Security Checkpoint

[Lucan01]

I am here because I am behind on technology so I will appreciate if someone would take look at these logs, let me know what to delete and to be fixed. I was given this computer last year and everything was prepared for me. Today i wanted to see if my computer is still clean. Edited: Wanted to mention i also use this computer for financial and personal storage usage.

MBAM was scanned 9 days ago, only I found which i dont think it should be detected at all. It was old windows 9x project.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/10/2024
Scan Time: 6:39 PM
Log File: fa66de0e-b74f-11ef-8d99-cc52af4b2f53.json

-Software Information-
Version: 5.2.3.156
Components Version: 1.0.5108
Update Package Version: 1.0.92900
License: Free

-System Information-
OS: Windows 11 (Build 26120.2510)
CPU: x64
File System: NTFS
User: DESKTOP-4TMNK22\

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Cancelled
Objects Scanned: 673280
Threats Detected: 3
Threats Quarantined: 0
Time Elapsed: 2 hr, 54 min, 39 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
Malware.Sandbox.32, C:\USERS\ADMIN\DOWNLOADS\WINDOWS APPS AND SCANNERS\UNATTEND AND DISM STUFFS\INFEX.EXE, No Action By User, 32, 0, 1.0.92900, 32, dds, 03126124, 0FC9578B123521DB02093F4CADC5964B, 3D41220049A69DB73FDF90370AD98FC5228853A41493220D7437C8B2CE5DC1E8
Malware.AI.1466148424, C:\USERS\ADMIN\DOWNLOADS\WINDOWS APPS AND SCANNERS\UNSORTED\UTORRENT16.EXE, No Action By User, 1000000, 1466148424, 1.0.92900, BCF37B774CD08DBA5763A648, dds, 03126124, 6652E2832D8D4C8C8BC9AC26A095B687, B503380A89BB05C1480A35BE0EC9CF7A965BC92D5D5BB899C56AAF108E4AE376
PUP.Optional.DotSetupIo, C:\USERS\ADMIN\DOWNLOADS\WINDOWS APPS AND SCANNERS\UNSORTED\POWERISO8-X64.EXE, No Action By User, 6819, 1149654, 1.0.92900, , ame, , D884550A8B075167353DB3BC9118DD18, BE2C1E8B419D8F8E85FB7A4A4E6A6C908244EE9520F9657DA932C23CF7ED4DDB

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Rule read and want to conform with disclaimers of yours; I believe this computer dont have piracy, but instead of closing, PLEASE tell me what it is so i can delete it.

FRST attached.
Windows 11 - Build 26120.2705, has AVG and MalwareByte. All are fully updated.
Also ran TrendMicro's HouseCall, did not find anything.

 

[icotonev]

Hello..! Welcome to MalwareTips..!

The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.

For the analysis of your system I also need the FRST.txt file..Please attach it in your next post..!

 

[Lucan01]

Hello..! Welcome to MalwareTips..!



For the analysis of your system I also need the FRST.txt file..Please attach it in your next post..!

OY! I DID THINK I UPLOAD ALREADY, it seem that i can only upload one per post.

 

[icotonev]

Trust Malwarebytes..! We will need to send to quarantine those items. Repeat the scan but this time choose the blue Quarantine button when the scan finishes. Export the results and paste them here again.

Next ....:

Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.

In your next reply, please include:

• Fixlog.txt
• Malwarebytes report

 

[Lucan01]

File saved, i have used it before, those were from windows xp era. I have trusted them, so i have moved them into compressed file.
Deleted the exe file and rescan the MBAM.

All clean.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/19/2024
Scan Time: 11:01 AM
Log File: 77642f96-be22-11ef-b591-cc52af4b2f53.json

-Software Information-
Version: 5.2.3.156
Components Version: 1.0.5108
Update Package Version: 1.0.93282
License: Free

-System Information-
OS: Windows 11 (Build 26120.2705)
CPU: x64
File System: NTFS
User: DESKTOP-4TMNK22\Admin

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 269350
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

FRST reattached after the fix.

 

[icotonev]

As a check to make sure we haven't overlooked anything, I'd like you to run an ESET online scan for me .Аlso i would like you to run a tool named SecurityCheck to inquire about the current-security-update status of some applications..:

Scan with SecurityCheck by glax24

• Temporarily disable Microsoft SmartScreen only if it blocks the download of the software. The program is safe
• Download SecurityCheck by glax24 from here
• If SmartScreen blocks the file from running click on More info and Run anyway
• This tool is safe. Smartscreen is overly sensitive. You can check the VirusTotal scan of the tool from here
• Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow it to run
• Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply.
• You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Next ....:

ESET Online Scan - ESET Online Scan - Eset Online Scanner will take some time, so be prepared.

ESET Online Scanner

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply

 

[Lucan01]

Security Check

 

[Lucan01]

Eset

12/19/2024 13:56:21 PM
Scanned files: 1130998
Detected files: 0
Cleaned files: 0
Total scan time: 01:05:35
Scan status: Finished

 

[icotonev]

Thank you..!

Your computer is clean..Once again, there are no obvious signs of an active infection in the logs you provided..! Things look good..!

I recommend updating the software in the box below:

LibreOffice 24.8.2.1 v.24.8.2.1 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33816 v.14.40.33816.0 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33816 v.14.40.33816.0 Warning! Download Update
7-Zip 24.08 (x64 edition) v.24.08.00.0 Warning! Download Update Uninstall old version and install new one.
GIMP 2.10.38-1 v.2.10.38 Warning! Download Update
Discord v.1.0.9039 Warning! Download Update

For the finale:

KpRm by Kernel-panik

• Download KpRm and save it to your Desktop (see here if you must use Chrome)
• Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
• Right click on the icon and select Run as administrator
• Click Yes on the Disclaimer
• Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
• Click Run
• Click OK on All operations are completed
• KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
• You are free to remove any other tools/reports still remaining
• Please copy and paste its contents in your next reply.