computer hacked

mare_wbpa · July 11, 2024, 07:37:29 PM

I restarted. no windows appeared

mare_wbpa · July 11, 2024, 07:41:39 PM

Am I still looking for a log?

DR M · July 12, 2024, 07:19:28 AM

Hi, Mary Ann.

You have posted whatever I asked until now.

Is there any other question/issue/concern regarding this computer?

mare_wbpa · July 12, 2024, 03:14:46 PM

is it clean of all malware and viruses. What do I do or avoid doing to keep it clean. Should I check in here periodically to get a check up?

DR M · July 12, 2024, 03:17:32 PM

Hi, Mary Ann.

Yes, now your computer is clean!

Let's now remove the tools we used and create a new restore point. It is the last thing I'll ask you to do. After that, I'll give you some tips to have in mind, so you will keep your computer out of troubles.

Download KpRm by kernel-panik and save it to your desktop.

Right-click kprm_(version).exe and select Run as Administrator.
Read and accept the disclaimer.
When the tool opens, ensure all boxes under Actions are checked.
Under Delete Quarantines select Delete Now, then click Run.
Once complete, click OK.
A log will open in Notepad titled kprm-(date).txt.
Please copy and paste its contents in your next reply.

Note: If there is a warning about this tool, go on to download it, since it is a false/positive. Choose More info and continue from there.

mare_wbpa · July 12, 2024, 03:59:08 PM

When I click on KpRm I get a notice saying that there is trouble finding the site

DR M · July 12, 2024, 04:01:36 PM

Try this link, please: https://toolslib.net/downloads/finish/951-kprm/

mare_wbpa · July 12, 2024, 04:52:08 PM

# Run at 7/12/2024 12:50:22 PM
# KpRm (Kernel-panik) version 2.17.0
# Website https://kernel-panik.me/tool/kprm/
# Run by mary ann from C:\Users\mary ann\Desktop
# Computer Name: LAPTOP-4EQFBMN3
# OS: Windows 11 X64 (22631) (10.0.22631.3880)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\windows\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\mary ann\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2024-07-12-12-50-22

- Delete Tools -

## AdwCleaner
[OK] C:\Users\mary ann\Desktop\adwcleaner.exe deleted
[OK] C:\Users\mary ann\Downloads\adwcleaner(1).exe deleted
[OK] C:\AdwCleaner deleted

## FRST
[OK] C:\Users\mary ann\Downloads\Addition.txt deleted
[OK] C:\Users\mary ann\Downloads\fixlist(1).txt deleted
[OK] C:\Users\mary ann\Downloads\fixlist(2).txt deleted
[OK] C:\Users\mary ann\Downloads\fixlist(3).txt deleted
[OK] C:\Users\mary ann\Downloads\fixlist(4).txt deleted
[OK] C:\Users\mary ann\Downloads\fixlist(43).txt deleted
[OK] C:\Users\mary ann\Downloads\fixlist(44).txt deleted
[OK] C:\Users\mary ann\Downloads\fixlist(45).txt deleted
[OK] C:\Users\mary ann\Downloads\fixlist(46).txt deleted
[OK] C:\Users\mary ann\Downloads\fixlist(48).txt deleted
[OK] C:\Users\mary ann\Downloads\fixlist(49).txt deleted
[OK] C:\Users\mary ann\Downloads\fixlist(5).txt deleted
[OK] C:\Users\mary ann\Downloads\Fixlog.txt deleted
[OK] C:\Users\mary ann\Downloads\FRST(1).exe deleted
[OK] C:\Users\mary ann\Downloads\FRST-OlderVersion deleted
[OK] C:\Users\mary ann\Downloads\FRST.exe deleted
[OK] C:\Users\mary ann\Downloads\FRST.txt deleted
[OK] C:\Users\mary ann\Downloads\FRST64.exe deleted
[OK] C:\FRST deleted

## Malwarebytes (log)
[OK] C:\Users\mary ann\Desktop\Malwarebytes Scan Report 2024-07-06 193019.txt deleted
[OK] C:\Users\mary ann\Desktop\Malwarebytes Scan Report 2024-07-06 233019.txt deleted
[OK] C:\Users\mary ann\Desktop\Malwarebytes Scan Report 2024-07-07 123522.txt deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Restore Point Created by FRST created at 06/30/2024 19:02:05 deleted
~ [OK] RP named Restore Point Created by FRST created at 06/30/2024 19:33:19 deleted
~ [OK] RP named Restore Point Created by FRST created at 06/30/2024 22:38:40 deleted
~ [OK] RP named Restore Point Created by FRST created at 07/04/2024 16:07:40 deleted
~ [OK] RP named AdwCleaner_BeforeCleaning_04/07/2024_13:19:53 created at 07/04/2024 17:19:53 deleted
~ [OK] RP named AdwCleaner_BeforeCleaning_04/07/2024_13:34:58 created at 07/04/2024 17:34:58 deleted
~ [OK] RP named Restore Point Created by FRST created at 07/09/2024 00:18:09 deleted
~ [OK] RP named Windows Update created at 07/12/2024 16:18:24 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 07/12/2024 16:50:49

-- KPRM finished in 47.79s --

DR M · July 12, 2024, 04:56:16 PM

OK, Mary Ann!

This is the end! You are clean and ready to go!

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe's Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now AVG. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.

I'm glad I was able to help you.

mare_wbpa · July 12, 2024, 05:14:14 PM

Thank you so very much.

DR M · July 12, 2024, 05:34:47 PM

You are very welcome, Mary Ann.

Pete! · July 13, 2024, 02:20:33 PM

It may be overkill, but whenever I download a new program, regardless of the source...

I scan the installation file(s) with MBAM, SuperAntiSpyware, and MS Defender (or my current AV), before I open it/them.

If you're using Windows, just right-click on the file or folder, and choose the scanning app from the drop-down menu.

DR M · July 13, 2024, 02:47:47 PM

Quote from: Pete! on July 13, 2024, 02:20:33 PMIt may be overkill, but whenever I download a new program, regardless of the source...

I scan the installation file(s) with MBAM, SuperAntiSpyware, and MS Defender (or my current AV), before I open it/them.

If you're using Windows, just right-click on the file or folder, and choose the scanning app from the drop-down menu.

Yes, it is an overkill, since the antivirus with the real-time protection must do this as soon as you download an exe file. And I don't see the reason of having both, Malwarebytes (MBAM) and SuperAntispyware (however, it's your computer so your decision).

FYI, Mary Ann has AVG antivirus. As I said above, together with Malwarebytes, if she runs it occasionally, can keep her safe. No need to make things more complicated for her.

Pete! · July 13, 2024, 03:25:23 PM

Off Topic:
DR M:
There's probably a lot of overlap in their databases, but SAS finds a lot more trackers than MBAM and Defender. Admittedly they're not as harmful, but I prefer some control about who's following me around the internet.

Similarly, uBlock Origin, appears to blocks a lot more trackers than MB Browserguard, but Browser Guard gives me more warnings about phishing, and websites with malware.

mare_wbpa · July 20, 2024, 05:20:31 PM

I ran a Malwarebytes scan and had 1 detection. here's the report. What do I do?

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/20/2024
Scan Time: 1:10 PM
Log File: fae8ec60-46ba-11ef-9929-cc5ef8f272ec.json

-Software Information-
Version: 5.1.6.117
Components Version: 1.0.1280
Update Package Version: 1.0.87002
License: Free

-System Information-
OS: Windows 11 (Build 22631.3880)
CPU: x64
File System: NTFS
User: LAPTOP-4EQFBMN3\mary ann

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 239247
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 5 min, 48 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
File system: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.OneLaunch, C:\USERS\MARY ANN\DOWNLOADS\ONELAUNCH - MANUALS_GKL4O.EXE, No Action By User, 12082, 1260754, 1.0.87002, , ame, , 6A05CD2D9491EF255C709724B782B476, B5A9381D8EA317BA2BEDBDA0D9B858A3CAD1B09528F63761FE5C4BD0DE5098A8

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)