• Announcements

    • AdvancedSetup

      Support Alert - Hurricane Irma   09/08/2017

      Due to weather in the South East United States response times may be delayed. We appreciate your patience and understanding.  

Aura

Experts
  • Content count

    8,508
  • Joined

  • Last visited

  • Days Won

    14

About Aura

Profile Information

  • Location
    Québec, Canada
  • Interests
    Technical Support, Malware Removal & Analysis, InfoSec

Recent Profile Visitors

10,965 profile views
  1. Right-click on the CCleaner64.exe, select Properties and go to the Details tab. Then take a screenshot of it and attach it here.
  2. Are you able to fully uninstall CCleaner, and then check if the C:\Program Files\CCleaner folder still exists after?
  3. Hi maxwell My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan. https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after.
  4. More Coin-Hive

    Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!
  5. Hi mit24753, Are you still with me?
  6. What Malwarebytes detected was the malicious installer (ccsetup533.exe). Did you have that version of CCleaner (v5.33) installed on your system?
  7. Can you run a new scan with FRST and provide me both logs again (FRST.txt and Addition.txt)? Your FRST.txt log is incomplete. Can you attach the latest Malwarebytes log you have, even though nothing was detected in it?
  8. Sure, feel free to do so SmartService can be easily removed once in the RE, but your situation with BitLocker is what prevented us from going any further.
  9. Do you have another computer on which you could create the installation media? It might be easier that way.
  10. Exactly. There has been a lot of miscommunication/misinformation about the CCleaner incident. Some medias were reporting false information and giving wrong instructions. Personally, if you had CCleaner on Windows 64-bit, and the Agomo key was never created in your Registry, you shouldn't have to do anything. Simply update to the latest CCleaner version (or drop it altogether) and move on.
  11. In the same window where you enabled the "Hidden" files, simply uncheck "Hide protected operating system files (recommended)".
  12. Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!
  13. No problem Jess44, you're welcome Stay safe!
  14. Well it looks clear. How's your system behaving now? Are there any other issues to address?
  15. Did you also enable the "System" files, in addition to the hidden ones?