MKDB

Hi @patchqz, do you still need help? If so, please follow my instructions and post the logfiles. Thank you.

@tsuki123 Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall and remove all programs and all other products/folders/files for which you do not have a valid Product Key, including all "cracked" software. As already said in my first post: Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kind of illegal software on your system, please uninstall them now, before we start the cleaning procedure. More information here: Thanks for your understanding!

Hello @tsuki123 and My name is MKDB and I will assist you. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure. Please give me some time to review what you have posted! Thank you!

@GustPie Thanks for the updated logfiles. Enjoy your vacation! Indeed, your logfiles still show some malware leftovers. Once you are back, I suggest to remove them with the following FRST fix. Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\User\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code. Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. fixlist.txt

@GustPie Thanks for the logfiles. Unfortunately, the file FRST.txt is incomplete. Reboot your system, then run another scan with FRST and attach both logfiles again.

@GustPie Usually, private information don't get lost during malware removal process, but in a few cases the removal process can get tricky.... it's just a safety reason. I would backup all important private data, but in the end it's up to you.

Hello @patchqz and My name is MKDB and I will assist you. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure. First, let's run these three scans to get some information. 1️⃣ 2️⃣ 3️⃣

Hello @GustPie and My name is MKDB and I will assist you. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure. Please run a scan with Farbar Recovery Scan Tool (FRST) by following the instrctions below: Thank you!

😃 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection. Thank you. As this topic seems to be solved, I do not follow it any longer. Take care!

@Arleer157 Thanks for the feedback and the logfile. Nice image... thanks a lot! Someone read my interests... 😄 👌 You should update some programs (if your still need them) or uninstall them (if you don't need them anymore) or otherwise address these: The elevation prompt for administrators disabled ^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^ Notepad++ (32-bit x86) v.8.4.9 Warning! Download Update Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 v.14.38.33135.0 Warning! Download Update Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 v.14.38.33135.0 Warning! Download Update WinRAR 6.20 (64-bit) v.6.20.0 Warning! Download Update GIMP 2.10.32 v.2.10.32 Warning! Download Update paint.net v.5.0.9 Warning! Download Update Discord v.1.0.9144 Warning! Download Update Windscribe v.2.5.18 Warning! Download Update Vuze v.5.7.7.0 Warning! Ad-supported P2P-client. Audacity 3.2.4 v.3.2.4 Warning! Download Update VLC media player v.3.0.18 Warning! Download Update CCleaner v.6.27 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program. Thank you for your cooperation. You can use KpRm to remove FRST and other tools. Please download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt. I do not need it. Just close Notepad if it shows up. A few final recommendations can be found here: Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes.

@Arleer157 No such incredible malware on your system...🤣 but now let's remove the miner with Farbar Recovery Scan Tool (FRST). The fix will take some minutes once started, please be very patient and do not interfere. Please download the attached fixlist.txt file and save it to your download folder, which is C:\Users\Jett\Downloads\ in your case. You will find the file FRSTEnglish.exe (FRST) as well in this folder. Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST. Press the Fix button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code. Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. fixlist.txt

@Arleer157 My fault... forget my last post. 😅

Thanks for your feedback @Arleer157. I'm currently preparing a fix for you. (Chrome related part removed)

Hello @Arleer157 and My name is MKDB and I will assist you. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure. Indeed, your system is infected with a miner. Please give me some time to review all your logfiles. Thank you!

@Xeno1234 The FRST logfiles do currently not show any kind of infection. Let's run Dr.Web as a second opinion, please. Please download the Dr.Web CureIt! anti-virus utility https://free.drweb.com/ You will need to send them an email to obtain a link to download the scanner, please do so The downloaded file will normally have a unique name such as: q7a9tr4p.exe Close all open applications and locate the downloaded file and double-click to run it The program will take a moment to launch and bring up the License and Update screen Place a check mark to agree to the terms and then click on the Continue button Click the underlined link Select objects for scanning On the top left click the Scanning objects that should automatically check all objects Click the small wrench and make sure there is a check on Automatically apply actions to threats Then click the large button on bottom right Start scanning Once the scan has completed there will be a link named Open report click that and a log named cureit.log should open in Notepad The log is saved in the folder named Doctor Web in the top of your user profile folders Please attach that log on your next reply.

@Yulduz Thanks again! No problem with russian here... I do use translators if needed. You should update some programs (if your still need them) or uninstall them (if you don't need them anymore) or otherwise address these: AVG AntiVirus Free v.24.7.9311.1966 Внимание! Скачать обновления Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31931 v.14.34.31931.0 Внимание! Скачать обновления Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 v.14.34.31931.0 Внимание! Скачать обновления Discord v.1.0.9006 Внимание! Скачать обновления Viber v.17.7.0.0 Внимание! Скачать обновления µTorrent v.3.6.0.47134 Внимание! Клиент сети P2P с рекламным модулем!. Java 8 Update 51 (64-bit) v.8.0.510 Внимание! Скачать обновления ^Удалите старую версию и установите новую (jre-8u421-windows-x64.exe - Windows Offline (64-bit))^ McAfee Security Scan Plus v.4.0.135.1 Внимание! Приложение распространяется в рамках партнерских программ и сборников-бандлов. Рекомендуется деинсталляция. Возможно Вы стали жертвой обмана или социальной инженерии. Thank you for your cooperation. You can use KpRm to remove FRST and other tools. Please download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt. I do not need it. Just close Notepad if it shows up. A few final recommendations can be found here: Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes.

@Yulduz Thanks for your detailed feedback and the logfiles. We will run another fix with FRST to remove the last leftovers (Step 1). This fix will also check windows system files. It may take some minutes. As you have already deleted the folders of the games, nothing to do here anymore regarding the folders. We will remove another regkey from another game so that it won't be listed under Settings > Apps anylonger. Moreover, I would like you to run SecurityCheck as well (Step 2). 1️⃣ Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\79224\Desktop\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code. Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. 2️⃣ Follow these instructions for running SecurityCheck: fixlist.txt

@Xeno1234 Let's run the following cleanup script with FRST. This may take some time, please be very patient. Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\vanar\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code. Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. fixlist.txt

@sodafiz Nothing to worry in your logfiles. Let's run the following cleanup script with FRST. This may take some time, please be very patient. Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\flowe\Downloads\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code. Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. fixlist.txt

Hello @Xeno1234 and My name is MKDB and I will assist you. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure. Please attach the requested logfiles for a first analysis and we will be happy to help you. Thank you!

@Yulduz Good job, thanks for the logfile. We were able to remove a lot of unwanted objects. First, regarding those games that you want to remove... try to run the following uninstallers: If that does work due to an error message, you can manually remove these three folders instead: C:\Program Files (x86)\Age of Empires II Definitive Edition C:\Program Files (x86)\Call of Duty World at War C:\Program Files (x86)\Grand Theft Auto San Andreas After that is done, reboot your system. Let me know how things are going on your machine regarding TorrentPro and other unwanted software... what is left and needs to be done from your point of view? Second, I would like you to run a fresh FRST scan to check the results from our first FRST fix. We need to run another fix. Run FRST again. Do not change any settings. Press the Scan button. FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run. Please attach these logfiles to your next reply.

@Yulduz It's almost midnight here in Germany, I'll be back tomorrow... time to go sleeping. We will continue our work once I have the fixlog from FRST. Take care.

@Yulduz I've noticed some malicious browser extensions as well... what a nasty crap. We will take care of these as well. We will run a first fix with FRST. Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\79224\Desktop\ ). Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Close all open programs and save your work. Run FRST again. Press the FIX button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about. Please note: This Fix will remove all temporary files, empty recycle bin and will remove cookies and may result in some websites indicating they do not recognize your computer. It may be necessary to receive and apply a verification code. Please note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program, agree to the request. If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart. FRST will create one log now (Fixlog.txt) in the same directory the tool is run. Please attach this logfile to your next reply. fixlist.txt

@Yulduz Well done. Based on the new logfiles I will create a fix for you.

@Yulduz Thanks for the update. Please read through all of my instructios and uninstall all of these crappy software. If you are not able to uninstall one of them, just let me know. Reboot your system anyway in the end and run a fresh scan with FRST.