Persisting Suspicious Activity

Status
Not open for further replies.

mjfneto

New Member
Thread author
Dec 19, 2023
3
I am reaching out to seek your expert advice and guidance concerning some critical problems I have been facing with my computer and devices.

Following the guidelines provided in the forum rules, I meticulously adhered to the malware removal guide for Windows. Despite my best efforts, I have encountered persistent issues, and, regrettably, the situation has worsened during the process. I am detailing the symptoms below:

1. Unforeseen Edge Browser Closures:
While running anti-malware software, my Edge browser windows were closing unexpectedly.

2. Suspicious File Activity:
A suspicious file, bearing the same name as the Rkill software but with a four-digit appended number (iExplore[xxxx].exe), was created and deleted automatically in the Downloads folder, alongside the Rkill executables.

3. 429 Errors and URL Requests:
I experienced 429 errors (indicating excessive requests) while attempting to access certain URLs in both Edge and Firefox.

4. Graphics Card and Display Issues:
My graphics card was disabled, leading to distorted screen resolution.

5. Mobile Device Affliction (I know this is not a topic for this community, but I think it is relevant):
My mobile devices (phone and tablet) also exhibited issues, including connectivity problems, random app openings and closings, unexpected browser window appearances, file disappearances, and UI glitches.

6. Streaming App Dysfunction:
A streaming app used for downloading content for offline viewing malfunctioned, claiming I had reached the download limit despite having nothing downloaded. Additionally, the app exhibited erratic behavior, such as movies skipping to different parts during playback. The browser version of this app presented issues as well, with prolonged video loading times and multiple crashes.

7. Suspicious Advertising and Social Media Content: Additionally, I have observed suspicious advertising and social media content on my devices, raising concerns about potential security breaches.

8. Ineffectiveness of Security Tools: I have attempted to mitigate the issue by running Sophos Home Premium security tools (web filtering, malicious traffic detection, etc.) and utilizing Proton VPN. Unfortunately, these measures have proven ineffective in blocking these malicious activities.

These alarming signs of malicious activity have left me deeply concerned, and I suspect they may be interconnected. Despite employing various scanning tools, I have been unable to identify or resolve the root cause of these issues.

I seek your assistance in finding a comprehensive solution to this problem. Your time and attention to this matter are greatly appreciated. Please provide any insights or recommendations you may have.

Thank you for your prompt assistance.

Best regards.
 

Attachments

  • Addition.txt
    31 KB · Views: 2
  • FRST.txt
    42.9 KB · Views: 3

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,587
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Let's start by doing some maintenance.

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

If any persisting issues please run the Farbar program so that the logs are in the Enslish format.

Note:
rename FRST to FRSTENGLISH.exe for English report.....

Run the rename file and Attach the logs for my review.
Let me know the issues you are dealing with.
 

Attachments

  • Fixlist.txt
    1.7 KB · Views: 2

mjfneto

New Member
Thread author
Dec 19, 2023
3
I am trying to follow these steps. As a note, my browser window is being closed while I am doing this. The fixing process usually takes long? Because this is what is happening here.

UPDATE: I've been getting a lot of weird activity today. I can't access certain pages and someone/something keeps changing my passwords. I have also been receiving a lot of emails from Google about my privacy settings. Someone is certainly watching everything. As I type, the text keeps changing, but I don't know if this is a feature of the website.
 
Last edited:

mjfneto

New Member
Thread author
Dec 19, 2023
3
There are some issues (just as I logged in, an unexpected redirection happened), so I'm including the logs.
 

Attachments

  • Fixlog.txt
    63.2 KB · Views: 3
  • Addition.txt
    28.9 KB · Views: 2
  • FRST.txt
    44.5 KB · Views: 2

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,587
Hi,

No malware was found in your logs.

Please read the review of this Firefox Extension. Decide if you want to disable it or just remove the extension.
FF Extension: (hide.me Proxy) - C:\Users\mjfne\AppData\Roaming\Mozilla\Firefox\Profiles\buycozyr.default-release\Extensions\{7079d3c5-b1a0-4964-8a7a-add0d2af8f52}.xpi

Review:
Reviews for hide.me VPN Free Proxy – Add-ons for Firefox (en-CA)
<<<>>>

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists and you are Syncing Edge with other devices reset it.

How to:
Turn On or Off Sync Microsoft Edge Settings across Windows 10 Devices

Restart the computer to remove all traces.
Turn On or Off Sync Microsoft Edge Settings across Windows 10 Devices
---

Download and run this RogueKiller tool.

  • Download & SAVE to your Desktop Download RogueKiller[/*]
  • Quit all programs that you may have started.[/*]
  • Please disconnect any USB or external drives from the computer before you run this scan![/*]
  • For Vista or above, right-click the program file and select "Run as Administrator"[/*]
  • Accept the user agreements.[/*]
  • Execute the scan and wait until it has finished.[/*]
  • If a Windows opens to explain what [PUM's] are, read about it.[/*]
  • Click the RoguKiller icon on your taksbar to return to the report.[/*]
  • Click open the Report[/*]
  • Click Export TXT button[/*]
  • Save the file as ReportRogue.txt[/*]
  • Click the Remove button to delete the items in RED[/*]
  • Click Finish and close the program.[/*]
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.[/*]
=======

Post the logs and let me know what problem persists.
 

Attachments

  • Fixlist.txt
    3.3 KB · Views: 0
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top