AlexUK Posted March 7, 2018 ID:1222034 Share Posted March 7, 2018 Hi, Malwarebytes has detected Pup.Optional.Trovi on my computer but when I tried to quarantine it the quarantine failed. Please could you help me remove this? I have attached the necessary files. Kind regards, Alex Malwarebytes.results.txt FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Android8888 Posted March 7, 2018 ID:1222100 Share Posted March 7, 2018 Hello AlexUK and My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear. I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier. Next, Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Note that after running the following fix the computer will restart and perform a Disk Check. Please let it complete before you go to the next step. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file! Right-click on the FRST executable and select Run as Administrator; Click on the Fix button;Credits: Aura On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad; Please attach the Fixlog.txt in your next reply; Next, Download AdwCleaner and move it to your Desktop; Right-click on AdwCleaner.exe and select Run as Administrator; Accept the EULA (I accept), then click on Scan; Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button; Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it; After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply. Next, Re-run Malwarebytes, when finished quarantine everything it finds and attach the log for my review. To summarize, in your next reply please attach the following logs: Fixlog.txt AdwCleaner clean log. Malwarebytes log. Let me know what issues or concerns are you still having in this computer. Thank you. Rui fixlist.txt Link to post Share on other sites More sharing options...
AlexUK Posted March 7, 2018 Author ID:1222193 Share Posted March 7, 2018 Hi Rui, Thank you for your reply. I have run Farbar Recovery Scan Tool and clicked on Fix. The fix completed and asked for the computer to restart. However I have a problem.... after the restart the computer has been stuck for 2 hours with the displayed message "Scanning and repairing Drive C : 11% complete." I do not know how to proceed further and would be grateful for your advice. Regards, Alex Link to post Share on other sites More sharing options...
AlexUK Posted March 7, 2018 Author ID:1222214 Share Posted March 7, 2018 Hi Rui, Forget my last post. The computer has finally rebooted. I will send the file results when I have completed the AdwCleaner scan. Regards, Alex Link to post Share on other sites More sharing options...
Android8888 Posted March 7, 2018 ID:1222222 Share Posted March 7, 2018 Hi Alex, That's fine, I'll wait for the logs. Link to post Share on other sites More sharing options...
AlexUK Posted March 7, 2018 Author ID:1222246 Share Posted March 7, 2018 Hi Rui, Please find the attached files. AdwCleaner found nothing to clean so there is no log. The last run of Malwarebytes found nothing (log attached) Please let me know what you think. Many thanks, Alex Fixlog.txt Malwarebyteslog.txt Link to post Share on other sites More sharing options...
Android8888 Posted March 7, 2018 ID:1222256 Share Posted March 7, 2018 Good! FRST cleaned some stuff and removed almost 8 GBytes of temporary data and MBAM log is clean. It is very likely that your computer is clean but to be sure of that I suggest you run a final scan to search for leftovers. This is a very thorough scan and can take several hours depending on the number of files and disk size, but it's worth it. We will use Sophos Virus Removal Tool. The Sophos Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows; The Windows Registry; All local hard drives, fixed and removable; Note 1: Mapped network drives are not scanned. Note 2: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Please download Sophos Virus Removal Tool and save it to your computer's Desktop. Right-click the icon and select Run as administrator. Click Yes to accept any security warnings that may appear. Click the Next button. Select 'I accept the terms in the license agreement', then click Next twice. Click the Install button and wait until the installation is complete. Click the Finish button. The tool created a shortcut icon on the Desktop of your computer. Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool. Click Yes to accept any security warnings that may appear. After it updates and a "Start Scanning" button appears in the lower right: Disconnect from the Internet or physically unplug your Internet cable connection. Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection. Click the "Start Scanning" button in the lower right to start the scan. After starting the scan, do not use the computer until the scan has completed. When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish. When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet. If any threats are found click Details, then View Log file (bottom left-hand corner). Copy and paste its contents in your next reply and note any errors encountered. Close the Notepad document, close the Threat Details screen, then click Start cleanup. Click Exit to close the program. If no threats were found, please confirm that result. Note: Whenever necessary, the log will be in the following location: Windows Vista and above: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log If threats are found please post the contents of the log in your next reply. If the scan is clean, just let me know. Thank you. Rui Link to post Share on other sites More sharing options...
AlexUK Posted March 8, 2018 Author ID:1222389 Share Posted March 8, 2018 Hi Rui, I have run Sophos Virus Removal Tool and it reports the computer is clean, no logs. I have upgraded to Malwarebytes Premium. I notice that Windows Defender is disabled. Is this needed now I have MWB Premium antivirus & malware protection? Thank you, Alex Link to post Share on other sites More sharing options...
Android8888 Posted March 8, 2018 ID:1222471 Share Posted March 8, 2018 Hello Alex, I'm glad to know that! Your computer appears to be clean and free of malware. 3 hours ago, AlexUK said: I have upgraded to Malwarebytes Premium. I notice that Windows Defender is disabled. Is this needed now I have MWB Premium antivirus & malware protection? You have made a excellent choice. Windows Defender disables itself when it detects other security software with identical protection layers which guarantee the protection of the system without the need for additional security programs. Malwarebytes Premium fits into this condition so you don't need to enable Windows Defender. You can read more information concerning this condition of Malwarebytes Premium here: Third-party testing & anti-virus replacement Since your system is clean I advise you to check for outdated programs since they contain security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to infect the systems. Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker or UCheck to see what programs need to be updated. After updating the programs, it's time to clean up the mess by running DelFix. This is a small utility that removes the tools we used in the removal process and it will delete itself after running. Follow the instructions below to download and execute DelFix. Download DelFix and move the executable to your Desktop; Right-click on DelFix.exe and select Run as Administrator; Check the following options :Remove disinfection tools (this option will remove the tools used in the cleaning process). Create Registry backup (this option will create a backup from the Windows Registry). Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system). Once the options mentioned above are checked, click on Run; After DelFix is done running, a log will open. I don't need to see the log file, you can close it. Are there any questions or concerns with this computer? Rui Link to post Share on other sites More sharing options...
AlexUK Posted March 8, 2018 Author ID:1222555 Share Posted March 8, 2018 Hello Rui, I have used PSI to update old programs and have run DelFix. All seems to be in order. Thanks very much for your help with this. Kind regards, Alex Link to post Share on other sites More sharing options...
Android8888 Posted March 8, 2018 ID:1222574 Share Posted March 8, 2018 (edited) Hello Alex, You're very welcome! To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer. Keep your Windows Operating System up-to-date. Please note that many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser. Keep Malwarebytes Premium update and perform a regular scan to your system as it will make it harder for malware to reside on your computer. A tutorial on using MBAM can be found here and a complete guide here Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above. Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here. Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. Don't click on links received in instant message programs. A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:So how did I get infected in the first placeAnswers to common security questions - Best Practices Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help. Happy surfing, stay safe and come back whenever you need. Android8888 Edited March 8, 2018 by Android8888 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 23, 2018 Root Admin ID:1226648 Share Posted March 23, 2018 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts