Jump to content

Hijack.exefile


Recommended Posts

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!!

Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact a Moderator or Administrator to let them know.

 

First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details:

Spoiler

Malwarebytes can detect and remove most malware with no further actions required for free.

If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below.

  1. Open Malwarebytes for Windows
  2. To the left, click Scan > Scan Types.
    image.png
  3. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available.
    image.png
  4. Click Start Scan

Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool:

Spoiler

Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult.

Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  1. Double-click to run it. When the tool opens click Yes to the disclaimer.
  2. Press the Scan button.
    _frst_scan.jpg.d10e66dc03e35ede4fdcba12b
  3. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  4. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually.

Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply and Follow this topic to get notified when an expert has replied. Click "Reveal Hidden Contents" below for details.

Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

_mb_attach.jpg.a0465aaafd6cae688aa38ab16

 

After posting your new post, make sure you click the Follow button near the top right of this page, and select the option "An email when new content is posted Change how the notification is sent" so that you're alerted by email when someone has replied to your post.

_mb_follow.jpg.7868cc281f66ac22e919c2c48

_mb_follow_options.jpg.dcb79fc10aa35beb0

Please Note the Following:

  • One of our expert helpers will give you one-on-one assistance when one becomes available.
  • Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  • Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help
  • If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here.

Troubleshooting Tips

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

It's possibly a Syncing issue?

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Let me know what problem persists.

Link to post
Share on other sites

Hi,

It's a Chrome Syncing issue.

Reinstall Chrome it's nice to have more then one Browser in case of problems.

Restart the computer when done.

Remove the Syncing.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

 

 

 

Link to post
Share on other sites

Okay, so I've reinstalled Chrome, removed the syncing, ran Malwarebytes, quarantined, restarted, ran Marlwarebytes again, still showing up

So I went to try the second part of the tutorial, but now Chrome won't even open, even when I do "run as administrator"

Also, there seems to be another program running, don't know what, but it looks like the command prompt and it flashes on occasionally.

Should I be worried???

Edited by mistarhee
Link to post
Share on other sites

Hi,

===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If Chrome is still an issue, the problem is described on your Addition.txt log

Error: (05/16/2018 01:46:06 AM) (Source: SideBySide) (EventID: 33) (User: )


Description: Activation context generation failed for "C:\Users\MISTAL~1\AppData\Local\Temp\3582-490\chrome.exe".
Dependent Assembly 66.0.3359.170,language="&#x2a;",type="win32",version="66.0.3359.170" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Naviagate to this page and follow the instructions on the page.
https://answers.microsoft.com/en-us/windows/forum/windows_10-update/sxstraceexe/4007ed77-30b7-47d7-a66b-1b01c9664d39

For now just install these
Microsoft Visual C++ 2008 SP1 Redistributable Package for (x64) 
and
Microsoft Visual C++ 2010 Redistributable Package (x64) 

Restart the computer normally when completed.

Let me know if the problem persists.

fixlist.txt

Link to post
Share on other sites


Hi,

Download the Sustemlook appropriate for you system.

SystemLook (32-Bit Version) or SystemLook (64-Bit Version)

  • Double-click SystemLook.exe/SystemLook_x64.exe
  • to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :reg 
    HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.

===
Link to post
Share on other sites


Hi,

Lets try this again.

Remove Chrome Syncing.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Just remove then Syncing, when done restart the computer normally.

Run Malware bytes and delete the enty if listed.

Restart the computer normally.

Run MBAM and hope that it's been deleted.

Keep me posted.

Link to post
Share on other sites

  • 4 weeks later...

Hi

There is a small syntax error in your \EXEFILE\SHELL\OPEN\COMMAND setting.

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
@="\"%1\" %*"
"IsolatedCommand"="\"%1\" %*"

Restart the computer when completed.

You can delete the fixme.reg file when done.

Run malwarebytes and delete the item(s) found.
Restart the computer normally.

Keep me posted.

Link to post
Share on other sites

Hi,

Farbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.


  • Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:


svchost.com


  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;

Edited by nasdaq
Link to post
Share on other sites

Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Mista Lee (12-06-2018 11:47:20)
Running from D:\Doks\Repair
Boot Mode: Normal

================== Search Registry: "svchost.com" ===========

[HKEY_USERS\S-1-5-21-4148687358-3386133295-2761152171-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Windows\svchost.com"="0x534143500100000000000000070000002800000000A200000000000001000000000000000000000A61200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000005000100000000000000000000000000045523003000000005200000052000000"
[HKEY_USERS\S-1-5-21-4148687358-3386133295-2761152171-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\svchost.com.FriendlyAppName"="svchost"

====== End of Search ======

Link to post
Share on other sites

Hi,

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Quote

 

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-4148687358-3386133295-2761152171-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Windows\svchost.com=-
[HKEY_USERS\S-1-5-21-4148687358-3386133295-2761152171-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\svchost.com.FriendlyAppName"=-

 


Restart the computer when completed.

You can delete the fixme.reg file when done.

Delete the file in bold in th Windows folder.
C:\Windows\svchost.com

If the file is in use then Boot to Safe Mode and delete it.

Restart the computer normally.

How is the computer acting now?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.