Virus notifications


  1. Posts : 6
    Windows 10 Pro
       #1

    Virus notifications


    Hi

    I use a Acer Aspire A315-34 laptop with Intel Celeron N4020 at 1.1 GHZ CPU and the OS is Windows 10 Pro 64 bits version 22H2 compilation 19045.3086

    After I clicked in a suspicious "system warning" that opened all of a sudden while I was in the internet, my notebook started showing notifications of a supposed virus infection. The notification panel of my toolbar opens from time to time to say that it's infected by "skipalos.xyz". I had to turn the audio off to not be bothered by them.

    Can anyone help?

    Thanks in advance,

    Tecolote
      My Computer


  2. Posts : 8,212
    windows 10
       #2
      My Computer


  3. Posts : 349
    Windows 11 Home (x64) Version 23H2
       #3

    Howdy Tecolote, and if you have not been welcomed to the forum then Welcome !

    Full System Scan with Malwarebytes Antimalware >>> https://www.malwarebytes.com/mwb-download
    * If not existing, please download Malwarebytes' Anti-Malware to your desktop.
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    * If the program is already installed:
    * Run Malwarebytes Antimalware
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location.
    * The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    * Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    *** Post that log back here or just tell me what it found ?
    If it is to long then you will have to zip it or find a site to download it to & let me know where !

    =============

    Malwarebytes AdwCleaner >>> Download AdwCleaner

    Please download AdwCleaner and save it to your Desktop
    * Close all open programs and browsers
    * Right click on the icon and select Run as administrator
    * Click Scan now
    * Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep
    * When completed click View Scan Log File
    * Copy and paste the contents in your reply
    * Click Skip Basic Repair if it appears then close the program

    Thanks !
      My Computer


  4. Posts : 6
    Windows 10 Pro
    Thread Starter
       #4

    Thank you, Samuria, for your answer.

    - - - Updated - - -

    Hello, Chuck. Thanks for the welcome, and for your answer too!

    The version of Malwarebytes that downloaded is the premium trial version. There was no choice of version, I just downloaded it through the free download link. I hope it works normally after the trial end (which it didn't say how long it lasts).

    Here is what MB found and I removed (in the portughese BR language):

    Malwarebytes
    www.malwarebytes.com

    -Detalhes do Relatório-
    Data da análise: 22/07/2023
    Hora da análise: 11:00
    Arquivo de relatório: 2a6b26fc-2898-11ee-b803-7c8ae1dd074f.json

    -Informações do Software-
    Versão: 4.5.33.272
    Versão de componentes: 1.0.2069
    Versão do pacote de definições: 1.0.72797
    Licença: Versão de Avaliação

    -Informações do Sistema-
    Sistema operacional: Windows 10 (Build 19045.3086)
    Processador: x64
    Sistema de arquivos: NTFS
    Usuário: DESKTOP-AVQH55B\Acer

    -Resumo da Análise-
    Tipo de análise: Análise de Ameaças
    Análise Iniciada Por: Manual
    Resultado: Concluído
    Objetos verificados: 303923
    Ameaças detectadas: 25
    Ameaças em quarentena: 25
    Tempo decorrido: 7 min, 34 seg

    -Opções da Análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Desabilitado
    Heurística: Habilitado
    Programa Potencialmente Indesejado: Detetar
    PUM (modificação potencialmente indesejada): Detetar

    -Detalhes da Análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 15
    PUP.Optional.DriverPack, HKU\S-1-5-21-2011729660-300043873-2358486370-1001\SOFTWARE\DRPSU, Quarentena, 5922, 472301, 1.0.72797, , ame, , ,
    PUP.Optional.DriverPack, HKU\S-1-5-21-2011729660-300043873-2358486370-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\drp.su, Quarentena, 5922, 472298, 1.0.72797, , ame, , ,
    PUP.Optional.DriverPack, HKU\S-1-5-21-2011729660-300043873-2358486370-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\update.drp.su, Quarentena, 5922, 472297, 1.0.72797, , ame, , ,
    PUP.Optional.DriverPack, HKU\S-1-5-21-2011729660-300043873-2358486370-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\drp.su, Quarentena, 5922, 472299, 1.0.72797, , ame, , ,
    PUP.Optional.DriverPack, HKU\S-1-5-21-2011729660-300043873-2358486370-1000\SOFTWARE\DRPSU, Quarentena, 5922, 472301, 1.0.72797, , ame, , ,
    PUP.Optional.DriverPack, HKU\S-1-5-21-2011729660-300043873-2358486370-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\drp.su, Quarentena, 5922, 472298, 1.0.72797, , ame, , ,
    PUP.Optional.DriverPack, HKU\S-1-5-21-2011729660-300043873-2358486370-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\update.drp.su, Quarentena, 5922, 472297, 1.0.72797, , ame, , ,
    PUP.Optional.DriverPack, HKU\S-1-5-21-2011729660-300043873-2358486370-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\drp.su, Quarentena, 5922, 472299, 1.0.72797, , ame, , ,
    PUP.Optional.DriverPack, HKLM\SOFTWARE\WOW6432NODE\DRPSU, Quarentena, 5922, 472300, 1.0.72797, , ame, , ,
    RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Office16ProPlus, Quarentena, 7629, 820459, , , , , ,
    RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{72168D45-CF76-4A52-B6F0-1315792E69BD}, Quarentena, 7629, 820459, , , , , ,
    RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{72168D45-CF76-4A52-B6F0-1315792E69BD}, Quarentena, 7629, 820459, , , , , ,
    RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Windows100Professional, Quarentena, 7629, 820459, , , , , ,
    RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EE798EA4-5FCF-4F2F-89F1-36C633D62B7E}, Quarentena, 7629, 820459, , , , , ,
    RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{EE798EA4-5FCF-4F2F-89F1-36C633D62B7E}, Quarentena, 7629, 820459, , , , , ,

    Valor de registro: 4
    PUP.Optional.DriverPack, HKU\S-1-5-21-2011729660-300043873-2358486370-1001\SOFTWARE\DRPSU|CLIENTID, Quarentena, 5922, 472301, 1.0.72797, , ame, , ,
    PUP.Optional.DriverPack, HKU\S-1-5-21-2011729660-300043873-2358486370-1000\SOFTWARE\DRPSU|CLIENTID, Quarentena, 5922, 472301, 1.0.72797, , ame, , ,
    PUP.Optional.DriverPack, HKLM\SOFTWARE\WOW6432NODE\DRPSU|CLIENTID, Quarentena, 5922, 472300, 1.0.72797, , ame, , ,
    PUP.Optional.DriverPack.BITSRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{92A3360 E-7CA0-4F55-B6AC-2516A8202E38}, Quarentena, 9808, 820531, 1.0.72797, , ame, , ,

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 3
    RiskWare.KMS, C:\WINDOWS\SYSTEM32\TASKS\R@1N-KMS, Quarentena, 7629, 820459, 1.0.72797, , ame, , ,
    PUP.Optional.DriverPack.BITSRST, C:\USERS\ACER\APPDATA\ROAMING\DRPSU, Quarentena, 9808, 820473, 1.0.72797, , ame, , ,
    Trojan.FakeChrome, C:\CHRONE, Quarentena, 8508, 1002940, 1.0.72797, , ame, , ,

    Arquivo: 3
    RiskWare.KMS, C:\Windows\System32\Tasks\R@1n-KMS\Office16ProPlus, Quarentena, 7629, 820459, , , , , 997B694B0E431609C71F26178B39B471, E4BCE8FACC3043D6A848F77FAA04430359BB503FBE8B5D7A18C48D8C082BD93B
    RiskWare.KMS, C:\Windows\System32\Tasks\R@1n-KMS\Windows100Professional, Quarentena, 7629, 820459, , , , , 8462E01F881F30E16398EF21377B7B28, 8B266A23A3267F547B716003DAC83B22B47F29B8FA61EDF85A376FA0D19D8D23
    PUP.Optional.DotSetupIo, C:\USERS\ACER\DOWNLOADS\MEMU-SETUP-ABROAD-SDK.EXE, Quarentena, 10656, 1000511, 1.0.72797, , ame, , 6CC9A78E4778F77343CA22CB09CC8BE5, DCBD77AD65145AB5AA64B8C08608991A6CC23DAABF02CF0695F2261DA3EC5B7D

    Setor físico: 0
    (Nenhum item malicioso detectado)

    Instrumentação do Windows (WMI): 0
    (Nenhum item malicioso detectado)


    (end)

    **********************************************************

    Follows the log from Adwcleaner.


    **********************************************************

    # -------------------------------
    # Malwarebytes AdwCleaner 8.4.0.0
    # -------------------------------
    # Build: 08-30-2022
    # Database: 2023-07-19.3 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 07-22-2023
    # Duration: 00:00:19
    # OS: Windows 10 (Build 19045.3086)
    # Scanned: 32108
    # Detected: 0


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


    That's it for now. Thanks once more.
    Tecolote
      My Computer


  5. Posts : 349
    Windows 11 Home (x64) Version 23H2
       #5

    @Tecolote, that should of removed the malicious web site that was causing the Skipalos.xyz which uses fake error messages and alerts to trick victims into subscribing to its push notifications. If you do subscribe to the Skipalos.xyz notifications, you will start seeing receiving spam popups similar to the image below directly on your device even if the browser is closed. These ads are for adult sites, online web games, fake software updates, and unwanted programs.
    And it removed a Trojan.FakeChrome, are you still getting any popups about Skipalos or anything ??
    Thanks for posting the logs back !!

    - - - Updated - - -
    @Tecolote, that should of removed the malicious web site that was causing the Skipalos.xyz which uses fake error messages and alerts to trick victims into subscribing to its push notifications. If you do subscribe to the Skipalos.xyz notifications, you will start seeing receiving spam popups similar to the image below directly on your device even if the browser is closed. These ads are for adult sites, online web games, fake software updates, and unwanted programs.
    And it removed a Trojan.FakeChrome, are you still getting any popups about Skipalos or anything ??
    Thanks for posting the logs back !!
      My Computer


  6. WXC
    Posts : 13,170
    Windows 10 Pro 64-bit 22H2 19045.4046
       #6

    Tecolote said:
    The version of Malwarebytes that downloaded is the premium trial version. There was no choice of version, I just downloaded it through the free download link. I hope it works normally after the trial end (which it didn't say how long it lasts).
    Hello, Tecolote.

    Welcome.

    The Premium Trial version will revert to the Free version, after fourteen (14) days.

    The difference between the two are that with the Premium version, you have continuous real-time protection. The Free version does not have real time protection, but serves as an on-demand scanner. A very good one too.

    Best of luck with everything.
      My Computer


  7. Posts : 6
    Windows 10 Pro
    Thread Starter
       #7

    Hi, WXC. Thanks for the reply. I didn't know apps could "revert" from free to payware. Keep the good work!
    Cheers,
    Tecolote

    - - - Updated - - -

    Hi, Chuck.
    Thank you very much! Seems it's clean now. I don't receive notifications anymore. Gonna continue using the antivirus.
    Best regards,
    Tecolote
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:42.
Find Us




Windows 10 Forums