szybkilester Posted August 17, 2018 ID:1264000 Share Posted August 17, 2018 Hi! After a stupid mistake my laptop is infected by some freaky pop-ups and other hijacking shite: I've tried to fix it by myself, but still have these issuues... Any idea how to resolve it? Hanx! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 18, 2018 Root Admin ID:1264134 Share Posted August 18, 2018 Hello @szybkilester and Please run the following steps and post back the logs as an attachment when ready.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
szybkilester Posted August 18, 2018 Author ID:1264174 Share Posted August 18, 2018 Thanks for quick reply! I've attached all logs and now waitin' 4 next instructions... scanresult.txt AdwCleaner[C02].txt Addition.txt Link to post Share on other sites More sharing options...
szybkilester Posted August 18, 2018 Author ID:1264175 Share Posted August 18, 2018 I forgot 'bout FRST.text... FRST.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 19, 2018 Root Admin ID:1264263 Share Posted August 19, 2018 Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Thanks Ron Link to post Share on other sites More sharing options...
szybkilester Posted August 19, 2018 Author ID:1264307 Share Posted August 19, 2018 well, just one "attack" after that action and restart, but almost everything is "frozen" for few seconds: browser, mouse, keyboard... Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 20, 2018 Root Admin ID:1264611 Share Posted August 20, 2018 Okay, let me have you run the following Kaspersky antivirus scan and see what if can find and remove too Please download and run the following Kaspersky antivirus scanner to remove any found threats Kaspersky Virus Removal Tool Let me know if it finds anything or not. Ron Link to post Share on other sites More sharing options...
szybkilester Posted August 21, 2018 Author ID:1264775 Share Posted August 21, 2018 nothing at all after first scan, but when i've changed parameters (just system drive was added) there was 17 treats: all are deleted now, but malwarebytes still stoping some pop-ups and there's one file in app data, which is impossible to remove... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 22, 2018 Root Admin ID:1264857 Share Posted August 22, 2018 Hello @szybkilester I'm sorry but I'm going to be going on vacation starting tomorrow. I'll go ahead and ping one of the other helpers and see if they can assist you. In the mean time please run the following scans again and post back new logs for them. @Aura @kevinf80 Please run the following steps and post back the logs as an attachment when ready.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
szybkilester Posted August 27, 2018 Author ID:1265841 Share Posted August 27, 2018 Ok, here we go again... In my Program Files I found few strange folders (with names like "0CSP3SO7LP" or "FNG3ROMKWQ" etc.) with .config files: can I remove 'em? summary.txt AdwCleaner[S03].txt AdwCleaner[C03].txt Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 27, 2018 Root Admin ID:1265926 Share Posted August 27, 2018 These 2 extensions were not able to be removed automatically. Please open Chrome and locate them and remove them on your own. Not Deleted Quick Searcher Not Deleted Wonderful Weather Once they are removed then restart the computer and scan again with Malwarebytes and AdwCleaner. As for odd, strange names in the Program Files folder you need to be careful as some are legitimate folders created and used by the system and/or software you've installed. I personally don't like how Windows and the installer have gone to using folder names like this as it does make it much more difficult to track down if a folder is bogus or not. You could try searching for the folder name in the registry and see if it shows up or not. If nothing found try renaming the folder and if no alerts or issues for a couple days you can probably remove it then. Link to post Share on other sites More sharing options...
szybkilester Posted August 29, 2018 Author ID:1266231 Share Posted August 29, 2018 I've deleted my chrome browser and using opera: how can i remove both extensions? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 29, 2018 Root Admin ID:1266323 Share Posted August 29, 2018 If you're sure you want to fully remove Chrome then you can run the following fix and it will completely remove all of Google Chrome (except some of the many registry entries, which won't matter as the main program will be completely gone) NOTE: This script will remove all bookmarks and anything related to Google Chrome Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Thanks Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 3, 2018 Root Admin ID:1267408 Share Posted September 3, 2018 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts