Solved RansomWare: STOP (Djvu)

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
Okay thank you, here's everything attached, I updated my computer also, and now am running version 1709, but I cannot see the ''virus and threat protection,'' also there's more new updates that are queued once they are completed I will see whether the ''virus and threat protection'' appears. Also should I go about doing the offline scan with windows defender? Or would you prefer me to hold off on that?
1637561628974.png

(Edit: I updated the last queued but there's this update ''2019-04 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4493440)'' which already successfuly updated, but keeps popping up and refuses to update everytime. So it's probably a glitch because it shouldn't even be appearing. You can see it in the photo above, and below is the photo where it shows the update history and you can see it successfully updated already then failing on most recent. Otherwise no sign of ''virus and threat protection''
1637561903763.png
 

Attachments

Last edited:

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Hiya Ransomware,

Unfortunately those logs do not shed any light on what happened with the StopDJVU infection, one thing for sure, you definitely dodged a bullet.

Before we finish up can you do the following please:

Download and run the Malwarebytes Support Tool
Accept the EULA and click Advanced tab on the left (not Start Repair)
Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here

When complete:-

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:

  • Open Malwarebytes, select Target scope inside Scanner window,
  • In the new window select "Reports" tab. All recent scan reports will be listed.
  • Hover cursor over latest report (Indentified by date and time) you will see eye tab, download tab and recycle bin tab.
  • Select "Download" tab, download, name and save report to place of your choice (recommend Desktop)
  • Attach that report to your reply...

Next,

SecurityCheck by glax24

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
If Microsoft SmartScreen blocks the download, click through to save the file
This tool is safe. Smartscreen is overly sensitive.
If SmartScreen blocks the file from running click on More info and Run anyway
Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward
Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt









Thank you,

Kevin
 

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
Thank you. Wow, Malwarebytes dug up even more things, it had to restart the computer as well. Among them was a password stealer 😬.
When I was first infected, my Facebook account was locked because it detected severely suspicious access from another source, had to change that password.
Since the malware was installed I didn't type any of my passwords in case of a key-logger, should I still change all of them probably?
Does a password stealer grab all your passwords even if you don't type them? Although I still have access to my emails and everything, didn't get any suspicious access notification for any of those.

Also after Malwarebytes scanned, I had an infinite pop-up loop from a trusted program I forgot which, I press yes and it comes back right after, so I clicked the restart needed in Malwarebytes before it popped up again, and that dealt with it. Probably the Trojan tasker virus..
 

Attachments

Last edited:

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Hiya Ransomware,

Yes Malwarebytes has flagged Malware/Infection that is probably results of StopDJVU. Also your SecurityCheck results log has highlighted there is still much work to be done. I`ve posted the log back to you, please use the live links to make the recommendations happen...

Fass Post Preview
SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17]
WebSite: www.safezone.cc
DateLog: 22.11.2021 23:53:04
Path starting: C:\Users\Aziz\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Aziz
VersionXML: 9.28is-21.11.2021
___________________________________________________________________________

Windows 10(6.3.16299) (x64) Core Release: 1709 Lang: English(0409)
Installation date OS: 22.11.2021 00:15:20
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 15, OfficeProPlusMSDNR_Retail edition Initial grace period ends :41486 minutes
LicenseStatus: Office 16, Office16O365HomePremR_Subscription4 edition Initial grace period ends :12686 minutes
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Initial grace period ends :5486 minutes
Boot Mode: Normal
Default Browser: C:\Users\Aziz\AppData\Local\Programs\Opera\Launcher.exe
SystemDrive: C: FS: [NTFS] Capacity: [913.1 Gb] Used: [237.9 Gb] Free: [675.2 Gb]
------------------------------- [ Windows ] -------------------------------
Extended support has ended Warning! Download Update
Internet Explorer 11.1087.16299.0 Warning! Download Update
User Account Control enabled
Notify before download
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Emsisoft Anti-Malware Home (enabled and up to date)
Windows Defender (disabled and up to date)
Malwarebytes (disabled and up to date)
Trend Micro Maximum Security (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Trend Micro Maximum Security (enabled and up to date)
Emsisoft Anti-Malware Home (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Trend Micro Password Manager v.5.0.0.1223
Malwarebytes version 4.4.11.149 v.4.4.11.149
Trend Micro Troubleshooting Tool v.6.0
Malwarebytes Privacy version 3.9.0.729 v.3.9.0.729 Warning! Download Update
Malwarebytes Privacy VPN Tunnel Driver v.1.0.0.0 Warning! Download Update
Trend Micro Maximum Security v.17.7
Emsisoft Anti-Malware v.21.11.0.11257
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft 365 - en-us v.16.0.14026.20270 Warning! Download Update
How Install Office updates?

Steam v.2.10.91.91
HP Support Assistant v.8.8.34.31
Evernote v. 5.3 v.5.3.0.3360 Warning! Download Update
------------------------------- [ Backup ] --------------------------------
Backup and Sync from Google v.3.57.4043.4118 Warning! This software is no longer supported. Please use Google Drive.
Google Drive v.53.0.8.0 [+]
Microsoft OneDrive v.21.205.1003.0005 Warning! Download Update
Dropbox v.135.4.4221
------------------------------ [ ArchAndFM ] ------------------------------
7-Zip 9.20 (x64 edition) v.9.20.00.0 Warning! Download Update
Uninstall old version and install new one.

-------------------------- [ IMAndCollaborate ] ---------------------------
Zoom v.5.8.4 (1736)
Skype version 8.72 v.8.72 Warning! Download Update
Skype™ 7.24 v.7.24.104 Warning! Download Update
-------------------------------- [ Media ] --------------------------------
Spotify v.1.0.74.380.g1fcff12a Warning! Download Update
K-Lite Codec Pack 16.0.5 Basic v.16.0.5 Warning! Download Update
VLC media player v.2.2.4 Warning! Download Update
QuickTime v.7.74.80.86 Warning! This software is no longer supported. Please uninstall it and use another software.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Creative Cloud v.3.4.1.181 Warning! Download Update
Adobe Flash Player 32 NPAPI v.32.0.0.465 Warning! This software is no longer supported. Please uninstall it.
Adobe Acrobat DC v.21.007.20099
Adobe Acrobat Reader DC v.21.007.20099
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 en-US) v.94.0.1 Warning! Download Update
Opera Stable 80.0.4170.72 v.80.0.4170.72 Warning! Download Update
Google Chrome v.96.0.4664.45
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Emsisoft Anti-Malware\a2start.exe v.2021.11.0.11257
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe v.2021.11.0.11257
Emsisoft Protection Service (a2AntiMalware) - The service is running
C:\Program Files\Emsisoft Anti-Malware\a2service.exe v.2021.11.0.11257
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe v.4.0.0.1170
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1170
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1009
C:\Program Files\McAfee Security Scan\3.11.883\SSScheduler.exe v.3.11.883.0
McAfee Validation Trust Protection Service (mfevtp) - The service has stopped
Platinum Host Service (Platinum Host Service) - The service is running
C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe v.3.12.0.1090
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe v.7.5.0.1128
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe v.17.7.0.1179
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe v.7.5.0.1128
C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe v.3.12.0.1090
C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe v.3.12.0.1090
C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe v.7.5.0.1128
C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe v.7.5.0.1128
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe v.4.18.2110.6
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.12.16299.15
Windows Defender Antivirus Service (WinDefend) - The service is running
Windows Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
Pluto TV version 0.4.2 v.0.4.2 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Unity Web Player v.5.3.2f1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Calculator v.1.1.0J Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Pluto TV version 0.2.0 v.0.2.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Protected Folder Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering.
Wondershare Helper Compact 2.6.0 v.2.6.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
UmmyVideoDownloader v.1.6.0.4 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Skype Click to Call v.8.5.0.9167 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.

Please post back logs from Malwarebytes, AdwCleaner and fresh log from SecurityChecks.

Thank you,

Kevin.
 

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
Thank you and sorry for the late reply there was another update that took me quite some time. So I'm now running on windows version 21H2, my computer really updated, I would've upgraded to windows 11 but my processor does not qualify. But thanks for letting me know, the computer looks great with these new updates.

I tried to delete most files on there, I think the rest are safe, but there is this "Calculator 1.1.0J'' I tried to uninstall it but my antiviruses block the uninstall on it for some reason, they flag it as malware. So I'd rather make sure to tell you first. So it was blocked by both Trend Micro Maximum Security and my Emsisoft Anti-malwares. And it's flagged as malware: Behavior.AutorunCreation
1637893927980.png
Otherwise there's the logs attached to everything else.
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Hiya Ransomware,

Thanks for the fresh logs and information update, good to hear your system is running good for you.

Continue please:

Run FRST one more time:

Type the following in the edit box after "Search:".

Calculator

Click Search Registry button and post the log it makes (SearchReg.txt) to your reply.

Thanks,

Kevin.
 

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
Ok, there you go. Hope we caught it if it is malware.

Also, I looked at the controlled folder access under ''Virus & Threat Protection'' which is available to me now after the updates, it is disabled because another antivirus is used instead, I assume you want me to turn it on for folder protection. I already protected my folders with Trend Micro Maximum Security's Folder Shield. So that antivirus provider is being used instead of Windows Defender, but if you think Windows Defender works better for real time protection I'll switch back to it instead.
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Hiya Ransomware,

Nothing to worry about in that log. Run the following to finish up:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

Next,

1. How to create strong Passwords - https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

2. How to keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download

3. Keep your Operating System upto date and current - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2

4. Answers to Security Questions and Best Pratices - https://www.bleepingcomputer.com/fo...-to-common-security-questions-best-practices/

5. Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

6. Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

Take care and surf safe

Kevin...
 

Ransomware

Thread Starter
Joined
Nov 18, 2021
Messages
13
Ok, thank you for all the help and the useful links. I gotta say I will miss the Farbar tool and every other tool that helped me take out the malware, I'm grateful they helped.

So should I finish up by doing an offline scan by Windows Defender as well to make sure nothing is lingering?
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,631
Hiya Ransomeware,

Thanks for the log and information update, yes an offline scan is well worth running just to double check your system again...
Let me know the outcome...

Regards,

Kevin.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top