Jump to content

cornbread342

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by cornbread342

  1. Maurice, I cannot express how much I am thankful for your help, thank you! At the moment, everything seems great, and I cannot see any clear effects of the virus, although the NativeDesktopMediaService is still in my programs list for some reason. I will work towards trying to update Windows, as it still does not work for me.
  2. Hello Maurice, Sorry for taking so long. Here is the report: roguekillerreport.txt
  3. Huh, that's weird. It says that there are 0 threats, just like the previous logs. NativeDesktopMediaService is still on my computer however, and on certain websites it still creates popups. It is not as bad as before though, as I have just seen a popup on a website for the first time in a while today. I can't find it running in the processes and the folder of this is nowhere to be seen. I am still trying to make the updates work.
  4. Thanks, I have updated my post following the Sysnative instructions. Here are the log reports: Fixlog.txt Rkill.txt
  5. Hello Maurice, sorry for the absence. I will work on the instructions tomorrow, I didn't have the chance to today. P.S. This is the forum I had started on the update issue, there's probably no use for you but just an update on what I have been doing. https://www.sysnative.com/forums/threads/windows-update-error-0x80070006.30522/
  6. For the error from the windows update history, I found the "View Update History" screen completely blank. I tried getting the error with systeminfo in command prompt and Powershell, but next to the line Hotfix(s), it says N/A. I am currently trying to find the folder that the virus I suspected is located in.
  7. By the way, one potential virus I have currently is this one, if it's any help:
  8. Hello Maurice, sorry for forgetting to introduce myself, I completely missed the first part of your first message. My name is Max, and thank you so much for helping me thus far.
  9. Hello, when I went to update it gave me this error: There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070424) I have looked to find workarounds and I believe it's simply because I do not have the Windows update service.
  10. Hello, I did get the Fixlog attached below, but was unable to do the Windows Defender Offline Scan. I tried running it in various ways in and out of administrator mode, but I would click on it and nothing would happen. I have tried clean booting, manually doing the offline scan, etc. but nothing would work. Windows Defender now works though. I suspect that the malware is preventing this, is there anyway to bypass this, what should I do? Thank you! Fixlog.txt
  11. Malwarebytes Anti-Rootkit BETA 1.10.3.1001 www.malwarebytes.org Database version: main: v2020.01.29.09 rootkit: v2020.01.29.09 Windows 10 x64 NTFS Internet Explorer 11.1069.17134.0 Leo :: ITSME [administrator] 1/29/2020 7:00:54 PM mbar-log-2020-01-29 (19-00-54).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 285983 Time elapsed: 1 hour(s), 2 minute(s), 52 second(s) Memory Processes Detected: 13 C:\ProgramData\Logic Cramble\set.exe (Adware.Linkury) -> 2860 -> Delete on reboot. [1a5367e1d3033105d2439270798bb947] C:\ProgramData\CloudPrinter\CloudPrinter.exe (Adware.Linkury) -> 2592 -> Delete on reboot. [6b02440433a3f4428b650f5f9f63ec14] C:\Program Files (x86)\Materialistic\moneys.exe (Adware.DotDo.Generic) -> 4788 -> Delete on reboot. [beaf8fb96274b77f570aafac23df6799] C:\Program Files (x86)\Materialistic\moneys.exe (Adware.DotDo.Generic) -> 6176 -> Delete on reboot. [beaf8fb96274b77f570aafac23df6799] C:\Program Files (x86)\mushy\pathologist.exe (Adware.DotDo.Generic) -> 10032 -> Delete on reboot. [74f9242466700630124e4e96f011ac54] C:\Program Files (x86)\Dawson\Agricultural.exe (Adware.DotDo.Generic.TskLnk) -> 9476 -> Delete on reboot. [99d4ce7afdd96dc912b4d0b5b74b3bc5] C:\Program Files (x86)\Dawson\Sse.exe (Adware.DotDo.Generic.TskLnk) -> 8768 -> Delete on reboot. [ff6ee167d60051e5edb9f68f3ec41ae6] C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 10296 -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 7136 -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 6720 -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 6232 -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 10492 -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> 2416 -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] Memory Modules Detected: 2 C:\Users\Leo\AppData\Local\ckapes.dll (Trojan.ProxyAgent) -> Delete on reboot. [1c515deb7f57fe38619e36e4709450b0] C:\ProgramData\Logic Cramble\X86\SQLite.Interop.dll (Adware.Linkury) -> Delete on reboot. [363792b618be11253dca4ac244bc5ea2] Registry Keys Detected: 29 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\backlh (Adware.Linkury) -> Delete on reboot. [1a5367e1d3033105d2439270798bb947] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pgt_svc (RiskWare.ProxyGate) -> Delete on reboot. [1c51192fbb1bee484a94b1e024dd26da] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDefender (Trojan.Crypt.GO) -> Delete on reboot. [46273018af27b3831361e96b22e2ee12] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE (Adware.DotDo.Generic) -> Delete on reboot. [90dd89bfbc1a80b68ad8c81d7a87a759] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE (Adware.DotDo.Generic) -> Delete on reboot. [90dd89bfbc1a80b68ad8c81d7a87a759] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Quoteex.exe (Adware.Linkury) -> Delete on reboot. [71fcf55334a201352d8799275ca420e0] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2EEE6EC7-3356-479A-A10E-785CDD71DEE1} (Adware.OnlineIO) -> Delete on reboot. [b6b767e1389e66d0ecf300c678889b65] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3FE9E01A-CD1F-4A95-9363-612A378EC564} (Adware.OnlineIO) -> Delete on reboot. [a7c6d57375619f97ba25f7cf837de719] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{78874A70-ABA7-4FB6-9835-7B7F55914E7C} (Adware.OnlineIO) -> Delete on reboot. [7cf1b692d7ff80b61ec1a91dc83813ed] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8651E06E-E58B-48B6-9FC3-6B7500418AB8} (Adware.OnlineIO) -> Delete on reboot. [d79610381bbb2412449b735377894fb1] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B75F8E72-253D-472D-AA34-D5A63177D787} (Adware.OnlineIO) -> Delete on reboot. [90dd4305fdd984b2ad324d790000a65a] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BEC76829-95C8-4222-8D59-4E5F1EC57545} (Trojan.Glupteba.E) -> Delete on reboot. [0f5e6ade07cfc076d1a5be06669aca36] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F0EA4495-CB67-4F55-8727-ED213A255634} (Adware.OnlineIO) -> Delete on reboot. [1c51bb8dab2b092d5689d9ed817f0ff1] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\csrss (Trojan.Glupteba.E) -> Delete on reboot. [18553414ac2aa6900ea27556fd035ca4] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G1 (Adware.OnlineIO) -> Delete on reboot. [6c0137115e7843f3bd7d527ca65ab749] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G2 (Adware.OnlineIO) -> Delete on reboot. [1558192fc511b185e6540dc109f7d12f] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G3 (Adware.OnlineIO) -> Delete on reboot. [e98477d118be41f588b2517d748c659b] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G4 (Adware.OnlineIO) -> Delete on reboot. [1e4f1434498dce68102addf130d0dd23] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G5 (Adware.OnlineIO) -> Delete on reboot. [76f7ce7a71650c2ae159b11d3fc1a45c] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application V2G6 (Adware.OnlineIO) -> Delete on reboot. [14596edad8fe6ec884b6a32bd12f6997] HKLM\SOFTWARE\WOW6432NODE\Microleaves (Adware.OnlineIO) -> Delete on reboot. [620bbb8d686e072f46db59617f8115eb] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Quoteex.exe (Adware.Linkury) -> Delete on reboot. [c7a62721af2742f413a17050817f619f] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FastDataX_is1 (Adware.FastDataX.EncJob) -> Delete on reboot. [3f2e4bfd32a49d99f08305d052ae1ce4] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Winmon (Trojan.Glupteba.E) -> Delete on reboot. [77f6a2a6825472c4ee14b93305fbc43c] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinmonFS (Trojan.Glupteba.E) -> Delete on reboot. [17562c1ca92dc86e44bfb03ceb15f808] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinmonProcessMonitor (Trojan.Glupteba.E) -> Delete on reboot. [5c11cf79a2344de9ff058963d32d01ff] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\EpicNet Inc. (Trojan.Glupteba.E) -> Delete on reboot. [591472d6e2f463d3b28aa703ba468b75] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\FastDataX (Adware.FastDataX) -> Delete on reboot. [0667ed5b894d310521538f0e2fd14bb5] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\TESTAPP (Trojan.Glupteba.E) -> Delete on reboot. [07665cec785e39fdf919e7c6c13f3ac6] Registry Values Detected: 24 HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pathologist (Adware.DotDo.Generic) -> Data: "C:\Program Files (x86)\mushy\pathologist.exe" wvauwwvauwwvauwwvau.wvauawvauwwvaurwvau.wvaupwvauwwvau/wvauv2e0e2e0e0wvaul1l2v5vehtwvaum1glKejrnrwvauQK8PF9nOKbwvauv -> Delete on reboot. [74f9242466700630124e4e96f011ac54] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ckapes (Trojan.ProxyAgent) -> Data: rundll32.exe "C:\Users\Leo\AppData\Local\ckapes.dll",ckapes -> Delete on reboot. [1c515deb7f57fe38619e36e4709450b0] HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Door (Adware.DotDo.Generic.TskLnk) -> Data: "C:\Program Files (x86)\Dawson\Agricultural.exe" wvauwwvauwwvauwwvau.wvauawvauwwvaurwvau.wvaupwvauwwvau/wvauv2e0e2e0e0wvaul1l2v5vehtwvaum1glKejrnrwvauQK8PF9nOKbwvauv -> Delete on reboot. [99d4ce7afdd96dc912b4d0b5b74b3bc5] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Rhymed (Adware.DotDo.Generic.TskLnk) -> Data: "C:\Program Files (x86)\Dawson\Agricultural.exe" wvauwwvauwwvauwwvau.wvauawvauwwvaurwvau.wvaupwvauwwvau/wvauv2e0e2e0e0wvaul1l2v5vehtwvaum1glKejrnrwvauQK8PF9nOKbwvauv -> Delete on reboot. [99d4ce7afdd96dc912b4d0b5b74b3bc5] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Darius (Adware.DotDo.Generic.TskLnk) -> Data: "C:\Program Files (x86)\Dawson\Agricultural.exe" wvauwwvauwwvauwwvau.wvauawvauwwvaurwvau.wvaupwvauwwvau/wvauv2e0e2e0e0wvaul1l2v5vehtwvaum1glKejrnrwvauQK8PF9nOKbwvauv -> Delete on reboot. [99d4ce7afdd96dc912b4d0b5b74b3bc5] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Ravenously (Adware.DotDo.Generic.TskLnk) -> Data: "C:\Program Files (x86)\Dawson\Agricultural.exe" wvauwwvauwwvauwwvau.wvauawvauwwvaurwvau.wvaupwvauwwvau/wvauv2e0e2e0e0wvaul1l2v5vehtwvaum1glKejrnrwvauQK8PF9nOKbwvauv -> Delete on reboot. [99d4ce7afdd96dc912b4d0b5b74b3bc5] HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Swampscott (Adware.DotDo.Generic.TskLnk) -> Data: "C:\Program Files (x86)\Fis\Agricultural.exe" wvauwwvauwwvauwwvau.wvauawvauwwvaurwvau.wvaupwvauwwvau/wvauv2e0e2e0e0wvaul1l2v5vehtwvaum1glKejrnrwvauQK8PF9nOKbwvauv -> Delete on reboot. [224bfd4bf8de81b55076aadb29d9c23e] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Handcrafts (Adware.DotDo.Generic.TskLnk) -> Data: "C:\Program Files (x86)\Fis\Agricultural.exe" wvauwwvauwwvauwwvau.wvauawvauwwvaurwvau.wvaupwvauwwvau/wvauv2e0e2e0e0wvaul1l2v5vehtwvaum1glKejrnrwvauQK8PF9nOKbwvauv -> Delete on reboot. [224bfd4bf8de81b55076aadb29d9c23e] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Anzac (Adware.DotDo.Generic.TskLnk) -> Data: "C:\Program Files (x86)\Fis\Agricultural.exe" wvauwwvauwwvauwwvau.wvauawvauwwvaurwvau.wvaupwvauwwvau/wvauv2e0e2e0e0wvaul1l2v5vehtwvaum1glKejrnrwvauQK8PF9nOKbwvauv -> Delete on reboot. [224bfd4bf8de81b55076aadb29d9c23e] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Aphids (Adware.DotDo.Generic.TskLnk) -> Data: "C:\Program Files (x86)\Fis\Agricultural.exe" wvauwwvauwwvauwwvau.wvauawvauwwvaurwvau.wvaupwvauwwvau/wvauv2e0e2e0e0wvaul1l2v5vehtwvaum1glKejrnrwvauQK8PF9nOKbwvauv -> Delete on reboot. [224bfd4bf8de81b55076aadb29d9c23e] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|stakes (Adware.DotDo.Generic.TskLnk) -> Data: "C:\Program Files (x86)\Fis\Agricultural.exe" wvauwwvauwwvauwwvau.wvauawvauwwvaurwvau.wvaupwvauwwvau/wvauv2e0e2e0e0wvaul1l2v5vehtwvaum1glKejrnrwvauQK8PF9nOKbwvauv -> Delete on reboot. [224bfd4bf8de81b55076aadb29d9c23e] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IcyRiver (Trojan.MalPack.GS) -> Data: "C:\WINDOWS\rss\csrss.exe" -> Delete on reboot. [4b226edae7ef45f145a74934a95904fc] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CloudNet (Trojan.Glupteba) -> Data: "C:\Users\Leo\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -> Delete on reboot. [5c1170d81abc3ff72dd624a7da28cd33] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2EEE6EC7-3356-479A-A10E-785CDD71DEE1}|Path (Adware.OnlineIO) -> Data: \Online Application V2G4 -> Delete on reboot. [b6b767e1389e66d0ecf300c678889b65] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3FE9E01A-CD1F-4A95-9363-612A378EC564}|Path (Adware.OnlineIO) -> Data: \Online Application V2G2 -> Delete on reboot. [a7c6d57375619f97ba25f7cf837de719] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{78874A70-ABA7-4FB6-9835-7B7F55914E7C}|Path (Adware.OnlineIO) -> Data: \Online Application V2G1 -> Delete on reboot. [7cf1b692d7ff80b61ec1a91dc83813ed] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8651E06E-E58B-48B6-9FC3-6B7500418AB8}|Path (Adware.OnlineIO) -> Data: \Online Application V2G6 -> Delete on reboot. [d79610381bbb2412449b735377894fb1] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B75F8E72-253D-472D-AA34-D5A63177D787}|Path (Adware.OnlineIO) -> Data: \Online Application V2G3 -> Delete on reboot. [90dd4305fdd984b2ad324d790000a65a] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BEC76829-95C8-4222-8D59-4E5F1EC57545}|Path (Trojan.Glupteba.E) -> Data: \csrss -> Delete on reboot. [0f5e6ade07cfc076d1a5be06669aca36] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F0EA4495-CB67-4F55-8727-ED213A255634}|Path (Adware.OnlineIO) -> Data: \Online Application V2G5 -> Delete on reboot. [1c51bb8dab2b092d5689d9ed817f0ff1] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKLH|ImagePath (Adware.Linkury) -> Data: C:\ProgramData\Logic Cramble\set.exe -> Delete on reboot. [9fce95b30dc9b6802ca301e49e62a759] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{B72ED5D8-ADB0-4D1E-B574-D376D0E5ABAC} (Trojan.BitCoinMiner) -> Data: v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\rss\csrss.exe|Name=csrss| -> Delete on reboot. [8be2a2a635a1142255f6608ae11f728e] HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEFENDER|ImagePath (Trojan.Agent) -> Data: C:\Windows\windefender.exe -> Delete on reboot. [5a13e761b4227fb7985937b5a35ded13] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\TESTAPP|Defender (Trojan.Glupteba.E) -> Data: 1 -> Delete on reboot. [07665cec785e39fdf919e7c6c13f3ac6] Registry Data Items Detected: 3 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default (Adware.SonicSearch) -> Bad: (https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHDATLODqIyfWagpIapTqkKUkvAk6d0Lil9x2deCTbKpPeH_56PVQTUBDqSugVrF3ZX7pRUmQUk2top0lLFYBZrYv-tyz7u8fQ1hinWfzt62G-EMGMjseIjaoorwOBHGKGYWbgCTgWFeI_8A8-Jj_j3FlGwuqM&q={searchTerms}) Good: (www.google.com) -> Replace on reboot. [0964c4848c4af343e44f26e9887b7d83] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar (Adware.SonicSearch) -> Bad: (https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHDATLODqIyfWagpIapTqkKUkvAk6d0Lil9x2deCTbKpPeH_56PVQTUBDqSugVrF3ZX7pRUmQUk2top0lLFYBZrYv-tyz7u8fQ1hinWfzt62G-EMGMjseIjaoorwOBHGKGYWbgCTgWFeI_8A8-Jj_j3FlGwuqM&q={searchTerms}) Good: (www.google.com) -> Replace on reboot. [da930642b224b086584025e8d82b48b8] HKU\S-1-5-21-1008748535-89621049-631550477-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant (Adware.SonicSearch) -> Bad: (https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHDATLODqIyfWagpIapTqkKUkvAk6d0Lil9x2deCTbKpPeH_56PVQTUBDqSugVrF3ZX7pRUmQUk2top0lLFYBZrYv-tyz7u8fQ1hinWfzt62G-EMGMjseIjaoorwOBHGKGYWbgCTgWFeI_8A8-Jj_j3FlGwuqM&q={searchTerms}) Good: (www.google.com) -> Replace on reboot. [afbede6a597d0e28a8f197769a694fb1] Folders Detected: 13 c:\Users\Leo\AppData\Local\Temp\csrss (Trojan.Glupteba.E) -> Delete on reboot. [e984ea5e4f87191d6930513c3dc3e21e] C:\Users\Leo\AppData\Roaming\EpicNet Inc (Trojan.Glupteba.BITSRST) -> Delete on reboot. [70fdf1570ec8bf770683fd0dd12f58a8] C:\Users\Leo\AppData\Roaming\EpicNet Inc\CloudNet (Trojan.Glupteba.BITSRST) -> Delete on reboot. [70fdf1570ec8bf770683fd0dd12f58a8] C:\ProgramData\Logic Cramble (Adware.Linkury) -> Delete on reboot. [363792b618be11253dca4ac244bc5ea2] C:\ProgramData\Logic Cramble\X64 (Adware.Linkury) -> Delete on reboot. [363792b618be11253dca4ac244bc5ea2] C:\ProgramData\Logic Cramble\X86 (Adware.Linkury) -> Delete on reboot. [363792b618be11253dca4ac244bc5ea2] C:\Users\Leo\AppData\Roaming\Microleaves (Adware.OnlineIO) -> Delete on reboot. [5f0e36128353d6603507eb2119e726da] C:\Users\Leo\AppData\Roaming\Microleaves\Online Application 2.7.0 (Adware.OnlineIO) -> Delete on reboot. [5f0e36128353d6603507eb2119e726da] C:\Users\Leo\AppData\Roaming\Microleaves\Online Application 2.7.0\install (Adware.OnlineIO) -> Delete on reboot. [5f0e36128353d6603507eb2119e726da] C:\Users\Leo\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1 (Adware.OnlineIO) -> Delete on reboot. [5f0e36128353d6603507eb2119e726da] C:\Program Files (x86)\Microleaves (Adware.OnlineIO) -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Program Files (x86)\Microleaves\Online Application (Adware.OnlineIO) -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0 (Adware.OnlineIO) -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] Files Detected: 75 C:\WINDOWS\SYSTEM32\drivers\Winmon.sys (Trojan.Glupteba) -> Delete on reboot. [69989105f151015c16a2f422f5722590] C:\WINDOWS\SYSTEM32\drivers\WinmonFS.sys (Trojan.Glupteba) -> Delete on reboot. [c6100c067d1e619b730bf23ab4045b17] C:\WINDOWS\SYSTEM32\drivers\WinmonProcessMonitor.sys (Trojan.Glupteba) -> Delete on reboot. [290389e59ca9fe99ce1779f41f26d645] C:\ProgramData\Logic Cramble\set.exe (Adware.Linkury) -> Delete on reboot. [1a5367e1d3033105d2439270798bb947] C:\ProgramData\CloudPrinter\CloudPrinter.exe (Adware.Linkury) -> Delete on reboot. [6b02440433a3f4428b650f5f9f63ec14] C:\Program Files (x86)\Materialistic\moneys.exe (Adware.DotDo.Generic) -> Delete on reboot. [beaf8fb96274b77f570aafac23df6799] C:\Program Files (x86)\mushy\pathologist.exe (Adware.DotDo.Generic) -> Delete on reboot. [74f9242466700630124e4e96f011ac54] C:\Users\Leo\AppData\Local\ckapes.dll (Trojan.ProxyAgent) -> Delete on reboot. [1c515deb7f57fe38619e36e4709450b0] C:\Program Files (x86)\Dawson\Agricultural.exe (Adware.DotDo.Generic.TskLnk) -> Delete on reboot. [99d4ce7afdd96dc912b4d0b5b74b3bc5] C:\Program Files (x86)\Dawson\Sse.exe (Adware.DotDo.Generic.TskLnk) -> Delete on reboot. [ff6ee167d60051e5edb9f68f3ec41ae6] C:\Program Files (x86)\Fis\Agricultural.exe (Adware.DotDo.Generic.TskLnk) -> Delete on reboot. [224bfd4bf8de81b55076aadb29d9c23e] c:\Windows\rss\csrss.exe (Trojan.MalPack.GS) -> Delete on reboot. [4b226edae7ef45f145a74934a95904fc] C:\Users\Leo\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe (Trojan.Glupteba) -> Delete on reboot. [5c1170d81abc3ff72dd624a7da28cd33] C:\Program Files (x86)\ProxyGate\MainService.exe (RiskWare.ProxyGate) -> Delete on reboot. [1c51192fbb1bee484a94b1e024dd26da] c:\Windows\windefender.exe (Trojan.Crypt.GO) -> Delete on reboot. [46273018af27b3831361e96b22e2ee12] C:\Users\Leo\AppData\Local\Agricultural.exe (Adware.DotDo.Generic.TskLnk) -> Delete on reboot. [492412366c6aa88e9135721345bd17e9] C:\Users\Leo\AppData\Local\SilHome.exe (Adware.Linkury) -> Delete on reboot. [dd90b98f12c40d296f81412da85a36ca] C:\Users\Leo\AppData\Local\Sse.exe (Adware.DotDo.Generic.TskLnk) -> Delete on reboot. [36371632ecea95a14462bacb36ccc739] C:\Users\Leo\AppData\Local\VaiaQuofresh.exe (Adware.Linkury) -> Delete on reboot. [105d06427066c571dd13640a986ace32] C:\Users\Leo\AppData\Local\1xCorp N.V\1xWin\serviceupdate.exe (Spyware.PredatorTheThief) -> Delete on reboot. [d09d88c0fbdbbd792a11331a0df67e82] C:\Users\Leo\AppData\Local\Temp\gj9oo958ocx5hre.exe (RiskWare.ProxyGate) -> Delete on reboot. [28453c0c26b0e650462c600528d9867a] c:\Users\Leo\AppData\Local\Temp\csrss\cloudnet.exe (Trojan.Glupteba) -> Delete on reboot. [630ac880b1250f2740c3ffcc53aff907] c:\Users\Leo\AppData\Local\Temp\csrss\profile-6.exe (Trojan.Glupteba) -> Delete on reboot. [0f5e98b0ede9b97d2cdfdeb457aac739] C:\Users\Leo\AppData\Local\Temp\1887343\ic-0.39501a925a185.exe (Trojan.Crypt) -> Delete on reboot. [5b125deb1db90c2a70ed7c1af40f19e7] C:\Users\Leo\AppData\Local\Temp\1887343\ic-0.88fcd1eea4f8c.exe (Trojan.MalPack.GS) -> Delete on reboot. [7eef64e490468caaffedd0addd253cc4] C:\Users\Leo\AppData\Local\Temp\1887343\ic-0.9a3ef57f2efc78.exe (Adware.Linkury) -> Delete on reboot. [e4891335934383b33fb192dc89797a86] C:\Program Files (x86)\Fis\Agricultural.dll (Adware.DotDo.Generic.TskLnk) -> Delete on reboot. [7bf24701b5214ee8c5010085bf43817f] C:\Program Files (x86)\Fis\Fis.exe (Adware.DotDo.Generic.TskLnk) -> Delete on reboot. [7df093b55f77e94d05c13550bb477f81] C:\Program Files (x86)\laggards\laggards.exe (Adware.DotDo.Generic.TskLnk) -> Delete on reboot. [dd9076d2b620e452cfb42e71986a54ac] C:\Program Files (x86)\ProxyGate\ProxyGate.exe (RiskWare.ProxyGate) -> Delete on reboot. [4a232a1efed878be5b703b0220e117e9] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adware.DotDo.Generic) -> Delete on reboot. [90dd89bfbc1a80b68ad8c81d7a87a759] C:\Users\Leo\AppData\Local\Temp\Rar$EXa7916.28021\Football Manager 2020 - InstallShield Wizard\football_manager_2020_-_installshield_wizard.exe (Trojan.IStartSurf) -> Delete on reboot. [77f69fa965719b9b653789c7f210e61a] C:\Windows\horta.exe (Adware.DotDo.Generic.TskLnk) -> Delete on reboot. [3d3097b1f3e3ac8abe08562fa35f12ee] C:\Users\Leo\AppData\Local\SilHome.tst (Adware.Linkury.Generic) -> Delete on reboot. [5f0e1f29ebeba88e118f085ddf216a96] C:\Users\Leo\AppData\Local\VaiaQuofresh.tst (Adware.Linkury.Generic) -> Delete on reboot. [28454305e9edaa8c5e42c79eca362dd3] C:\Users\Leo\AppData\Local\ApplicationHosting.dat (Trojan.Agent) -> Delete on reboot. [b1bc73d54e88ca6ca84bf372758b53ad] C:\Users\Leo\AppData\Local\agent.dat (Adware.Linkury.Generic) -> Delete on reboot. [2449d67233a362d4ea18d88e718f60a0] C:\Users\Leo\AppData\Local\installer.dat (Adware.Linkury) -> Delete on reboot. [5e0f0d3bd105c274e5d3fa720bf502fe] C:\Users\Leo\AppData\Local\lobby.dat (Trojan.Agent) -> Delete on reboot. [333a4dfbab2b4fe71dc3e3894eb2dc24] C:\Users\Leo\AppData\Local\Main.dat (Adware.Linkury.Generic) -> Delete on reboot. [f37ae860ab2b52e4905a6dff7888f50b] C:\Users\Leo\AppData\Local\md.xml (Adware.Linkury.Generic) -> Delete on reboot. [551870d85a7cb284c1896a03bd439868] C:\Users\Leo\AppData\Local\noah.dat (Adware.Linkury.Generic) -> Delete on reboot. [0865e0687561a88e2f35d59834cc1ce4] C:\Users\Leo\AppData\Local\uninstall_temp.ico (Adware.Linkury.Generic) -> Delete on reboot. [09643d0bb02659dd97d083ebb34d37c9] C:\Windows\System32\Tasks\csrss (Trojan.Glupteba.E) -> Delete on reboot. [462755f3fbdb7abcff414242709023dd] C:\Windows\System32\Tasks\Online Application V2G1 (Adware.OnlineIO) -> Delete on reboot. [145985c316c03bfba1128502a957db25] C:\Windows\System32\Tasks\Online Application V2G2 (Adware.OnlineIO) -> Delete on reboot. [c7a645038c4aaa8c981bbdcab749de22] C:\Windows\System32\Tasks\Online Application V2G3 (Adware.OnlineIO) -> Delete on reboot. [b6b7c0885b7b191dd8dbc3c48c74d927] C:\Windows\System32\Tasks\Online Application V2G4 (Adware.OnlineIO) -> Delete on reboot. [fa73e95f785e1323149f4f38e31dfa06] C:\Windows\System32\Tasks\Online Application V2G5 (Adware.OnlineIO) -> Delete on reboot. [94d95bed6f67a492edc65730718f8e72] C:\Windows\System32\Tasks\Online Application V2G6 (Adware.OnlineIO) -> Delete on reboot. [9ad31632b2248da9aa095a2d44bcb44c] c:\Users\Leo\AppData\Local\Temp\csrss\scheduled.exe (Trojan.Glupteba.E) -> Delete on reboot. [e984ea5e4f87191d6930513c3dc3e21e] c:\Users\Leo\AppData\Local\Temp\csrss\routersdns.exe (Trojan.Glupteba.E) -> Delete on reboot. [e984ea5e4f87191d6930513c3dc3e21e] C:\Windows\Tasks\Online Application V2G1.job (Adware.OnlineIO) -> Delete on reboot. [93daac9ca03694a287470d8a24dcaa56] C:\Windows\Tasks\Online Application V2G2.job (Adware.OnlineIO) -> Delete on reboot. [610cb89029adbf77cd0197007a8623dd] C:\Windows\Tasks\Online Application V2G3.job (Adware.OnlineIO) -> Delete on reboot. [e18c2e1a488e61d59a34cacdce32728e] C:\Windows\Tasks\Online Application V2G4.job (Adware.OnlineIO) -> Delete on reboot. [b1bcfa4e01d52511438b1780df21629e] C:\Windows\Tasks\Online Application V2G5.job (Adware.OnlineIO) -> Delete on reboot. [5c114800f5e1d066dbf36a2d7090f40c] C:\Windows\Tasks\Online Application V2G6.job (Adware.OnlineIO) -> Delete on reboot. [b6b7b98f03d39d99814dc6d1c040a858] C:\ProgramData\Logic Cramble\Config.json (Adware.Linkury) -> Delete on reboot. [363792b618be11253dca4ac244bc5ea2] C:\ProgramData\Logic Cramble\set.exe.config (Adware.Linkury) -> Delete on reboot. [363792b618be11253dca4ac244bc5ea2] C:\ProgramData\Logic Cramble\System.Data.SQLite.dll (Adware.Linkury) -> Delete on reboot. [363792b618be11253dca4ac244bc5ea2] C:\ProgramData\Logic Cramble\System.Data.SQLite.Linq.dll (Adware.Linkury) -> Delete on reboot. [363792b618be11253dca4ac244bc5ea2] C:\ProgramData\Logic Cramble\System.Data.SQLite.xml (Adware.Linkury) -> Delete on reboot. [363792b618be11253dca4ac244bc5ea2] C:\ProgramData\Logic Cramble\X64\SQLite.Interop.dll (Adware.Linkury) -> Delete on reboot. [363792b618be11253dca4ac244bc5ea2] C:\ProgramData\Logic Cramble\X86\SQLite.Interop.dll (Adware.Linkury) -> Delete on reboot. [363792b618be11253dca4ac244bc5ea2] C:\Users\Leo\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi (Adware.OnlineIO) -> Delete on reboot. [5f0e36128353d6603507eb2119e726da] C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe (Adware.OnlineIO) -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini (Adware.OnlineIO) -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Adware.OnlineIO) -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url (Adware.OnlineIO) -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url (Adware.OnlineIO) -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk (Adware.OnlineIO) -> Delete on reboot. [e08dfc4ce3f3bf7702485ad0639d847c] C:\Users\Leo\AppData\Local\Config.xml (Adware.Linkury.Generic) -> Delete on reboot. [501d9eaa7d59ac8a65543c3491738b75] C:\Users\Leo\AppData\Local\InstallationConfiguration.xml (Adware.Linkury.TskLnk) -> Delete on reboot. [dd904bfd993dde58037c02715fa50af6] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\InstallationConfiguration.xml (Adware.Linkury.TskLnk) -> Delete on reboot. [0865390f894dad89321d2a4a2bd939c7] Physical Sectors Detected: 0 (No malicious items detected) (end) When I restarted this after the Cleanup process (as it prompted me to), it restarted in Windows safe mode, and I'm not sure if it affected anything, but after the scan it said there was 159 malware items. There has been sounds coming from the sound source Sse (shown in picture below) which I suspect is malware. After the scan and restart, however, it didn't seem to be running.
  12. Hello, I recently got infected by a virus. It prevents me from installing any form of anti-virus, and it doesn't allow me to turn on defender either, saying it is managed by an organization. I have removed the virus program itself I'm pretty sure, but I know there's still files that are infected. I don't know what to do, thanks for the help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.