[SOLVED] malwarebytes flagged something i hadn't clicked on

Status
Not open for further replies.
# Run at 5/12/2024 12:01:08 PM
# KpRm (Kernel-panik) version 2.17.0
# Website https://kernel-panik.me/tool/kprm/
# Run by localAdmin from C:\Users\lim1\Desktop
# Computer Name: HP2024
# OS: Windows 11 X64 (22631) (10.0.22631.3447)
# Number of passes: 2

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\windows\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\localAdmin\NTUSER.dat backed up

[OK] Registry Backup: \KPRM\backup\2024-05-12-12-01-08

- Delete Tools -

No tools found

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named KpRm created at 05/12/2024 13:38:43 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 05/12/2024 16:01:59

-- KPRM finished in 73.57s --




And these (in screenshot below) are the files from the fixes still showing on my desktop after running the tool --

KPRM wrote the log to a folder on C , KPRM which is why I could not find it before.
I had to sign out of the Limited account again after running the tool, I think this has something to do with the LocalAdmin account not being able to access the LImited account folder - I am given the option to change that but I have been keeping it that way.
Sorry about being confusing!! I am confused myself... sorry...


1715530286743.png1715530286743.png
 
Last edited:
Thanks!

And now, I guess, no FRST tool, no AdwCleaner, no Eset, no logs on your Desktops. Right?
 
Well, not exactly... the FRST tool I had copied twice I guess from Downloads to the Desktop. So a FRST(2) is still there. No ESET Adwcleaner or any other fixing type programs on the Limited Account desktop. The CBS logs , Fixlog, something in the screenshot above nz?something which I think was part of DISM or SCF logs.
The LocalAdmin desktop has no logs or programs from fixing on it. The screenshot above is from the Limited desktop.
 
These moves you did caused that. If you have FRST tool in any place, rename it from FRST64.exe or FRST64(2).exe to Uninstall.exe. Double click on it. It will be removed, along with the logs. As to the other things you have, just send them to the Recycle Bin.

Let me know when you finish.
 
Leave it there. Doesn't matter at all.

Anything else? :-)
 
one question back many posts ago -


1. Malwarebytes settings
Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
-- what does this do, and is it something I should do just routinely on my other computer?
 
Yes, now we have reached to the end. :-)


Now we know your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!
  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!
5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the built-in Windows antivirus, Windows Defender. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.
ZZZQehw.gif



I'm glad I was able to help you.
 
one question back many posts ago -


1. Malwarebytes settings
Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
-- what does this do, and is it something I should do just routinely on my other computer?

The option must be disabled, so Windows Defender can act as the main antivirus and Malwarebytes as the antimalware. This way, they work well together.
 
Status
Not open for further replies.
Back
Top