Jump to content

(file) contained a virus and was deleted,


Recommended Posts

  • Root Admin

Hello @asuslappy and :welcome:

You have an old possibly compromised version of Java installed. Please uninstall all versions of Java from Control Panel, Programs, Add/Remove

You have µTorrent installed. Though it's legal to use it opens ports and access to your computer that can greatly increase your chances of being infected. Though there are legal uses for the program the vast majority of use on the web is illegal in most Countries. I would highly suggest uninstalling and not using P2P software.

The computer is also running a hack to steal software from Microsoft.

I can help you to clean up the computer but in so doing I will remove all of these hacks. If that's something you'd like to proceed with please let me know.

Thank you




Link to post
Share on other sites

Yes, lets proceed. I purchased a new computer for my son to go to college and took this one back.  So not aware of what is on it.

I only had one java on uninstall programs that being Java 8 Update 161, when I went to uninstall it I received the message "Cannot determine valid java home"  and had to click "ok" to continue. no other java programs are showing now.

Link to post
Share on other sites

  • Root Admin


  1. Uninstall µTorrent
  2. No security issue I'm aware of but 7 Zip is now on 18.05 you're on 18.01 - once done here you may want to possibly update https://www.7-zip.org/download.html
  3. Due to possible corruption I would recommend you temporarily uninstall the AVG antivirus (Windows 10 has Defender antivirus so you're still protected) then once done if you so decide we'll go ahead and reinstall AVG or any other antivirus of your choice.
  4. Uninstall Bonjour
  5. The release version of WinRAR is 5.60 you have 5.01 - again, once done you may want to consider an update
  6. WinZip is on version 22, you're on 15. Unfortunately the amount of advertising from WinZip nowadays it incredible. Difficult to recommend an upgrade or possibly even using it considering you have 7-Zip and WinRAR both of which can do much of what WinZip can do already. Just making you aware, up to you what you choose to do. I'm not aware of any specific threats directed at older versions of the program.
  7. You have 2 entries for Russian programs for MS Office. "Language package for supporting the placement of the Microsoft Visual Studio Tools toolkit for working with 2012 (x64) applications - RUS" Do you know, speak or use Russian? Not sure why a Russian version is installed instead of an English version.
  8. You may want to read up on CCleaner and decide for yourslef if you wish to continue using it.  https://betanews.com/2018/08/01/do-not-install-the-latest-version-of-ccleaner/



Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.


Thanks, Ron



Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

Thanks for the instructions Ron,

I have uninstalled utorrent, and WinRAR and ran frst64 file attached.

I will note that I was not able to download the file you attached on the previous message with Microsoft edge, "kept saying file contained a virus and was deleted"  however I used "TOR" browser and it worked.

Russian Language:  this is a mystery,  I do not know anyone who speaks Russian nor does my son who had this computer previously.


Link to post
Share on other sites

  • Root Admin

I don't believe they are an issue but they are installed and hidden to the normal Add/Remove due to a registry key entry saying not to show them.


Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

How is the computer running now?

Let's go ahead and have you run a Kaspersky antivirus scan to make sure nothing else is found.


Please download and run the following Kaspersky antivirus scanner to remove any found threats

Kaspersky Virus Removal Tool

Let me know if it finds anything or not

Link to post
Share on other sites

I am still unable to download a file in Edge.  When I went to download the kapersky file you attached it said it contained a virus and deleted it.  I attach a screen shot to show you.   Also, I find that when I open windows explorer it runs the green bar at the top for a few seconds before it will display the icons for the folders.  This seems unusual compared to other computer I have. I sometimes notice the fan running very fast when there does not seem to be any active task going on other than open windows, and this is not how it about 6 months ago. I only have SSD no mechanical Hard Drive.   I think there is still something wrong.

I ran Kapersky only after downloading through tor browser again, it reported no threats found.

kvrt was deleted screen shot.JPG

Link to post
Share on other sites

I just went to my laptop and noticed that all the lights were on in front indicating that the computer was running, WITH THE LID DOWN.

I opened the lid and it appeard to have rebooted "after:"  I closed the lid around 1am, and got the following messages:

"windows cannot find the specified file" and in the background the cmd promp window is open with the path C:\windows\system32\cmd.exe. the message window is looking for a file in the windows temp directory (see screen shot)

within a few seconds another message appeared at the bottom left saying that the virus windows defender and Malwarebytes was turned off, I opened Malwarebytes and it said it was on ??????

I did not run the the SFC command yet, but wanted to show the messages I received after opening the laptop lid this morning,

I will proceed to run the SFC command and post back after it's finished.

message on computer when i went back.JPG

virus turned off.JPG

Link to post
Share on other sites

  • Root Admin

Please double-check your date and time on the computer and make sure it's correct.

Then run the following.


Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Microsoft Edge
How to Reset Microsoft Edge in Windows 10

Click on Help / Troubleshooting Information then click on the Refresh Firefox button.

Reset Chrome back to defaults to completely clear out issues with Chrome.

  • Open Chrome and at the top right, click ellipse.png.2829aeeb2aea006bc956de077091and then More tools and then Extensions
  • Write down the list of Extensions installed.
  • Next, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
  • Scroll down until you see the  reset_chrome_sync.png "reset sync" button to clear your data from the server and remove your passphrase.
  • Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
  • Press the Windows key + R at the same time, to bring up the run dialog box.
    • run_command.png
  • Type in (or copy/paste) the following and press Enter:     %localappdata%\Google\Chrome\User Data\Default\
  1. Press Ctrl + A to select all the files and folders.
  2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them.
  3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.
  4. Example of all files and folders selected, except Bookmarks



Restart your computer now and make sure there are no longer any redirects or other browser issues and let me know the results





Link to post
Share on other sites

I completed all the above steps,  i was not getting browser redirects that i am aware of, however I do not know if my search results where altered as I have read could be done when you have a virus.

Microsoft Edge still will not download a picture and says it was deleted because it contained a virus.  I did not notice any differences after completing the tasks.

Link to post
Share on other sites

I did a test by right clicking a picture on face book and it allowed me to download it.  But if I open messenger and pick a picture there is a download option at the top right and when I select this this comes up and says "running security scan"  then says ….. contained a virus and was deleted.  So apparently it seems to be when it has to run a security scan but not when I save using a method that does not want to run a scan.  I don't know what triggers the security scan to activate but seems that what ever it tries to scan it finds that there is a virus when I know there is not.

Link to post
Share on other sites

  • 1 month later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.