Jump to content


  • Posts

  • Joined

Everything posted by Valinorum

  1. The fix did not remove the infected key that is auto starting the 360 antiviruse. Please, run the same fix but from Safe Mode.
  2. If it was modified by a malicious program, removing the malicious program would have solved the issue. Since there is no sign of a malicious program in your system, no need to worry about it. Like I said, this key is modified by both legitimate and malicious program. The tool does not know which program modified the key. If it sees a modification, it lists it.
  3. Is the drive.bat file located in your USB drive? If so, you can delete it. USB vaccine disables autorun feature ergo the malware cannot spread automatically. If the data inside the USB drive is not important, I would counsel you to format it. Right-click on the USB drive and choose Format > Quick Format > OK .
  4. Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean / working computer. Insert your USB flash drive into the clean / working computer Double-click on USBVaccineSetup.exe to install the program Select your language, read and accept the agreement to continue Choose if you would like the program to run at all times, and for all newly inserted USB drives Click Next then Finish to complete the installation, the program will launch Select your USB drive from the list, then click Vaccinate USB note: optionally you can click Vaccinate computer as well, this disables removable items from automatically running on the system entirely A message should appear that your USB drive was vaccinated. If not please report the error in your next post
  5. Please, re-read my previous post. I did not ask for a new FRST scan log. You are to make the fix script and use FRST to remove the items I have listed.
  6. Do you have both avast! and Bitdefender install in your PC? If yes, remove one of them as multiple antivirus is not a good way to go. Step # Fix with FRST Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop. Open Notepad.exe. Do not use any other text editor software; Copy and Paste the contents inside the code-box to your Notepad -- Start CreateRestorePoint: CloseProcesses: EmptyTemp: File: C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe C:\Program Files (x86)\360 HKLM-x32\...\Run: [360Safetray] => C:\Program Files (x86)\360\360Safe\safemon\360tray.exe [398432 2017-09-11] (360.cn) HKU\S-1-5-21-1452771428-3960916396-1839773260-1001\...\Run: [uTorrent] => C:\Users\bgeez\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-20] (BitTorrent Inc.) HKU\S-1-5-21-1452771428-3960916396-1839773260-1001\...\MountPoints2: {aeab3d91-50b8-11e6-9c0f-3052cb1466e4} - "D:\WD Drive Unlock.exe" autoplay=true Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-07-30] ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://hao.360.cn/?installer HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://hao.360.cn/?installer HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1452771428-3960916396-1839773260-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://hao.360.cn/?installer BHO: YoukuEyeOnIE64 Class -> {509DC5B8-F673-4102-B86E-5BF20BF4EE54} -> C:\Program Files (x86)\YouKu\YoukuClient\cmc_plugins\X64\ykcool64.dll => No File FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360Safe\Utils\npaxlogin.dll [2014-04-22] (360.cn) FF Plugin HKU\S-1-5-21-1452771428-3960916396-1839773260-1001: @360.cn/360SoftMgrPlugin -> C:\Program Files (x86)\360\360Safe\SoftMgr\np360SoftMgr.dll [2017-07-12] (360.cn) R1 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [183984 2017-06-27] (360.cn) R1 360AntiHijack; C:\WINDOWS\System32\Drivers\360AntiHijack64.sys [41464 2017-05-04] (360.cn) R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [339456 2016-06-30] (360.cn) R1 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [57848 2016-11-24] (360.cn) R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [437424 2017-09-11] (360.cn) R1 360Hvm; C:\WINDOWS\System32\Drivers\360Hvm64.sys [293544 2017-06-29] (360????) R1 360netmon; C:\WINDOWS\System32\DRIVERS\360netmon.sys [90112 2016-06-16] (360.cn) R1 360qpesv; C:\WINDOWS\System32\DRIVERS\360qpesv64.sys [300720 2017-09-14] (360.cn) R3 360Sensor; C:\WINDOWS\system32\drivers\360Sensor64.sys [34960 2017-06-14] (360.cn) R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [202928 2017-09-11] (360.cn) R0 DsArk; C:\WINDOWS\System32\drivers\DsArk64.sys [183800 2017-03-28] (360.cn) ContextMenuHandlers1: [SoftMgrExt] -> {5E19C0CE-C02C-46c2-98C3-A2E12EDE0E17} => C:\Program Files (x86)\360\360Safe\SoftMgr\SoftMgrExt64.dll [2017-04-12] (360.cn) ContextMenuHandlers5: [SoftMgrExt] -> {5E19C0CE-C02C-46c2-98C3-A2E12EDE0E17} => C:\Program Files (x86)\360\360Safe\SoftMgr\SoftMgrExt64.dll [2017-04-12] (360.cn) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Shortcut: C:\Users\bgeez\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm AlternateDataStreams: C:\Users\bgeez\Downloads\expressvpn_6.1.0.1700.exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\RevoUninProSetup (1).exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\RevoUninProSetup.exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\vlc-2.2.4-win32(1).exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\vlc-2.2.4-win32.exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\vlc-2.2.4-win64.exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\Windows-KB890830-x64-V5.46.exe:BDU [0] AlternateDataStreams: C:\Users\bgeez\Downloads\youkuclient_setup_ywebplayerbottom_7.2.8.9010.exe:BDU [0] CMD: ipconfig /flushdns CMD: bitsadmin /reset /allusers CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state on End Click on File > Save as... Inside the File Name box type fixlist.txt; From the Save as type drop down list, choose All Files Save the file to your Desktop; Re-run FRST.exe and click Fix; Note: If FRST advises there is a new updated version to be downloaded, do so/allow this. After the completion, a log will be produced; Copy and Paste the contents of the log in your next reply.
  7. Sounds good. If everything is okay, I will mark this as resolved.
  8. I am inclined to believe that it is an FP. The key can be modified by both malicious and legitimate program. Since AdwCleaner cannot determine which program modified the key, it is showing it on its log.
  9. I meant follow the instructions from that thread and attach the logs here.
  10. Can you also attach the Addition.txt lag it produced?
  11. Looks okay. Are you still facing the initial issue?
  12. Almost all cookies track some browsing behaviors and unless they are being collected by malicious wares, it is fine.
  13. Looks awesome. Extensions are third-party apps which can change their behavior based on their developers.
  14. Step # Run Malwarebytes' Anti-Rootkit Please download Malwarebytes Anti-Rootkit from here and extract the content to your Desktop. Update the program if asked. In the Scan System option check all the boxes and click on Scan. Click on Cleanup button after the scan and wait patiently. Reboot the computer if asked. After the clean-up process; locate two logs in the mbar folder namely-- mbar-log-scan-date.txt; and system-log.txt Copy and paste the contents of the log in your next reply.
  15. For some reason, the forum software did not link my the url. I am pasting it again. https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
  16. Please, provide me a fresh set of FRST scan logs.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.