Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - icotonev

Pages: [1] 2
1
Meet & Greet! / Re: Welcome, V.T. Eric Layton!
« on: November 26, 2021, 04:08:45 PM »
Nice to see you here ..! I hope you like it ..!  :)

2
Meet & Greet! / Re: Welcome securitybreach!
« on: November 26, 2021, 04:06:43 PM »
Welcome..!  :)
I hope you like it here..!  :)

3
More information is needed - diaries, photos .. so I can send them for correction of support ..!

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply
Thanks

4
Hello..! Can you do the following for me:

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.[/*]
  • If you don't have Malwarebytes installed yet please download it from here and install it.[/*]
  • Once installed then open Malwarebytes and select Scan and let it run.[/*]
  • Once the scan is completed make sure you have it quarantine any detections it finds.[/*]
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.[/*]
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.[/*]
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.[/*]
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.[/*]

5
Meet & Greet! / Re: Happy Birthday Corrine!
« on: August 05, 2021, 08:55:24 AM »
Happy birthday Corrine ..! I wish a lot of health to a very special person for me ...! My mentor and a person from whom I always learn ..! Be still dedicated and always ready to help..Be healthy ..!  :)




6


Think about it...!!!  :)

It's in Bulgarian ..but of course ..!  ;)


7
Meet & Greet! / Re: Hello to All!
« on: February 26, 2021, 01:47:44 PM »
Hi, Rob!  Welcome to LzD!  :)

8
Meet & Greet! / Re: HAPPY NEW YEAR 2021!
« on: December 31, 2020, 07:14:10 PM »
Happy New Year..!  :) May God bless you all..!  :)

9
Meet & Greet! / Re: Happy Birthday, DR M!
« on: December 26, 2020, 04:42:35 PM »

10
Meet & Greet! / Re: Congratulations, DR M!
« on: December 26, 2020, 07:00:38 AM »
Congratulations..! I am very happy for you.. I wish you success..!  :)

11
Analysis and Malware Removal / Re: Re-Check Please
« on: November 01, 2020, 05:57:09 AM »
Good morning..!  :)

Step 1 :
 
Tweaking.com Registry Backup
  • Download Tweaking.com Registry Backup from here, and save tweaking.com_registry_backup_portable.zip to your desktop.
  • Now we need to create a new folder to extract the zipped contents into. Right click on the zipped folder you just downloaded and select "Extract All".
  • Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button.
  • Call this folder something you will remember...like "RegBackup" then click "Ok", and then click "Extract".
  • From the newly extracted files, right click on and select Run as Administrator (XP users just double click) to start Tweaking.com Registry Backup.
    (Windows Vista/7/8 users: Accept UAC warning if it is enabled.
  • A screen like this should appear:
         

  • Type a custom name in Backup Name if you want, then choose Backup Now.
  • If backup is successful, a message will appear at the lower half of the screen with an option to view logs.
  • The registry backup will be created in %WindowsDrive%\RegBackup by default. You can customize the path in Settings.
  • Close Tweaking.com Registry Backup when done.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Step 2 :
 
Boot your computer to Safe Mode.
 
 
Farbar Recovery Scan Tool - Fix
 
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:

[/list]
Code: (auto:0) [Select]
Start::

CreateRestorePoint:
CloseProcesses:

C:\Users\Gordon & Nancy\AppData\Local\Temp\Rar$EXa3416.38939\Malwarebytes.Premium.4.1.2.73.msstdfmt\LicenseMalwareBytes.exe.log
C:\Users\Gordon & Nancy\AppData\Local\Temp\mwb9BE9.tmp\Malwarebytes EULA.rtf
C:\Users\Gordon & Nancy\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Malwarebytes_Privacy_UI_MBPrivacy_exe
C:\Users\Gordon & Nancy\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_HitmanPro_Alert_hmpalert_exe
C:\Users\Gordon & Nancy\AppData\Local\glasswire
C:\Users\Gordon & Nancy\AppData\Local\Temp\Rar$EXa3416.38939\Malwarebytes.Premium.4.1.2.73.msstdfmt
C:\Users\Gordon & Nancy\AppData\Local\Temp\Rar$DRa4488.8800\Malwarebytes.Premium.4.1.2.73.msstdfmt
C:\Users\Gordon & Nancy\AppData\Local\Temp\Rar$DRa4488.7946\Malwarebytes.Premium.4.1.2.73.msstdfmt

StartRegedit:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\GlassWire]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gwdrv]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gwdrv]
"Description"="GlassWire Driver"
[-HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated]
"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\GlassWire\GlassWire.exe"="514"
[-HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\GlassWire\GlassWire.exe"="13"
[-HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView]
"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\GlassWire\GlassWire.exe"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FAC02B7-77D6-418B-AC11-962C65CDE8DD}]
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\HitmanPro.Alert Shell Extension]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hitmanpro37]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hitmanpro37.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\HitmanPro.Alert]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\HitmanPro.Alert]
"EventMessageFile"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\HitmanPro.Alert]
"CategoryMessageFile"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hmpalert]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{23007AD3-69FE-687C-2629-D584AFFAF72B}]
"DISPLAYNAME"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{23007AD3-69FE-687C-2629-D584AFFAF72B}]
"PRODUCTEXE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{23007AD3-69FE-687C-2629-D584AFFAF72B}]
"REPORTINGEXE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"Malwarebytes Windows Firewall Control"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{36B3D25E-9F02-4C24-9E19-958500BDF3FC}]
"ProfileName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{36B3D25E-9F02-4C24-9E19-958500BDF3FC}]
"Description"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Malwarebytes]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\WinsockUpgrade\WinSock2\Parameters\AppId_Catalog\0462E881]
"AppFullPath"=-
[-HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Malwarebytes Support Tool]
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated]
"Malwarebytes.Antimalware"=-
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"Malwarebytes.Antimalware"=-
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{6D809377-6AF0-444B-8957-A3773F02200E}\Malwarebytes\Anti-Malware\mbuns.exe"=-
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts]
"C:\Users\Gordon & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk"=-
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk"=-
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData]
"Malwarebytes.Antimalware"=-
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"15"=-
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"16"=-
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"19"=-
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=-
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe"=-

EndRegedit:

EmptyTemp:
End::


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt

12
Analysis and Malware Removal / Re: Re-Check Please
« on: October 31, 2020, 06:32:12 PM »
The day was busy ..! Now in Bulgaria it is 22.00 ..! Time to rest..! Tomorrow I will write a script with fresh eyes and head ...! I wish you good night ..!  :)

13
Analysis and Malware Removal / Re: Re-Check Please
« on: October 31, 2020, 05:40:33 PM »
Farbar Recovery Scan Tool - Search All


    Double-click FRST.exe/FRST64.exe to run it.
    Copy and paste the following into the Search: box:


Quote
SearchAll: GlassWire;HitmanPro;MalwareBytes

 
    Press the Search Files button.
    When complete, FRST will generate a log in the same location it was run from (Search.txt)
    Please copy and paste its contents into your reply.


-----------------------------------------------------------------

In your next reply, please include:

  • Search.txt




14
Analysis and Malware Removal / Re: Re-Check Please
« on: October 31, 2020, 05:26:15 PM »
They have been removed awhile ago not using them

Apparently not completely removed ..!  :)

And how would you explain this:

Quote
Windows Defender:
===================================
Date: 2020-10-29 14:42:40.562
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AB2D&threatid=2147758023&enterprise=0
Name: Trojan:Win32/Ymacco.AB2D
ID: 2147758023
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Gordon & Nancy\AppData\Local\Temp\Rar$DRa4488.8800\Malwarebytes.Premium.4.1.2.73.msstdfmt\LicenseMalwareBytes.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.325.1644.0, AS: 1.325.1644.0, NIS: 1.325.1644.0
Engine Version: AM: 1.1.17500.4, NIS: 1.1.17500.4

Date: 2020-10-29 14:39:27.851
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AB2D&threatid=2147758023&enterprise=0
Name: Trojan:Win32/Ymacco.AB2D
ID: 2147758023
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Gordon & Nancy\AppData\Local\Temp\Rar$EXa3416.38939\Malwarebytes.Premium.4.1.2.73.msstdfmt\LicenseMalwareBytes.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\WinRAR\WinRAR.exe
Security intelligence Version: AV: 1.325.1644.0, AS: 1.325.1644.0, NIS: 1.325.1644.0
Engine Version: AM: 1.1.17500.4, NIS: 1.1.17500.4

Date: 2020-10-29 14:38:32.632
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AB2D&threatid=2147758023&enterprise=0
Name: Trojan:Win32/Ymacco.AB2D
ID: 2147758023
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Gordon & Nancy\Desktop\Junk\lis\LicenseMalwareBytes.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.325.1644.0, AS: 1.325.1644.0, NIS: 1.325.1644.0
Engine Version: AM: 1.1.17500.4, NIS: 1.1.17500.4

Date: 2020-10-29 14:37:51.586
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AB2D&threatid=2147758023&enterprise=0
Name: Trojan:Win32/Ymacco.AB2D
ID: 2147758023
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Gordon & Nancy\Desktop\Junk\lis\LicenseMalwareBytes.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.325.1644.0, AS: 1.325.1644.0, NIS: 1.325.1644.0
Engine Version: AM: 1.1.17500.4, NIS: 1.1.17500.4

Date: 2020-10-29 14:37:44.324
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AB2D&threatid=2147758023&enterprise=0
Name: Trojan:Win32/Ymacco.AB2D
ID: 2147758023
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Gordon & Nancy\Desktop\Junk\lis\LicenseMalwareBytes.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.325.1644.0, AS: 1.325.1644.0, NIS: 1.325.1644.0
Engine Version: AM: 1.1.17500.4, NIS: 1.1.17500.4

This sounds to me like an illegal attempt to activate MalwareBytes ..?!?

15
Analysis and Malware Removal / Re: Re-Check Please
« on: October 31, 2020, 05:14:40 PM »
Hello..! I reviewed your diaries ..! Active infections are not visible ..!

I see:

Quote
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
R1 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [445400 2020-07-05] (SurfRight B.V. -> SurfRight B.V.)

Drivers for GlassWire Firewall and HitmanPro.Alert respectively .. Both are currently running (R1 ..) .. Have you used this software ..?

Pages: [1] 2