Adware and Malware always comback after few days

[LocNguyen]

I use Premium version of AVG and I scan my computer everyday. Although AVG said that my computer is safe, but after scanning, I always find 2 or 3 Adware/Malware exist and some of them are back after few days, auto install Chrome and FireFox, change search engine and sometimes shut down my AV. I don't know what to do. Please help me!!!

[LocNguyen]

Also this is the file from FRST!!!

FRST.txt

Addition.txt

[LocNguyen]

Nobody helps me???

 

[Android8888]

Hello LocNguyen and  Forums.

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Read all of my instructions very carefully and bear in mind that any mistakes during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed. Even if your computer appears to be running better, it may still be infected as some infections are difficult to remove and can leave remnants on the System.

With that being said let's start removing malware from your computer.

 

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

• AlphaGo
• Cốc Cốc
  

If you have an issue when uninstalling a program, please let me know.

 

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
• Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Click on the Fix button;
  
  Credits: Aura
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
• Please attach the fixlog.txt in your next reply;
  

 

Next,

Please download Junkware Removal Tool and save it to your Desktop.

• Please close your security software to avoid potential conflicts.
• Double-click on the icon to run the tool. Note: On Windows Vista, 7, 8 and 10 right-click on the icon and select Run as administrator.
• The tool will open and check for updates. You will see the Disclaimer.
• Press any key to continue and start scanning your system.
• Please be patient as this can take a while to complete, depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  

Please attach the JRT.txt to your next reply.

 

Next,

• Download AdwCleaner and move it to your Desktop;
• Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Accept the EULA (I accept), let the database update, then click on Scan;
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes;
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
• After the restart, a log will open when logging in. Please attach that log (the clean log) in your next reply;
  

 

Next,

Please download Malwarebytes version 3 from here and install it on your computer.

• Right-click on the Malwarebytes icon and select Run as administrator to run the tool.
• Click Yes to accept any security warnings that may appear.
• Once the Malwarebytes dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool´s database.
• On the left menu pane click on the Settings tab, and then select the Protection tab on the top.
• Under the Scan Options, turn on the buttons Scan for rootkits and Scan within archives.
• Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
• Note: The scan may take some time to finish, so please be patient.
• If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
• While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
• The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  

Please post the content of the log for my review.

Note: If asked to restart the computer, please do so immediately.

 

To summarize, please attach the following logs to your next reply:
fixlog.txt
JRT.txt
AdwCleaner clean log
Malwarebytes quarantine log

Please tell me how is the computer running now.

Thank you.

fixlist.txt

[LocNguyen]

Because of my hasty decision, I use Malwarebytes to delete all of scanned malwares out of my computer. So what should I do now?

[Android8888]

Hello LocNguyen.

As I mentioned in my previous post, even if your computer appears to be running better, it may still be infected as some infections are difficult to remove and can leave remnants on the System. I advise you to remove those two listed programs and run the scans as indicated in my previous post (fix with FRST, Junkware Removal Tool and AdwCleaner). However it's your decision. If you wish to continue please proceed with the instructions in my previous post until AdwCleaner.

For Malwarebytes, please re-run it as follow:

• Open Malwarebytes;
• On the left pane select Settings;
• Select the Protection tab;
• Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
• Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
• When the scan completes if potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selectedbutton.
• While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
• The log can also be viewed by clicking the log to select it, then clicking the View Report button.
• Please attach the log in your next reply.

Please attach the following logs in your next reply:
fixlog.txt
JRT.txt
AdwCleaner clean log
Malwarebytes quarantine log

Let me see those logs and wait for further instructions.

Thank you.

[LocNguyen]

Dear Rui,

CocCoc is my main web browser, it's like a Chrome with torrent downloader in its  so it not a malicious programs.
Also I have done correctly all of your guideline. Here are all attachments. Thank you so much for helping me

JRT.txt

Fixlog.txt

AdwCleaner[C0].txt

Malware.txt

[Android8888]

Hello LocNguyen.

You're very welcome. I'm happy to help you and I apologize for the delay in responding.

CocCoc is my main web browser, it's like a Chrome with torrent downloader in its  so it not a malicious programs.

Okay, you're right. I messed with other adware with similar name. Is everything running well with it?

 

You did not told me how is your computer behaving at this point.

The logs indicate that the tools wiped some leftovers of adware.

Now let's check further with the following tool to see what was left:

 

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

• Right-click the icon and select Run as administrator.
• Click Yes to accept any security warnings that may appear.
• Click the Next button.
• Select 'I accept the terms in the license agreement', then click Next twice.
• Click the Install button and wait until the installation is complete.
• Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
• Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
• Click Yes to accept any security warnings that may appear.
• After it updates and a "Start Scanning" button appears in the lower right:
  
  • Disconnect from the Internet or physically unplug your Internet cable connection.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.

• Click the "Start Scanning" button in the lower right to start the scan.
• After starting the scan, do not use the computer until the scan has completed.
• When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
• When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
• If any threats are found click Details, then View Log file (bottom left-hand corner).
• Copy and paste its contents in your next reply and note any errors encountered.
• Close the Notepad document, close the Threat Details screen, then click Start cleanup.
• Click Exit to close the program.
• If no threats were found, please confirm that result.
  

Note: Whenever necessary, the log will be in the following location:

C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.

How is the system running? Are there any symptoms of adware?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!