in Defender shut it self of. After running all these tools and so on i dont think i have seen anything like that but i need to be shure. The computer seems to be much faster now as well. As it should be after a clean installation.
 

Attachments

  • Malwarebytes first run.txt
    4.6 KB · Views: 34
  • Malwarebytes second run.txt
    4.3 KB · Views: 27
  • Malwarebytes third run.txt
    1.5 KB · Views: 27

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
500
Hello ..! An analysis of your logs did not show any malware. Your computer is clean ..! :)

After reinstallation Windows 10 Defender found threats (as i guess you will se in the files attached) and at one time app protection in Defender shut it self of.

Windows Defender has detected KMSpico Activator as a threat. How to: Delete/Restore quarantined files:


Follow the directives on the page to delete all the files in the quarantine folder...Restart the computer when done.
 

JabbaHut

New Member
Thread author
Sep 7, 2021
15
HI!

I cant find where i manage quarantine files, i dont seem to have menues like that. Or i am senile :rolleyes:
 

JabbaHut

New Member
Thread author
Sep 7, 2021
15
Hello ..! An analysis of your logs did not show any malware. Your computer is clean ..! :)



Windows Defender has detected KMSpico Activator as a threat. How to: Delete/Restore quarantined files:


Follow the directives on the page to delete all the files in the quarantine folder...Restart the computer when done.
To be more clear i dont find a menu that show history from an earlier search.
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
500
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

I don't think you see a history because Windows Defender is turned off .. and you use ESET Security as the main antivirus ..! Do you notice any other problems ..?
 
  • Like
Reactions: upnorth

JabbaHut

New Member
Thread author
Sep 7, 2021
15
I don't think you see a history because Windows Defender is turned off .. and you use ESET Security as the main antivirus ..! Do you notice any other problems ..?
I have not seen any problems besides now when i turned the computer on after being of for the night, i had to reboot it 3 times to get it to start. I was just about to try safe mode when it started. I have checked all disks for errors and there where none.

If defender is of or not i dont know, i search manually when i start and then over the day as well. Yesterday though defender started searching automaticly but not today. Could there be someting that have turned it of ?
 

JabbaHut

New Member
Thread author
Sep 7, 2021
15
I have not seen any problems besides now when i turned the computer on after being of for the night, i had to reboot it 3 times to get it to start. I was just about to try safe mode when it started. I have checked all disks for errors and there where none.

If defender is of or not i dont know, i search manually when i start and then over the day as well. Yesterday though defender started searching automaticly but not today. Could there be someting that have turned it of ?
I see now that defender is on, at least that is what it sas where you activate it.
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
500
You don't have to do that. But it's too late ... can I see the diaries ...!
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
500
The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
 

JabbaHut

New Member
Thread author
Sep 7, 2021
15
Here it is.


# Run at 2021-09-11 17:59:19
# KpRm (Kernel-panik) version 2.9.2
# Website KpRm | Suppression des outils de désinfection
# Run by denma from C:\Users\denma\Downloads
# Computer Name: DESKTOP-44JI2TR
# OS: Windows 10 X64 (19043)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\denma\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2021-09-11-17-59-19

- Delete Tools -


## ESET Online Scanner
[OK] C:\Users\denma\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\denma\Downloads\esetonlinescanner.exe deleted
[OK] C:\Users\denma\AppData\Local\ESET\ESETOnlineScanner deleted

## FRST
[OK] C:\Users\denma\Downloads\Addition.txt deleted
[OK] C:\Users\denma\Downloads\FRST.txt deleted
[OK] C:\Users\denma\Downloads\FRST64.exe deleted
[OK] C:\FRST deleted

## Malwarebytes (log)
[OK] C:\Users\denma\Downloads\Malwarebytes first run.txt deleted
[OK] C:\Users\denma\Downloads\Malwarebytes second run.txt deleted
[OK] C:\Users\denma\Downloads\Malwarebytes third run.txt deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Schemalagd kontrollpunkt created at 09/09/2021 21:11:53 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 09/11/2021 15:59:42

-- KPRM finished in 40.57s --
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
500
It remains to uninstall Malwarebytes:

 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top