Jump to content

No idea what to keep or delete...


Recommended Posts

Hi,

After a malware antibytes scan it found a couple hundred files, only few listed as malware others as unwanted programs.

I checked the few malware and many are files of genuine programs, I know this because there's the game name in the file name/location (games I downloaded as torrents; I know these are 100% safe) so I don't want to remove these - problem is there are some which don't indicate whether they're a game I know to be safe or something else. The bigger problem is the 'potential unwanted programs' there are hundreds of these I am not sure I will check one by one - some are located in firefox and chrome...

E.g. : Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\Earn.to.Die.2.v1.0.4.DynamicNS, ,  (this is genuine file - 'earn to die' game).

Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}, , [d7408ee2a6f492a4036c3f577092e020],  (this I have no idea, if I delete it could be of a genuine program).

Also when starting my pc now Chrome launches and some aliexpress website launches.

log1.text is scan log file.

Any idea what to do?

Thank You!

p.s. Windows defender find 0 threats.

FRST.txt

Addition.txt

log1.txt

Link to post
Share on other sites

  • Staff

Hello and welcome to Malwarebytes Forum

While the games themselves might very well be legitimate, you obtained them via torrents (which is basically stealing software that you would normally have to pay for) so you have no way of knowing the source of those programs or whether some bad code was injected into them.

Pirated software is one of the biggest sources of infection that we see.

It certainly seems as though Chrome is compromised as well.

Please do the following:

Download the attached fixlist.txt file and save it to the Desktop.

Fixlist.txt

NOTE. It’s important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work.

Run the FRST64.exe program and press the Fix button just once and wait.
The tool will make a log in the same folder as where the FRST program is saved. (Fixlog.txt).
Please attach it to your reply.

(note: sometimes the program will need to reboot – please allow it to do so)

NEXT

Please download AdwCleaner and save it to your desktop.
adwCleaner

ATTENTION: After you click the Download Now button, another page will open – DO NOT CLICK any additional ‘download now’ buttons as they are sponsored advertisements. Please wait and look toward the top or bottom of your browser for the option to Run or Save. Click Save to save the file.

Double click on AdwCleaner.exe to run the tool.
Click the “Options” menu heading on the menu bar and uncheck “Reset Winsock Settings”
Click on the Scan button.
After the scan has finished… click on the Cleaning button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[C1].txt) will open automatically.
Attach that log file to your next reply.
You can find the logfile at C:\AdwCleaner[Cn].txt (‘n’ is the number of clean actions performed).

Please let me know if there are any outstanding issues.

 

 

 

 

Link to post
Share on other sites

Hi,

For AdwCleaner I unchecked 'free youtube downloader' because I downloaded it, it should be safe (https://youtubedownloader.com/). The problems all started after downloading one game file from one of those 'file hosting' sites like 1fichier.com jheberg.net/ or clicknupload.link. I be more careful especially since there wasn't any checkboxes to untick to stop other toolbars, etc from installing...

Thanks

Fixlog.txt

AdwCleaner[C0].txt

Link to post
Share on other sites

  • Staff

Looks good.

let's go ahead and remove the tools and logs we've used during this process.

The following procedures will implement some cleanup procedures to remove these tools.

 

Download Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

AdwCleaner > just run the program and click uninstall.

If there are any other left over Folders, Files, Logs you can delete them.

 

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.


 
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.