Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can somebody check these logs for me? #268

Closed
LIKATNO opened this issue Dec 7, 2024 · 5 comments
Closed

Can somebody check these logs for me? #268

LIKATNO opened this issue Dec 7, 2024 · 5 comments
Labels
Cure PC

Comments

@LIKATNO
Copy link

LIKATNO commented Dec 7, 2024

Hi there,
may somebody look at my case? I'm not sure if there is something suspicious.
Thanks

CollectionLog-2024.12.07-12.09.zip
@LIKATNO LIKATNO added the Cure PC label Dec 7, 2024
@dragokas
Copy link
Owner

dragokas commented Dec 7, 2024

Hi,
If you need our assistance:

  • Please, describe in details do your have any issues with PC

Please, note that only members of VIRUSNET-Association are allowed to respond to PC cure topics.
Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge in our free time. If you found our help useful, you can thank us with any amount using this form or you can leave feedback in Guestbook.

@Sandor-Helper
Copy link

Hi.
I didn't find any obvious signs of infections in these logs so far.
You should uninstall useless

Spybot - Search & Destroy
Spybot Anti-Beacon

After that do a whole system scan with Malwarebytes, save its log as text file and attach it to your next post.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please attach the logs back here.

Also please describe in details what kind of issues you have seen.

@LIKATNO
Copy link
Author

LIKATNO commented Dec 11, 2024

First of all thanks for your help and respond. I appreciate this.

You should uninstall useless

Spybot - Search & Destroy
Spybot Anti-Beacon

It's done, is this program dangerous in some way? I know that people can use these kind of apps to easy access to pc without host's knowledge. Anyway, here's mentioned logs by you.

Malwarebytes Raport 2024-12-11 003822.txt

Addition.txt
FRST.txt

May I talk to you in private message? I wanna describe my worries in more details, but I don't want to make it on the forum. I have some questions if u doesn't mind. How can we hook up?

@Sandor-Helper
Copy link

is this program dangerous in some way?

These programs intends to unwanted or even scareware. It could for example "find" some viruses in your system (no matter that system is clean) but to cure them it will ask you to bye license. Something like that. So it's better to stay away from that kind of programs.

Malwarebytes didn't find any suspicious and it is good.

Lets do some general clean fix in Farbar.

Temporarily turn off any antivirus.
Highlight following code:

Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Edge: Ograniczenia <==== UWAGA
S2 SpybotAntiBeaconInterceptor; C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\x64\Spybot3AntiBeaconService.exe --run [X]
2024-12-07 11:16 - 2024-12-07 11:16 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking
2024-12-07 11:15 - 2024-12-09 09:40 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
AlternateDataStreams: C:\Users\Trox1\Dane aplikacji:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Trox1\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
FirewallRules: [{3002E888-8F9C-4FF2-A381-9911FDB734C2}] => (Block) LPort=135
FirewallRules: [{1ED7D8D5-4A5B-4F6A-929D-91F81B105760}] => (Block) LPort=445
EmptyTemp:
Reboot:
End::

Copy highlighted text (right click - Copy).
Run FRST (FRST64) as Administrator.
Press Fix button once and wait. Program will create (Fixlog.txt). Attach it to the next post.

PC will reboot.

May I talk to you in private message?

Yes, you can write me to sandor@safezone,cc

@dragokas
Copy link
Owner

Closed.
Reason: no answer for 10 days.
If you still need our help, please, execute the last steps, requested by a helper.
Also, download again AutoLogger, prepare new CollectionLog, and write what problems remained.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Cure PC
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dragokas @Sandor-Helper @LIKATNO