Solved Keep getting critical virus alert popup

cyberdev

Thread Starter
Joined
Jun 27, 2006
Messages
116
I keep getting popups in my notification centre saying critical virus alert
I fear I may have accidently clicked on something I should not have

Besides the FRST files here are a couple pictures
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Hi, cyberdev.

Let's check the computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

=========================

Please allow me some time to review your logs and return to you when I am ready.
 

cyberdev

Thread Starter
Joined
Jun 27, 2006
Messages
116
Thank you for your time after I noticed this (and before I posted) I downloaded malwarebyes and ran a scan nothing I also ran a quick scan with the default microsoft antivirus and nothing popped up. If releveant the popup seems to happen every 3-4 minutes or so
 

cyberdev

Thread Starter
Joined
Jun 27, 2006
Messages
116
Hi I just noticed one thing seems like I acccidently updated site permissions on a website. When looking at my site permissions I seemed to have a new one there with the same name marinerepairdata if I reset these permissions will this solve the problem (seems like I set it to allow by accident)?
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Hi, again.

Let's start.

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {9ED85A5E-CB59-43A6-9056-172DFB1D2D33} - System32\Tasks\App Explorer => C:\Users\Devin\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7744560 2021-01-19] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Notifications: Default -> hxxps//marinerepairdata.com
SearchScopes: HKU\S-1-5-21-673952415-1793088399-1639711930-1001 -> {0C357229-4BF7-47CC-8C4D-8A1C4622D4BF} URL =
FirewallRules: [{3C0658B9-12F4-4077-A956-7D0D5911C9B4}] => (Allow) C:\Users\Devin\AppData\Local\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{DA4012AE-F469-48CE-892B-F029219B2C33}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
C:\Users\Devin\AppData\Local\Host App Service
DeleteKey: HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
DeleteKey: HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
DeleteKey: HKU\S-1-5-21-673952415-1793088399-1639711930-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

2. Run AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

In your next reply please post:
  1. The fixlog.txt
  2. The AdwCleaner[S0*].txt
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Hi I just noticed one thing seems like I acccidently updated site permissions on a website. When looking at my site permissions I seemed to have a new one there with the same name marinerepairdata if I reset these permissions will this solve the problem (seems like I set it to allow by accident)?
Yes, you enabled notifications from that site. In the fix above I cancelled that.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Right. You will find it in your Downloads folder, since the FRST is in there. Good question. 👍🏻🙂
 

cyberdev

Thread Starter
Joined
Jun 27, 2006
Messages
116
Here is the requested files i noticed when running ADWCleaner the following showed up in the list
adware.pokki
pup.optional.legacy

should those be removed as well
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
They are all adware and have to be removed.

Now it’s almost 11p.m. here, so I will be with you tomorrow with a new set of instructions.
 

cyberdev

Thread Starter
Joined
Jun 27, 2006
Messages
116
thanks I have not had a popup since I did this. Get some sleep we can address that other adware tomorrow at least I can actually use my laptop now without a popup every few minutes
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Hi!

Let's clean.

1. AdwCleaner (Clean mode)

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I don't keep anything I don't need/use. But it's your computer so your decision.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Eset Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

In your next reply please post:
  1. The AdwCleaner[C0*].txt
  2. The eset.txt
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Yes... No kidding. Sometimes it can take even more! :)

Time to see fresh FRST logs. Please attach fresh Addition and FRST logs.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Hi, cyberdev.

Things are much better now.

Let's do some maintenance:

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-673952415-1793088399-1639711930-1001 -> DefaultScope {0C357229-4BF7-47CC-8C4D-8A1C4622D4BF} URL = 
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
S3 MpKsl69c863b4; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7D298891-A15D-4812-9388-20F409F45E2D}\MpKslDrv.sys [X]
unlock: C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:
  1. The fixlog.txt
  2. How is the computer running now? Any remaining issues/questions/concerns?
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top