Jump to content

Malware/PUP in REgistry, won't go away, help!


Recommended Posts

They just wont go away. I clean them out, Quaratine them, erase them, whatever, and they're still here. I had this once befroe, a few months ago, I already forgot how I got rid of them, but they're back. I need help, because Malwarebytes isn't enough to eradicate them. Here's the exported log. 

dfdffd.txt

Link to post
Share on other sites

Hello Psychatix and :welcome: Forums.


My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Read all of my instructions very carefully because any mistake you can make during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process should be completed. Even if the computer appears to be running better at some point, it may still be infected as some infections are difficult to remove and can leave remnants on the System that need to be removed also.


With that being said let's start.


Next,

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator;
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits: Bleeping Computer and Aura
  • Once the scan is complete, a log will open. Please attach that log in your next reply;


Next,

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator;
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
    Credits: Aura
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please attach that log in your next reply;


Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default;
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient;
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton;
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop;
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button;
  • Please attach the log in your next reply.


Next,

Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Please download FRST 64-bit and save it to your computer's Desktop;
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator;
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
    Credits: Aura
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Please attach the two logs (FRST.txt and Addition.txt) in your next reply;


In your next reply please attach:
The JRT.txt log;
The AdwCleaner clean log;
The Malwarebytes log;
The two logs (FRST.txt and Addition.txt) produced by FRST.

How is your computer running at this point?

Thank you.

Rui

Link to post
Share on other sites

Hello Psychatix.

 

There is something wrong with the FRST.txt file. It's empty.

 

Please proceed as follow:

Reset your router. Click the 'Reset' button or disconnect the main power cable, wait 1 minute and reconnect it.

Then try to access the forum using a different browser.

 

Please re-run FRST.

Right-click the FRST64 executable file icon and select Run as administrator to start the tool;

Click Yes to accept the User Account Control security warning that may appear;

Make sure the Addition.txt box is check-marked and click the Scan button;

Please attach the two new logs in your next reply for my review.

 

Let me know if you are still having problems.

Thank you.

Rui

Link to post
Share on other sites

Hello Psychatix.

Thank you for posting the logs for my review.

Your Windows Defender is disabled making your computer completely vulnerable and unsafe.
It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. Either you can enable Windows Defender or if you wish you can download and install one listed below. All of the following are excellent free anti-viruses. Be sure to only install one.

Avast Free Antivirus
Avira Free Antivirus
AVG Free Antivirus


I suggest you go to Programs and Features and uninstall DAEMON Tools Lite as it may install 3rd party PUP (Potentially Unwanted Programs) without your knowledge or consent.


You have System Restore disabled. System Restore maintains a backup of your System and becomes very useful if for some reason you opt or need to go back.
Please read the instructions in the link below and enable your System Restore:
How to turn on System Restore in Windows 10


Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

 

Please re-run Malwarebytes, perform a new scan, quarantine all the threats it finds and attach the new log for my review.
If no threats are found just let me know.

 

Please download RogueKiller 32/64 Bits Installer (setup.exe) by Tigzy and save it to your Desktop.

  • Right click on the file setup.exe and select Run as administrator to install the tool.
  • Click Yes to accept any security warnings that may appear.
  • Choose the installation language and click OK.
  • Checkmark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool.
  • Now close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the RogueKiller icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time consuming.
  • Once finished click on Open Report. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.


Please attach the RKlog.txt to your next reply.

 

In your next reply, please attach the following logs:

fixlog.txt;

Malwarebytes log;

RKLog.txt.

 

Please tell me how is the computer running at this moment.

Thank you.

Rui

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.