Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Someone Apparently Clicked Email Link


  • This topic is locked This topic is locked
31 replies to this topic

#16 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:22 AM

Posted 02 April 2024 - 02:45 AM

There is an update that is proving to be problematic for some users at the moment.
Please try it again and advise the KB number of the update and the error number/message, if there is one.

What are the mouse issues that you refer to?
---------------------------------------------------------------------------------------------
Please now run a full scan with ESET Online Scanner, as an extra check.
If you still have the tool on your computer, you can ignore the first part of the instructions.

  • Download ESET Online Scanner from here and save it to your Desktop.
  • Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
  • Select your desired language from the drop-down menu and click Get started.
  • Click Yes if a User Account window appears.
  • In the Terms of use screen, click Accept if you agree to the Terms of use.
  • Click Get started in the welcome screen.
  • Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
  • Click Computer scan, in the Welcome back screen.
  • Choose Full scan on the next screen.
  • Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
  • Please note that this process can take several hours to complete.
  • At the end of the scan, the Found and resolved detections screen may be displayed. You can click View detailed results to view specific information. Click Continue.
  • On the following screen click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
  • ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.I suggest that you do not do this for now Click Continue
  • You are offered a 30 day trial of ESET Internet Security on the next screen. Click Continue
  • On the next screen, you can leave feedback about the program if you wish.
  • There is an option to delete the application's data on closing, but we can but we can do this later.
  • If you left feedback, click Submit and Close. If not, click Close.
  • Copy and paste the contents of the ESETScan.txt file in your next reply.

-----------------------------------------------------------------

Regarding your question on future clean-up, I suggest that you use the Windows Disk Cleanup tool, as follows..

  • On your keyboard, press the Windows and R keys at the same time to open the Run window.
  • Type cleanmgr and click OK.
  • The Disk Cleanup window should appear.
  • Select the drive you want to clean and click OK.
  • Tick the boxes for the items that you want to delete, and then click OK.
  • You can also click the Clean up system files button, but I'd leave that alone when doing regular maintenance.
  • Click OK and then click Delete files.

 



BC AdBot (Login to Remove)

 


#17 CPU_HDD

CPU_HDD
  • Topic Starter

  •  Avatar image
  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 02 April 2024 - 04:10 PM

The download that's not installing is KB5034441

 

ESET can't update the module, or whatever it's called, it keeps getting to 100% and starts over, then I get a message and it gets closed. Tried rebooting and uninstalling an old version


Edited by CPU_HDD, 02 April 2024 - 04:10 PM.


#18 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:22 AM

Posted 03 April 2024 - 07:11 AM

Please advise details of the error message displayed, when KB5034441 fails.
I see that there are reports of this one failing with an error 0x80070643.
Also please select Start > Settings > Update & Security > Windows Update > View update history .
Has KB5035845 March security update now been installed?
--------------------------------------------------------
I've occasionaly seen similar problems with ESET, which were resolved by clearing out all remaining content and starting again with a fresh version.
However all we are doing is an additional check, which we can cover with alternative tools.

  • Download and save the installation file from here:
  • Emsisoft
  • Double-click on the Emsisoft Emergency Kit setup file to start the installation process and then click on the Install button.
  • You may be presented with a User Account Control warning, asking you if you want to run this file. Click Yes to continue.
  • The downloaded package unpacks to “C:\EEK” by default and this folder now opens on your screen.
  • To start Emsisoft, double-click on the Start Emergency Kit Scanner icon in this folder.
  • You may get another User Account Control warning. Click Yes to continue.
  • Accept the Licence Agreement.
  • When you launch the program for the first time, Emsisoft Emergency Kit will automatically download updates. The Scan tab changes from orange to green when the update process is completed.
  • Leave the settings unchanged, which include detection of Potentially Unwanted Programs.
  • Now click on Malware Scan in the Scan button.
  • When the Emsisoft scan has finished, you will see a screen reporting details of any malicious files found on your computer.(Close the pop up inviting installation of Emsisoft protection)
  • Click Quarantine selected objects. (Note, this option is only shown if malicious objects were detected during the scan)
  • You may be asked to restart your computer.
  • When the threats have been quarantined, click the View Report button in the lower-right corner and the scan log will open in Notepad. The logs can also be accessed in the left hand menu bar.
  • Please save this log on your desktop and post the contents into your next reply.
  • When you close Emsisoft Emergency Kit it asks if you wish to sign up for a newsletter. This is optional, and does not affect the malware removal process.

-------------------------------------------------------------------
Then please run AdwCleaner as follows.
Please download AdwCleaner.

  • Close all open programs and browsers
  • Right click on the icon and select Run as administrator
  • Click Scan Now
  • When the scan has finished AdwCleaner shows you all detected PUPs and adware.
  • If any are found, select them and click Quarantine. (I would suggest that you do not select Pre-installed applications for now, or any other items you wish to keep.)
  • AdwCleaner prompts you to save and close your work before continuing. Click Continue.
  • After cleaning, you are prompted to restart your device. Click Restart now to complete the cleanup process.

Once your computer has restarted ...

  •     If it doesn't open automatically, please start AdwCleaner.
  •     Click on View Log File button (This log can also be found in the Log Files tab).
  •     A Notepad file will open containing the results.
  •     Click Skip Basic Repair (if the option appears)
  •     Please post the contents of the file in your next reply.

Edited by dennis_l, 03 April 2024 - 07:12 AM.


#19 CPU_HDD

CPU_HDD
  • Topic Starter

  •  Avatar image
  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 03 April 2024 - 09:45 PM

Yes, that is the error number after 5034441 fails. I don't see any March updates having 5035845.

 

Here are the Emsisoft and AdwCleaner logs, no restart needed according to AdwCleaner, skeptical some are malicious

 

Emsisoft Emergency Kit - Version 2023.10
Last update: 4/3/2024 9:08:48 PM
My own Weber-PC\Weber
 WEBER-PC
 Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On

Scan start:    4/3/2024 9:09:15 PM
C:\Users\Weber\Downloads\FreePDFReading(1).exe     detected: Application.Bundler (A) [304760]
C:\Users\Weber\Downloads\FreePDFReading(2).exe     detected: Application.Bundler (A) [304760]
C:\Users\Weber\Downloads\FreePDFReading(3).exe     detected: Application.Bundler (A) [304760]
C:\Users\Weber\Downloads\FreePDFReading(4).exe     detected: Application.Bundler (A) [304760]
C:\Users\Weber\Downloads\FreePDFReading(5).exe     detected: Application.Bundler (A) [304760]
C:\Users\Weber\Downloads\FreePDFReading(6).exe     detected: Application.Bundler (A) [304760]
C:\Users\Weber\Downloads\FreePDFReading.exe     detected: Application.Bundler (A) [304760]

Scanned    87939
Found    7
Scanning memory...
Scanning traces...
Scanning files...

Scan end:    4/3/2024 9:29:35 PM
Scan time:    0:20:20

C:\Users\Weber\Downloads\FreePDFReading.exe     Application.Bundler (A)
C:\Users\Weber\Downloads\FreePDFReading(6).exe     Application.Bundler (A)
C:\Users\Weber\Downloads\FreePDFReading(5).exe     Application.Bundler (A)
C:\Users\Weber\Downloads\FreePDFReading(4).exe     Application.Bundler (A)
C:\Users\Weber\Downloads\FreePDFReading(3).exe     Application.Bundler (A)
C:\Users\Weber\Downloads\FreePDFReading(2).exe     Application.Bundler (A)
C:\Users\Weber\Downloads\FreePDFReading(1).exe     Application.Bundler (A)

Quarantined    7

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2024-03-04.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-03-2024
# Duration: 00:00:01
# OS:       Windows 10 (Build 19045.4239)
# Cleaned:  8
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted       C:\Users\Weber\Downloads\DRIVERUPDATE.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\APN PIP
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|PCAcceleratePro.exe
Deleted       HKLM\Software\Classes\WtuServer.WtuServerObj
Deleted       HKLM\Software\Classes\WtuServer.WtuServerObj.1
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\45B71F1875D5E58488CC6F2DD0665B0E
Deleted       HKLM\Software\Wow6432Node\AVG Tuneup
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|PCAcceleratePro.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2281 octets] - [03/04/2024 21:34:35]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 



#20 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:22 AM

Posted 04 April 2024 - 05:31 AM

Please advise the date and number of any March/April updates installed and confirm if KB5034441 is the only one that fails to install.
This Bleeping Computer article advises more detail on this and I would like to draw your attention to the following.

However, if you are not comfortable using command line programs, we strongly suggest you hold off on performing these steps as the vulnerability requires physical access to your device, minimizing its impact.
Instead, you should wait for a solution from Microsoft, which may offer an automated way to recreate a larger Windows Recovery partition.

 

Let's run a full scan next with Windows Defender, as it is now enabled.

  • Select Start  > Settings  > Update & Security > Windows Security and then Virus & threat protection.
  • Under Current threats, select Scan options.
  • Select Full scan (Checks all files and running programs currently on hard disk).
  • This will take some time to complete.
  • You will be able to view any detections under Current threats, in the Virus & threat protection screen.

Please advise if anything was found.



#21 CPU_HDD

CPU_HDD
  • Topic Starter

  •  Avatar image
  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 05 April 2024 - 07:11 PM

It said No current threats



#22 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:22 AM

Posted 06 April 2024 - 08:04 AM

Excellent.

Did you manage to check the March/April updates?



#23 CPU_HDD

CPU_HDD
  • Topic Starter

  •  Avatar image
  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 08 April 2024 - 10:51 PM

sorry it took so long to get back to this

 

3/30  890830

3/28  5001716

3/30  5036580

3/31  5035941

defender definitions, looks like the rest installed?


Edited by CPU_HDD, 08 April 2024 - 10:53 PM.


#24 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:22 AM

Posted 09 April 2024 - 05:22 AM

No problem.
There is still a missing update, that I would have expected to be installed by now.
It's actually monthly update day today, so please do another check for updates later and let me know what is offered/installed.
They are released about 6 pm here, so probably early afternoon, where you are.
Hopefully the April security patch will go on ok.



#25 CPU_HDD

CPU_HDD
  • Topic Starter

  •  Avatar image
  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 10 April 2024 - 09:06 PM

5036892 & 5037036 took time, one went to 100% install then back to 20% quite a while, kind of like ESET did. Eventually installed though

 

890830 and defender updates seemed to go OK, 5034441 no luck

 

My FB apparently hacked  can I use this machine to reclaim it yet or is that a bad idea at this point?



#26 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:22 AM

Posted 11 April 2024 - 04:59 AM

If you have already updated your passwords, then you should be ok now.

Finally, let's run a security check on the computer.

  •     Download SecurityCheck by glax24:
  •     If SmartScreen blocks the file click on More info and then Run anyway.
  •     Right-click  with your mouse on the Securitycheck.exe  and choose Run as administrator and allow it to proceed.
  •     When the scan has finished, it will open a text file named SecurityCheck.txt.
  •     Close the file and Copy and paste the contents in your next reply.
  •    The file can be found in a folder located at C:\SecurityCheck


#27 CPU_HDD

CPU_HDD
  • Topic Starter

  •  Avatar image
  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 11 April 2024 - 08:38 PM

Here's the file, hope it ran properly said goes check ?

 

SecurityCheck by glax24 & Severnyj v.1.4.0.57 [24.01.24]
WebSite: www.safezone.cc
DateLog: 11.04.2024 20:29:42
Path starting: C:\Users\Weber\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Weber
VersionXML: 11.08is-09.04.2024
___________________________________________________________________________

Windows 10(6.3.19045) (x64) Professional Release: 2009 Lang: English(0409)
Installation date OS: 20.12.2020 19:15:22
LicenseStatus: Windows®, Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
SystemDrive: C: FS: [NTFS] Capacity: [446.5 Gb] Used: [138.3 Gb] Free: [308.2 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 3)
Notify before download
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Bitdefender Antivirus (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Bitdefender Antivirus Free v.26.0.28.94
Bitdefender Agent v.27.0.1.266
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft .NET Framework 4.7.2 v.4.7.03062 Warning! Download Update
OpenOffice 4.1.0 v.4.10.9764 Warning! Download Update
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.24.050.0310.0001 Warning! Download Update
------------------------------- [ Imaging ] -------------------------------
GIMP 2.8.18 v.2.8.18 Warning! Download Update
IrfanView 4.53 (64-bit) v.4.53 Warning! Download Update
-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.8 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat Reader v.24.001.20643
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 en-US) v.124.0.2
Google Chrome v.123.0.6312.106
Microsoft Edge v.123.0.2420.81
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe v.27.0.30.138
Bitdefender Auxiliary Service (BDAuxSrv) - The service is running
C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe v.1.0.1.113
C:\Program Files\Bitdefender Agent\redline\bdredline.exe v.1.0.1.113
Bitdefender Protected Service (BDProtSrv) - The service is running
C:\Program Files\Bitdefender\Bitdefender Security App\safepay\bdservicehost.exe v.27.0.30.138
C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe v.27.0.30.138
C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe v.27.0.30.138
Bitdefender RedLine Service (bdredline) - The service is running
C:\Program Files\Bitdefender\Bitdefender Security App\safepay\bdservicehost.exe v.27.0.30.138
C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe v.27.0.30.138
C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe v.27.0.30.138
ProductAgentService (ProductAgentService) - The service is running
C:\Program Files\Bitdefender Agent\ProductAgentService.exe v.27.0.1.263
Bitdefender Desktop Update Service (UPDATESRV) - The service is running
C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe v.27.0.30.138
Bitdefender Virus Shield (VSSERV) - The service is running
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe v.4.18.24030.9
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------

 



#28 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:22 AM

Posted 12 April 2024 - 06:15 AM

That's fine.
I'd like to make you aware that there are some errors in the log, related to Adobe Reader, and this article  details the recommended troubleshooting steps. You may wish to take a look at this.
Apart from the recommendations listed by SecurityCheck, I believe that we are nearly all set now.
Please advise if you have any further questions, before I post some tool/log clean up instructions and information for your future reference.



#29 CPU_HDD

CPU_HDD
  • Topic Starter

  •  Avatar image
  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 13 April 2024 - 10:33 PM

Thanks, Do I need to update the stuff SecurityCheck says?  Don't want to have to relearn a program because the updated one is much changed. Not sure if this is a problem or not.

 

Not sure if the Adobe stuff is a problem? Not sure if anyone is having issues using it, don't remember any.

 

Is there any evidence of other hacking/intrusion? Besides the phishing attempt?


Edited by CPU_HDD, 13 April 2024 - 10:34 PM.


#30 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:22 AM

Posted 14 April 2024 - 12:40 PM

Although there was no evidence of an intruder, it would make sense to follow the recommendations provided by SecurityCheck, to increase your security for the future. Ultimately though, the choice is yours whether or not to apply these updates.
If you are not seeing any issues with Adobe, then you can leave that one for now.

You can always refer back to the article in the future, if necessary.

 






3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users