Solved Possible remote control threat

[Avy]

I have been receiving this strange error the past couple of days, that a file: "GL503GE_pre.sign" was unable to be copied. GL503GE is my laptop model, but I am not copying this file, I wasn't even able to find out any info about it. I don't know what is causing it, I scanned my PC using MalwareBytes and Windows Defender (full scans for both) but nothing was detected and I have no idea why this happens. I will attach a screenshot of the error. Any help will be greatly appreciated.

 

[veeg]

Hello

I will tag our expert for help..

@Malnutrition

 

[Malnutrition]

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

1. Accept the default whitelist options,
2. If the additions.txt options box is not checked please select it.
3. Then select Scan

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please Attach the contents of these logs in your next post for review by our Security Team

 

[Malnutrition]

Also, download the everything search engine, and type .sign in the everything search window.
Then click Edit select all.
Right click highlighted text.
Copy full name to clipboard.
Post those results in your next reply along with the FRST and Addition.txt logs.

 

[Avy]

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.

1. Accept the default whitelist options,
2. If the additions.txt options box is not checked please select it.
3. Then select Scan

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please Attach the contents of these logs in your next post for review by our Security Team

Hello, thank you for you in-depth reply.

I have followed your instructions and have attached FRST.txt but I am unable to attach Addition.txt

Everything search engine results:

C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.136.0_x64__8wekyb3d8bbwe\YourPhoneServer\Microsoft.AspNetCore.SignalR.Client.Core.dll
C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.136.0_x64__8wekyb3d8bbwe\YourPhoneServer\Microsoft.AspNetCore.SignalR.Client.dll
C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.136.0_x64__8wekyb3d8bbwe\YourPhoneServer\Microsoft.AspNetCore.SignalR.Common.dll
C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.136.0_x64__8wekyb3d8bbwe\YourPhoneServer\Microsoft.AspNetCore.SignalR.Protocols.Json.dll
C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.136.0_x64__8wekyb3d8bbwe\YourPhoneServer\Microsoft.AspNetCore.SignalR.Protocols.MessagePack.dll
C:\Gradle\docs\dsl\org.gradle.plugins.signing.Sign.html
C:\Users\night\.gradle\wrapper\dists\gradle-5.4.1-all\3221gyojl5jsh0helicew7rwx\gradle-5.4.1\docs\dsl\org.gradle.plugins.signing.Sign.html
C:\Gradle\docs\dsl\org.gradle.plugins.signing.SigningExtension.html
C:\Users\night\.gradle\wrapper\dists\gradle-5.4.1-all\3221gyojl5jsh0helicew7rwx\gradle-5.4.1\docs\dsl\org.gradle.plugins.signing.SigningExtension.html
C:\Gradle\src\signing\META-INF\gradle-plugins\org.gradle.signing.properties
C:\Users\night\.gradle\wrapper\dists\gradle-5.4.1-all\3221gyojl5jsh0helicew7rwx\gradle-5.4.1\src\signing\META-INF\gradle-plugins\org.gradle.signing.properties
D:\Steam\steam.signatures
C:\Windows\System32\Windows.Internal.Signals.dll
C:\Windows\WinSxS\amd64_microsoft-windows-signalmanager_31bf3856ad364e35_10.0.22000.1_none_3559580e92087d6d\Windows.Internal.Signals.dll

Thank you

 

[Avy]

Hello, thank you for you in-depth reply.

I have followed your instructions and have attached FRST.txt but I am unable to attach Addition.txt

Everything search engine results:

C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.136.0_x64__8wekyb3d8bbwe\YourPhoneServer\Microsoft.AspNetCore.SignalR.Client.Core.dll
C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.136.0_x64__8wekyb3d8bbwe\YourPhoneServer\Microsoft.AspNetCore.SignalR.Client.dll
C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.136.0_x64__8wekyb3d8bbwe\YourPhoneServer\Microsoft.AspNetCore.SignalR.Common.dll
C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.136.0_x64__8wekyb3d8bbwe\YourPhoneServer\Microsoft.AspNetCore.SignalR.Protocols.Json.dll
C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.136.0_x64__8wekyb3d8bbwe\YourPhoneServer\Microsoft.AspNetCore.SignalR.Protocols.MessagePack.dll
C:\Gradle\docs\dsl\org.gradle.plugins.signing.Sign.html
C:\Users\night\.gradle\wrapper\dists\gradle-5.4.1-all\3221gyojl5jsh0helicew7rwx\gradle-5.4.1\docs\dsl\org.gradle.plugins.signing.Sign.html
C:\Gradle\docs\dsl\org.gradle.plugins.signing.SigningExtension.html
C:\Users\night\.gradle\wrapper\dists\gradle-5.4.1-all\3221gyojl5jsh0helicew7rwx\gradle-5.4.1\docs\dsl\org.gradle.plugins.signing.SigningExtension.html
C:\Gradle\src\signing\META-INF\gradle-plugins\org.gradle.signing.properties
C:\Users\night\.gradle\wrapper\dists\gradle-5.4.1-all\3221gyojl5jsh0helicew7rwx\gradle-5.4.1\src\signing\META-INF\gradle-plugins\org.gradle.signing.properties
D:\Steam\steam.signatures
C:\Windows\System32\Windows.Internal.Signals.dll
C:\Windows\WinSxS\amd64_microsoft-windows-signalmanager_31bf3856ad364e35_10.0.22000.1_none_3559580e92087d6d\Windows.Internal.Signals.dll

Thank you

I was unable to attach Addition.txt, I will upload it as zip

 

[Malnutrition]

I’ll have a look at these when I get home from work. Expect a reply around 7 pm eastern time.

If you can rerun the everything search with this

*.sign

 

[Malnutrition]

FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Malnutrition]

Post new FRST and addition.txt logs and let me know how the machine is performing.

 

[Avy]

FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Hello, thanks for the reply.

I have attached fixlog and the new frst and addition flies.

In the everything search however, *.sign yielded no results.

The PC is performing well. My main concern was the strange error that shows up once a day. I will post it here if it happens again.

 

[Malnutrition]

Adware Cleaner

• Download AdwCleaner and save it to your Desktop
• Right-click on AdwCleaner.exeand select
  
  
  
  
  
  
  Run as Administrator
• Accept the EULA (I accept), then click on Scan Now
• Let the scan complete
• Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button
• Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.
• Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
• Close all other open windows and allow it to restart
• After the restart, Notepad will open with the AdwCleaner cleaning log
• Please Attach the contents of that log into your next reply to me

---

Make sure and disable your antivirus/defender prior to the scan.

• Download ESET Online Scanner from here and save it to your Desktop.
• Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
• Click Get started.
• In the Terms of use screen, click Accept if you agree to the Terms of use.
• Click Get started in the welcome screen.
• Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
• Click Computer scan, in the Welcome back screen.
• Choose Full scan on the next screen.
• Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
• When the scan is finished click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
• ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.Click Continue
• You will now be offered a trial version of ESET Internet Security.Click continue
• On the next screen, you can leave feedback about the program if you wish.
• Select Delete application's data on closing, if you are short of disk space or do not wish to retain the program for future use.
• If you left feedback, click Submit and continue. If not, Close without feedback.
• Copy and paste the contents of the ESETScan.txt file in your next reply.

 

[Avy]

Adware Cleaner

• Download AdwCleaner and save it to your Desktop
• Right-click on AdwCleaner.exeand select
  
  
  
  
  
  
  Run as Administrator
• Accept the EULA (I accept), then click on Scan Now
• Let the scan complete
• Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button
• Subsequently you may be asked to Run Basic Repair. This is optional. I would suggest holding off on this for now.
• Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
• Close all other open windows and allow it to restart
• After the restart, Notepad will open with the AdwCleaner cleaning log
• Please Attach the contents of that log into your next reply to me

---

Make sure and disable your antivirus/defender prior to the scan.

• Download ESET Online Scanner from here and save it to your Desktop.
• Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
• Click Get started.
• In the Terms of use screen, click Accept if you agree to the Terms of use.
• Click Get started in the welcome screen.
• Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
• Click Computer scan, in the Welcome back screen.
• Choose Full scan on the next screen.
• Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
• When the scan is finished click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
• ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.Click Continue
• You will now be offered a trial version of ESET Internet Security.Click continue
• On the next screen, you can leave feedback about the program if you wish.
• Select Delete application's data on closing, if you are short of disk space or do not wish to retain the program for future use.
• If you left feedback, click Submit and continue. If not, Close without feedback.
• Copy and paste the contents of the ESETScan.txt file in your next reply.

Greetings, I have attached the log files.

Thank you

 

[Malnutrition]

How is the machine now? Same error occur?

 

[Avy]

How is the machine now? Same error occur?

Hello, I will keep a close eye on my PC today. The error used to occur once per day. I will tell you if it does or does not today.

Thank you!

 

[Malnutrition]

Alright.

Security Check Scan.

• Download Security Check to your desktop.
• Right click it run as administrator.
• When the program completes, the tool will automatically open a log file.
• Please Copy and paste that log here in your next post

 

[Avy]

Hey! I was not able to run Security Check on my PC, but the error that used to show up daily has stopped! It was a strange error, popping up once a day, but not anymore now!

Thank you for helping me out with this, Malnutrition!

 

[Malnutrition]

To update older programs, use patchmypc home edition.

To clean up the tools we used.

Download KpRM
Save to Desktop
Check Delete Tools'
Delete Restore points
Create Restore point.
Then click run.
I'll Mark this as solved for you.