-
Posts
780 -
Joined
Reputation
0 NeutralProfile Information
-
Location
Davy Jones's Locker
Recent Profile Visitors
7,974 profile views
-
UNREMOVABLE MALWARE: ZhuDongFangYu.exe
Valinorum replied to MrNoob's topic in Resolved Malware Removal Logs
Please, post the fixlog.txt so that I can be sure that it has been removed completely. Yes, it was a malware.- 21 replies
-
- 360.cn
- zhudongfangyu.exe 360主动防御服务模块
- (and 2 more)
-
UNREMOVABLE MALWARE: ZhuDongFangYu.exe
Valinorum replied to MrNoob's topic in Resolved Malware Removal Logs
The fix did not remove the infected key that is auto starting the 360 antiviruse. Please, run the same fix but from Safe Mode.- 21 replies
-
- 360.cn
- zhudongfangyu.exe 360主动防御服务模块
- (and 2 more)
-
If it was modified by a malicious program, removing the malicious program would have solved the issue. Since there is no sign of a malicious program in your system, no need to worry about it. Like I said, this key is modified by both legitimate and malicious program. The tool does not know which program modified the key. If it sees a modification, it lists it.
- 26 replies
-
Is the drive.bat file located in your USB drive? If so, you can delete it. USB vaccine disables autorun feature ergo the malware cannot spread automatically. If the data inside the USB drive is not important, I would counsel you to format it. Right-click on the USB drive and choose Format > Quick Format > OK .
-
Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean / working computer. Insert your USB flash drive into the clean / working computer Double-click on USBVaccineSetup.exe to install the program Select your language, read and accept the agreement to continue Choose if you would like the program to run at all times, and for all newly inserted USB drives Click Next then Finish to complete the installation, the program will launch Select your USB drive from the list, then click Vaccinate USB note: optionally you can click Vaccinate computer as well, this disables removable items from automatically running on the system entirely A message should appear that your USB drive was vaccinated. If not please report the error in your next post
-
UNREMOVABLE MALWARE: ZhuDongFangYu.exe
Valinorum replied to MrNoob's topic in Resolved Malware Removal Logs
Please, re-read my previous post. I did not ask for a new FRST scan log. You are to make the fix script and use FRST to remove the items I have listed.- 21 replies
-
- 360.cn
- zhudongfangyu.exe 360主动防御服务模块
- (and 2 more)
-
You are welcome.
-
UNREMOVABLE MALWARE: ZhuDongFangYu.exe
Valinorum replied to MrNoob's topic in Resolved Malware Removal Logs
Do you have both avast! and Bitdefender install in your PC? If yes, remove one of them as multiple antivirus is not a good way to go. Step # Fix with FRST Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop. Open Notepad.exe. Do not use any other text editor software; Copy and Paste the contents inside the code-box to your Notepad -- Start CreateRestorePoint: CloseProcesses: EmptyTemp: File: C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe C:\Program Files (x86)\360 HKLM-x32\...\Run: [360Safetray] => C:\Program Files (x86)\360\360Safe\safemon\360tray.exe [398432 2017-09-11] (360.cn) HKU\S-1-5-21-1452771428-3960916396-1839773260-1001\...\Run: [uTorrent] => C:\Users\bgeez\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-20] (BitTorrent Inc.) HKU\S-1-5-21-1452771428-3960916396-1839773260-1001\...\MountPoints2: {aeab3d91-50b8-11e6-9c0f-3052cb1466e4} - "D:\WD Drive Unlock.exe" autoplay=true Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-07-30] ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://hao.360.cn/?installer HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://hao.360.cn/?installer HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1452771428-3960916396-1839773260-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://hao.360.cn/?installer BHO: YoukuEyeOnIE64 Class -> {509DC5B8-F673-4102-B86E-5BF20BF4EE54} -> C:\Program Files (x86)\YouKu\YoukuClient\cmc_plugins\X64\ykcool64.dll => No File FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360Safe\Utils\npaxlogin.dll [2014-04-22] (360.cn) FF Plugin HKU\S-1-5-21-1452771428-3960916396-1839773260-1001: @360.cn/360SoftMgrPlugin -> C:\Program Files (x86)\360\360Safe\SoftMgr\np360SoftMgr.dll [2017-07-12] (360.cn) R1 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [183984 2017-06-27] (360.cn) R1 360AntiHijack; C:\WINDOWS\System32\Drivers\360AntiHijack64.sys [41464 2017-05-04] (360.cn) R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [339456 2016-06-30] (360.cn) R1 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [57848 2016-11-24] (360.cn) R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [437424 2017-09-11] (360.cn) R1 360Hvm; C:\WINDOWS\System32\Drivers\360Hvm64.sys [293544 2017-06-29] (360????) R1 360netmon; C:\WINDOWS\System32\DRIVERS\360netmon.sys [90112 2016-06-16] (360.cn) R1 360qpesv; C:\WINDOWS\System32\DRIVERS\360qpesv64.sys [300720 2017-09-14] (360.cn) R3 360Sensor; C:\WINDOWS\system32\drivers\360Sensor64.sys [34960 2017-06-14] (360.cn) R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [202928 2017-09-11] (360.cn) R0 DsArk; C:\WINDOWS\System32\drivers\DsArk64.sys [183800 2017-03-28] (360.cn) ContextMenuHandlers1: [SoftMgrExt] -> {5E19C0CE-C02C-46c2-98C3-A2E12EDE0E17} => C:\Program Files (x86)\360\360Safe\SoftMgr\SoftMgrExt64.dll [2017-04-12] (360.cn) ContextMenuHandlers5: [SoftMgrExt] -> {5E19C0CE-C02C-46c2-98C3-A2E12EDE0E17} => C:\Program Files (x86)\360\360Safe\SoftMgr\SoftMgrExt64.dll [2017-04-12] (360.cn) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Shortcut: C:\Users\bgeez\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm AlternateDataStreams: C:\Users\bgeez\Downloads\expressvpn_6.1.0.1700.exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\RevoUninProSetup (1).exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\RevoUninProSetup.exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\vlc-2.2.4-win32(1).exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\vlc-2.2.4-win32.exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\vlc-2.2.4-win64.exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\Windows-KB890830-x64-V5.46.exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\youkuclient_setup_ywebplayerbottom_7.2.8.9010.exe:BDU [0] CMD: ipconfig /flushdns CMD: bitsadmin /reset /allusers CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state on End Click on File > Save as... Inside the File Name box type fixlist.txt; From the Save as type drop down list, choose All Files Save the file to your Desktop; Re-run FRST.exe and click Fix; Note: If FRST advises there is a new updated version to be downloaded, do so/allow this. After the completion, a log will be produced; Copy and Paste the contents of the log in your next reply.- 21 replies
-
- 360.cn
- zhudongfangyu.exe 360主动防御服务模块
- (and 2 more)
-
Sounds good. If everything is okay, I will mark this as resolved.
-
I am inclined to believe that it is an FP. The key can be modified by both malicious and legitimate program. Since AdwCleaner cannot determine which program modified the key, it is showing it on its log.
- 26 replies
-
Malware/adware not being removed
Valinorum replied to Trumpet's topic in Resolved Malware Removal Logs
You are welcome. Safe surfing. -
I meant follow the instructions from that thread and attach the logs here.
-
Can you also attach the Addition.txt lag it produced?