Malware- Katana Phns (desktop-pighecd)- 20240316

Discussion in 'Malware Help - Public (Anyone Can Post & Respond)' started by manilka835, Mar 16, 2024.

  1. manilka835

    manilka835 Specialist

    A Desktop computer has been received for usage after software installation for boot failure.

    I have run READ & RUN ME FIRST- Malware Removal Guide to make sure there are no Malware. The relevant logs are attached. I would also value any suggestions which may streamline the function of this computer


    Dr. K.D.J.H. Manilka Jayawardena,
    Medical Officer of Health,
    Katana.
    Proud to be a Sri Lankan!
     

    Attached Files:

    manilka835, Mar 16, 2024
    #1
  2. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings and welcome back to the Major Geeks Malware Forum.

    Please do this

    ===================================================

    Farbar Recovery Scan Tool (FRST)

    --------------------
    • Right click on FRST64, select Save Link As..., and save the file on your Desktop
    • If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
    • Right click on the icon and select Run as administrator
    • Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
    • Click Yes to the disclaimer
    • Click Scan and allow the program to run
    • When completed, FRST.txt and Addition.txt reports will be saved on the Desktop
    • Please attach the reports to your reply
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

    • Attached reports
     
    Oh My!, Mar 16, 2024
    #2
    manilka835 likes this.
  3. manilka835

    manilka835 Specialist

    Nice to see you again too.

    FRST.txt and Addition.txt reports are attached hereto.
     

    Attached Files:

    manilka835, Mar 17, 2024
    #3
  4. Oh My!

    Oh My! Malware Expert Staff Member

    Greetings.
    Can you provide any insight into the installation of Microsoft Office?
     
    Oh My!, Mar 17, 2024
    #4
    manilka835 likes this.
  5. manilka835

    manilka835 Specialist

    I activated Microsoft Office through my Microsoft Account which was created when I installed the Microsoft Office in another computer. It was already installed when we received the computer but required activation
     
    manilka835, Mar 17, 2024
    #5
  6. Oh My!

    Oh My! Malware Expert Staff Member

    Thank you.

    I am not sure what happened with the date.

    Please do this.

    ===================================================

    Farbar Recovery Scan Tool Fix

    --------------------
    • Right click on the FRST64 icon and select Run as administrator
    • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
    • There is no need to paste the information anywhere, FRST64 will do it for you
    Code:
    Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
    • Click Fix
    • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
    • Fixlog
     
    Oh My!, Mar 17, 2024
    #6
    manilka835 likes this.
  7. manilka835

    manilka835 Specialist

    Fixlog.txt

    Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2024
    Ran by PROTECH (18-03-2024 22:14:04) Run:1
    Running from C:\Users\PROTECH\Desktop
    Loaded Profiles: defaultuser0 & PROTECH
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Start::
    SystemRestore: On
    CreateRestorePoint:
    CloseProcesses:
    cmd: sfc /scannow
    cmd: DISM /Online /Cleanup-Image /CheckHealth
    End::
    *****************

    SystemRestore: On => completed
    Restore point was successfully created.
    Processes closed successfully.

    ========= sfc /scannow =========



    Beginning system scan. This process will take some time.



    Beginning verification phase of system scan.


    Verification 0% complete.
    Verification 1% complete.
    Verification 1% complete.
    Verification 2% complete.
    Verification 2% complete.
    Verification 3% complete.
    Verification 4% complete.
    Verification 4% complete.
    Verification 5% complete.
    Verification 5% complete.
    Verification 6% complete.
    Verification 7% complete.
    Verification 7% complete.
    Verification 8% complete.
    Verification 8% complete.
    Verification 9% complete.
    Verification 10% complete.
    Verification 10% complete.
    Verification 11% complete.
    Verification 11% complete.
    Verification 12% complete.
    Verification 12% complete.
    Verification 13% complete.
    Verification 14% complete.
    Verification 14% complete.
    Verification 15% complete.
    Verification 15% complete.
    Verification 16% complete.
    Verification 17% complete.
    Verification 17% complete.
    Verification 18% complete.
    Verification 18% complete.
    Verification 19% complete.
    Verification 20% complete.
    Verification 20% complete.
    Verification 21% complete.
    Verification 21% complete.
    Verification 22% complete.
    Verification 23% complete.
    Verification 23% complete.
    Verification 24% complete.
    Verification 24% complete.
    Verification 25% complete.
    Verification 25% complete.
    Verification 26% complete.
    Verification 27% complete.
    Verification 27% complete.
    Verification 28% complete.
    Verification 28% complete.
    Verification 29% complete.
    Verification 30% complete.
    Verification 30% complete.
    Verification 31% complete.
    Verification 31% complete.
    Verification 32% complete.
    Verification 33% complete.
    Verification 33% complete.
    Verification 34% complete.
    Verification 34% complete.
    Verification 35% complete.
    Verification 36% complete.
    Verification 36% complete.
    Verification 37% complete.
    Verification 37% complete.
    Verification 38% complete.
    Verification 38% complete.
    Verification 39% complete.
    Verification 40% complete.
    Verification 40% complete.
    Verification 41% complete.
    Verification 41% complete.
    Verification 42% complete.
    Verification 43% complete.
    Verification 43% complete.
    Verification 44% complete.
    Verification 44% complete.
    Verification 45% complete.
    Verification 46% complete.
    Verification 46% complete.
    Verification 47% complete.
    Verification 47% complete.
    Verification 48% complete.
    Verification 49% complete.
    Verification 49% complete.
    Verification 50% complete.
    Verification 50% complete.
    Verification 51% complete.
    Verification 51% complete.
    Verification 52% complete.
    Verification 53% complete.
    Verification 53% complete.
    Verification 54% complete.
    Verification 54% complete.
    Verification 55% complete.
    Verification 56% complete.
    Verification 56% complete.
    Verification 57% complete.
    Verification 57% complete.
    Verification 58% complete.
    Verification 59% complete.
    Verification 59% complete.
    Verification 60% complete.
    Verification 60% complete.
    Verification 61% complete.
    Verification 62% complete.
    Verification 62% complete.
    Verification 63% complete.
    Verification 63% complete.
    Verification 64% complete.
    Verification 64% complete.
    Verification 65% complete.
    Verification 66% complete.
    Verification 66% complete.
    Verification 67% complete.
    Verification 67% complete.
    Verification 68% complete.
    Verification 69% complete.
    Verification 69% complete.
    Verification 70% complete.
    Verification 70% complete.
    Verification 71% complete.
    Verification 72% complete.
    Verification 72% complete.
    Verification 73% complete.
    Verification 73% complete.
    Verification 74% complete.
    Verification 75% complete.
    Verification 75% complete.
    Verification 76% complete.
    Verification 76% complete.
    Verification 77% complete.
    Verification 77% complete.
    Verification 78% complete.
    Verification 79% complete.
    Verification 79% complete.
    Verification 80% complete.
    Verification 80% complete.
    Verification 81% complete.
    Verification 82% complete.
    Verification 82% complete.
    Verification 83% complete.
    Verification 83% complete.
    Verification 84% complete.
    Verification 85% complete.
    Verification 85% complete.
    Verification 86% complete.
    Verification 86% complete.
    Verification 87% complete.
    Verification 87% complete.
    Verification 88% complete.
    Verification 89% complete.
    Verification 89% complete.
    Verification 90% complete.
    Verification 90% complete.
    Verification 91% complete.
    Verification 92% complete.
    Verification 92% complete.
    Verification 93% complete.
    Verification 93% complete.
    Verification 94% complete.
    Verification 95% complete.
    Verification 95% complete.
    Verification 96% complete.
    Verification 96% complete.
    Verification 97% complete.
    Verification 98% complete.
    Verification 98% complete.
    Verification 99% complete.
    Verification 99% complete.
    Verification 100% complete.


    Windows Resource Protection found corrupt files and successfully repaired them.

    For online repairs, details are included in the CBS log file located at

    windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

    repairs, details are included in the log file provided by the /OFFLOGFILE flag.



    ========= End of CMD: =========


    ========= DISM /Online /Cleanup-Image /CheckHealth =========


    Deployment Image Servicing and Management tool
    Version: 10.0.19041.3636

    Image Version: 10.0.19045.4170

    No component store corruption detected.
    The operation completed successfully.


    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog 22:37:17 ====
     
    manilka835, Mar 18, 2024
    #7
  8. Oh My!

    Oh My! Malware Expert Staff Member

    Some corrupt files were repaired and things now look good. Are you currently experiencing any issues or have any concerns?
     
    Oh My!, Mar 18, 2024
    #8
    manilka835 likes this.
  9. manilka835

    manilka835 Specialist

    No issues detected even after running my weekly Malware Scan.
     
    manilka835, Mar 19, 2024
    #9
  10. Oh My!

    Oh My! Malware Expert Staff Member

    Very good.

    Here is our final step and some additional information to consider.

    ===================================================

    KpRm by Kernel-panik

    --------------
    • Download KpRm and save it to your Desktop (see here if you must use Chrome)
    • Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
    • Right click on the icon and select Run as administrator
    • Click Yes on the Disclaimer
    • Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
    • Click Run
    • Click OK on All operations are completed
    • KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
    • You are free to remove any other tools/reports still remaining
    ===================================================

    All Clean!

    --------------

    Your computer is now clean. Please consider this going forward.

    ===================================================

    Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

    Thank you for placing your trust in Major Geeks. It was a pleasure serving you.
     
    Oh My!, Mar 19, 2024
    #10
    manilka835 likes this.
  11. manilka835

    manilka835 Specialist

    Thank You so much for your time and effort.

    This is yours truly signing off till another desktop or laptop is received.
     
    manilka835, Mar 20, 2024
    #11
  12. Oh My!

    Oh My! Malware Expert Staff Member

    See you next time!

    Gary
     
    Oh My!, Mar 20, 2024
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds