Author Topic: Malware which seems to Primarily Affect PaleMoon (Blue Screen, Audio Alert, etc)  (Read 11246 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19160
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
I'm curious about why you have the Malarebytes tray app disabled, MSCONFIG/TASK MANAGER disabled items:  HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"

In addition, why have you blocked the Microsoft Management Console in Firewall Rules? 
Quote
The goal of Microsoft Management Console (MMC) is to provide a programming platform for creating and hosting applications that manage Microsoft Windows-based environments, and to provide a simple, consistent, and integrated management user interface and administration model.
In other words, programs like ESET, F-Secure, Malwarebytes use it.

FirewallRules: [TCP Query User{AE4B5790-C0B8-47BD-90D4-F1AD72B4F71A}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{D1556019-873B-4678-A4D1-E57E1D1D8801}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Nissi1

  • Full Member
  • ***
  • Posts: 63
    • View Profile
I disabled everything, including WinPatrol, to run ESET.  I just have not re-enabled them yet.

Offline Nissi1

  • Full Member
  • ***
  • Posts: 63
    • View Profile
As for the Microsoft Management Console, its Greek to me! I know my computer is a mess but I never knew how to straighten it out  All these years I simply took the Word Processing knowledge I learned in High school some 40 years ago and the little I understood from reading blogs like your Security Garden, trials and errors and applied it.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19160
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
For future reference, disabling the tray app of Malwarebytes does not disable the program.  Rather, it merely removes the tray app after the next restart.  The same goes for any other program added disabled in Startup.  For Malwarebytes, just right-click the tray icon and select "Quit Malwarebytes".  Then acknowledge the prompt.  However, you can also close programs with Task Manager under the Processes tab.  Select the program and click "End task".

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: samsung.com/AllSharePlayPCPlugin -> C:\Program Files\Samsung\AllShare Play\utils\npAllSharePlayPCPlugin.dll [No File]
Task: {A7417A2D-72FD-455E-B318-9D0C937FB584} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B43C0282-4D61-4804-9418-252CD2DC5776} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CB26BB53-82AA-48B6-BFC7-F1EAA255AAF8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DD20F6C5-D2F8-4D53-B216-CB729A7DAA65} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [127]
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
FirewallRules: [TCP Query User{AE4B5790-C0B8-47BD-90D4-F1AD72B4F71A}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{D1556019-873B-4678-A4D1-E57E1D1D8801}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
2015-07-04 17:15 - 2015-07-04 17:15 - 000043682 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx0a4c
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx1719
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx294d
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx31e2
2015-07-12 19:52 - 2015-07-12 19:52 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx40c8
2015-07-20 07:29 - 2015-07-20 07:29 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx4329
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx4a2b
2015-07-25 02:54 - 2015-07-25 02:54 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx5a37
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx62e9
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx6aaf
2015-07-12 19:43 - 2015-07-12 19:43 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx6da4
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx729e
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx80da
2015-07-22 22:47 - 2015-07-22 22:47 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx846e
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx8877
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx893c
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx8ead
2015-07-05 22:46 - 2015-07-05 22:47 - 000043682 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx9bcf
2015-07-12 19:41 - 2015-07-12 19:41 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx9cba
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx9f0a
2015-07-13 14:13 - 2015-07-13 14:13 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxa145
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxb09e
2015-07-26 04:41 - 2015-07-26 04:41 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxb1db
2015-07-18 13:52 - 2015-07-18 13:52 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxb493
2015-07-13 16:16 - 2015-07-13 16:16 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxcacb
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxdbbe
2015-07-02 14:23 - 2015-07-02 14:23 - 000043682 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxef2f
2015-07-04 09:42 - 2015-07-04 09:42 - 000043682 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxef40
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Nissi1

  • Full Member
  • ***
  • Posts: 63
    • View Profile
I hope the following was done correctly.


Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2018
Ran by Zandra Jones (13-03-2018 04:56:14) Run:2
Running from C:\Users\Zandra Jones\Desktop
Loaded Profiles: Zandra Jones (Available Profiles: Zandra Jones & defaultuser1 & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: samsung.com/AllSharePlayPCPlugin -> C:\Program Files\Samsung\AllShare Play\utils\npAllSharePlayPCPlugin.dll [No File]
Task: {A7417A2D-72FD-455E-B318-9D0C937FB584} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B43C0282-4D61-4804-9418-252CD2DC5776} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CB26BB53-82AA-48B6-BFC7-F1EAA255AAF8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DD20F6C5-D2F8-4D53-B216-CB729A7DAA65} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [127]
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
FirewallRules: [TCP Query User{AE4B5790-C0B8-47BD-90D4-F1AD72B4F71A}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{D1556019-873B-4678-A4D1-E57E1D1D8801}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
2015-07-04 17:15 - 2015-07-04 17:15 - 000043682 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx0a4c
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx1719
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx294d
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx31e2
2015-07-12 19:52 - 2015-07-12 19:52 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx40c8
2015-07-20 07:29 - 2015-07-20 07:29 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx4329
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx4a2b
2015-07-25 02:54 - 2015-07-25 02:54 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx5a37
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx62e9
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx6aaf
2015-07-12 19:43 - 2015-07-12 19:43 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx6da4
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx729e
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx80da
2015-07-22 22:47 - 2015-07-22 22:47 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx846e
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx8877
2015-05-19 02:43 - 2015-05-19 02:43 - 000247298 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx893c
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx8ead
2015-07-05 22:46 - 2015-07-05 22:47 - 000043682 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx9bcf
2015-07-12 19:41 - 2015-07-12 19:41 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx9cba
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivx9f0a
2015-07-13 14:13 - 2015-07-13 14:13 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxa145
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxb09e
2015-07-26 04:41 - 2015-07-26 04:41 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxb1db
2015-07-18 13:52 - 2015-07-18 13:52 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxb493
2015-07-13 16:16 - 2015-07-13 16:16 - 000043494 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxcacb
2015-07-08 02:08 - 2015-07-08 02:08 - 000253196 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxdbbe
2015-07-02 14:23 - 2015-07-02 14:23 - 000043682 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxef2f
2015-07-04 09:42 - 2015-07-04 09:42 - 000043682 _____ () C:\Users\Zandra Jones\AppData\Local\Tempdivxef40
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\samsung.com/AllSharePlayPCPlugin" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A7417A2D-72FD-455E-B318-9D0C937FB584}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7417A2D-72FD-455E-B318-9D0C937FB584}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B43C0282-4D61-4804-9418-252CD2DC5776}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B43C0282-4D61-4804-9418-252CD2DC5776}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB26BB53-82AA-48B6-BFC7-F1EAA255AAF8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB26BB53-82AA-48B6-BFC7-F1EAA255AAF8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD20F6C5-D2F8-4D53-B216-CB729A7DAA65}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD20F6C5-D2F8-4D53-B216-CB729A7DAA65}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Malwarebytes TrayApp" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes TrayApp" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AE4B5790-C0B8-47BD-90D4-F1AD72B4F71A}C:\windows\system32\mmc.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D1556019-873B-4678-A4D1-E57E1D1D8801}C:\windows\system32\mmc.exe" => removed successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx0a4c => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx1719 => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx294d => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx31e2 => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx40c8 => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx4329 => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx4a2b => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx5a37 => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx62e9 => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx6aaf => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx6da4 => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx729e => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx80da => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx846e => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx8877 => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx893c => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx8ead => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx9bcf => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx9cba => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivx9f0a => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivxa145 => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivxb09e => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivxb1db => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivxb493 => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivxcacb => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivxdbbe => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivxef2f => moved successfully
C:\Users\Zandra Jones\AppData\Local\Tempdivxef40 => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8561133 B
Java, Flash, Steam htmlcache => 1097 B
Windows/system/drivers => 8385661 B
Edge => 288077 B
Chrome => 0 B
Firefox => 385809452 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 2460 B
NetworkService => 18976 B
Zandra Jones => 43264617 B
defaultuser1 => 0 B
DefaultAppPool => 0 B

RecycleBin => 112478181 B
EmptyTemp: => 539.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 04:59:01 ====



The system rebooted automatically after scan.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19160
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Yes, Nissi1, you did it correctly.  :)

I suggest you take the next couple of days to see how your computer is and then get back to us.  Besides, that will give you time to update Firefox, Adobe Flash Player and install the Microsoft Security updates.  (Yes, it is Patch Tuesday again!)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Nissi1

  • Full Member
  • ***
  • Posts: 63
    • View Profile
Thank you and the members of Landzdown for being available to assist people like myself.  Before I leave, will you please tell me what happened to my computer?  Controlled Folder Access is still disabled, should I re-enable it? Should I add another protection to my computer?

Finally, congratulations Corrine on another award.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19160
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
You're welcome, Nissi1!

As to leaving, no don't leave.  You're always welcome to ask questions and we'll do what we can to assist.  :)  Seriously, no malicious files were shown in the logs, mainly some very old temp files that were removed. 

As to "Controlled Folder Access", the purpose is to protect your computer from ransomware.  With it activated, only “apps determined by Microsoft as friendly” or applications you specifically allow will be able to make changes to your personal files in the Documents, Pictures, Favorites, and Desktop folders.  Thus, when a program that Windows Defender isn’t sure about tries to change the files found in these folders, that attempt will be blocked.  As a result, there will be an an “Unauthorized changes blocked” notification by Windows Defender and, if you know the program to be safe, it needs to be allowed access.  This is done by adding it to "Protected folders" via Windows Defender > Virus & threat protection > Virus & threat protection settings.  Click the “Allow an app through Controlled folder access” link under Controlled folder access.

That said, if you are using Malwarebytes Premium, it includes ransomware protection.  As a result, you may not wish to have Controlled Folder Access activated in Windows Defender.

You mentioned earlier that you could not access the website for your local grocery store.  Are you able to do so now?  If not, what is the URL? 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Nissi1

  • Full Member
  • ***
  • Posts: 63
    • View Profile
Corrine, Please forgive my tardy response but I thought I would take your advice and wait before responding again.

I have disabled "Controlled Folder Access" and though I can now access my local supermarket, I cannot access Macys.com with Pale Moon: "Access Denied: You don't have permission to access "http://www.macys.com/?" on this server."  Sometimes I cannot access websites when using Google.  Last Pass Password Manager, is not work properly (Pale Moon and FireFox) and I must go into the Addons and disable all ad blockers to access links of websites I have used for years (Pale Moon and Fire Fox).  Adobe Flash works perfectly on some YouTube channels but on others the audio sounds as if its coming from under water.  The same occurs on all channels of Spectrum.com (internet/cable provider) where I sometimes watch tv. Finally, my computer has started freezing, hour glass and all! Not all the time and for short periods but long enough to be annoying.

I prefer Pale Moon and it is my default browser.  However, recent difficulties have forced me to interchange between 3 browsers! :( I have Malwarebytes Premium and all protections are checked.

As always, thank you for your assistance.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19160
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Hi, Nissi1.

Although it is an older topic, a friend spotted what may be the solution if you are still having the issue accessing Macy's website.  See the instructions at How to create a new useragent override string in Pale Moon - Pale Moon forum and substitute macys.com for kroger.com.

Let us know if this solves the problem.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.