What exactly is my MBAM detecting?

Status
Not open for further replies.

Gib

Level 3
Thread author
Verified
Well-known
May 23, 2014
113
I ran MB's today and I found some infections, but I hope that they aren't FP's.
 

Attachments

  • FRST.txt
    29 KB · Views: 12
  • Addition.txt
    23.5 KB · Views: 7
  • MB_Detection.txt
    1.5 KB · Views: 7

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

First your AVAST antivirus is presently disabled, please enable it for your sucurity.


The FSS.EXE belongs to the Farbar Service Scanner program.


No trace found in your logs. You must have used it sometime ago and there are still some remnant items in the registry.

Clean it with Malwarebytes and restart the computer.

Let me know if the problem is solved.
 

Gib

Level 3
Thread author
Verified
Well-known
May 23, 2014
113
Hello Nasdaq, sorry I forgot to turn on my Avast AV. Before I get started I really want to keep the browsing history on all my browsers.
 

Gib

Level 3
Thread author
Verified
Well-known
May 23, 2014
113
Thanks, the FSS when I downloaded it was unconfirmed904796.crdownload.

When I finished the MBAM scan, there was no remove button, only quarantine button.
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
HI,

Quarnatine the file i not already done.

Then clean the quarantined folder of all file.

How to Delete/Restore quarantined files.

Follow the directives on the page to delete all the files.
<<<>>>
 

Gib

Level 3
Thread author
Verified
Well-known
May 23, 2014
113
Ok, sounds good. Here is the log. Hopefully that infection is water underneath the bridge. The issues that made me want to open a thread was page redirects.
 

Attachments

  • Rootkit_Q.txt
    1.5 KB · Views: 6
Last edited:

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,

Open the Farbar program.

Let search the registry for FSS.EXE

Search registry: term;term
There is a Search Registry button on the FRST Console. Paste the folllowing term in bold and click ok.

Search file: FSS.EXE

Post the log for my review.
 

Gib

Level 3
Thread author
Verified
Well-known
May 23, 2014
113
Thanks, I just got done scanning FSS, and I wasn't sure if I was supposed to click the "export services" button, but I did not close the document before I clicked "save as" the file, closed the document and then uploaded it to my thread.
 

Attachments

  • FSS.txt
    1.2 KB · Views: 3

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,

The file was not found.
There is no malware on this computer.
Just to make sure I suggest you download and ru this program.

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • Click the Next button.[/*]
  • Select 'I accept the terms in the license agreement', then click Next twice.[/*]
  • Click the Install button and wait until the installation is complete.[/*]
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.[/*]
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.[/*]
  • Click Yes to accept any security warnings that may appear.[/*]
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.[/*]
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.[/*]
    • Temporarily disable your anti-virus and real-time anti-spyware protection.[/*]
    [/*]
  • Click the "Start Scanning" button in the lower right to start the scan.[/*]
  • After starting the scan, do not use the computer until the scan has completed.[/*]
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.[/*]
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.[/*]
  • If any threats are found click Details, then View Log file (bottom left-hand corner).[/*]
  • Copy and paste its contents in your next reply and note any errors encountered.[/*]
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.[/*]
  • Click Exit to close the program.[/*]
  • If no threats were found, please confirm that result.[/*]
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log

Please post the contents of the log in your next reply and note any errors encountered.
===
 

Gib

Level 3
Thread author
Verified
Well-known
May 23, 2014
113
Before I download Scan and Clean, they are asking me for my first and last name + email address, do I give it to them?
 
  • Like
Reactions: Trident

Gib

Level 3
Thread author
Verified
Well-known
May 23, 2014
113
Hello, here is the result, it found 6 minor threats.
 

Attachments

  • SophosScanAndClean_20230523_1940.log
    2.6 KB · Views: 7
  • Like
Reactions: Trident

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,

I sugges you delete all the cookies identified by Sophos Virus Removal Tool.

Then:
Download the file host.zip in bold from this site.

Download: hosts.zip

Extract the file using the instructions on this page.


Restart the computer normally when done.

Hope it helps.
 

Gib

Level 3
Thread author
Verified
Well-known
May 23, 2014
113
Well, I started the scan and it found 6 cookies, I believe, but Sophos also says that they were deleted. Is there something I can do to see if the tracking cookies have been deleted?
 
Last edited:
  • Like
Reactions: Trident

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,

How to deal with adware and PUAs in quarantine folder.

Follow the directives in on this page.
 

Gib

Level 3
Thread author
Verified
Well-known
May 23, 2014
113
Hello, I have a slight problem on my hands, I tried for a rinse and repeat scanning of the Sophos tool and I closed all applications and turned off Avast, but the scan didn't start after
taking away the internet connection.
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,

Use the Start/search button in the bottom left or the Task bar.


Type Command Prompt and press OK.


at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed) hit the enter key

Repeat with
ipconfig /release hit enter

repeat with
ipconfig /renew

Then hit Enter, type Exit , hit the Enter key to return to the Operating system.

Restart the computer normally.

Do you now have a connection?

If no connection and you still have a copy of the Farbar Program run it in normal mode or Safe mode if you need and post the logs for my review.
 

Gib

Level 3
Thread author
Verified
Well-known
May 23, 2014
113
No, I have an internet connection, but if I disable my connection, then I can't run Sophos.



You initially wanted me to disable Avast AV, disable my connection and close all applications, but after the closing of the connection, how do I get Sophos to run?
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,

Sophos need connection to scan your computer.

You should not be using it as your main Antivirus. protection program. It's should only be used as an additional check in cases where your antivirus program does not find anything.

To use it again go back to Sophos Virus Removal Tool - Free Download with an internet connection download the lates definition file. then as I explained in my post no 10

After it updates and a "Start Scanning" button appears in the lower right:
  • Disconnect from the Internet or physically unplug your Internet cable connection.[/*]
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.[/*]
  • Temporarily disable your anti-virus and real-time anti-spyware protection.

When the scan is completed re enable your Avast program and get the latest updates.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top