Jump to content

NanoCore wants to install remotely


IXAJR

Recommended Posts

Hello,

I have a problem with NanoCore dialog window showing up every time I log into the Windows (10 64-bit, v1803). I can either Decline or Accept it (of course, I always choose Decline). This window doesn't show up again after I press Decline, it only does once after every log in. I scanned my PC with Malwarebytes, a bunch of anti-viruses and nothing has been found. After I scanned the PC with Zemana, it found the RegSvcs.exe file in .NET Framework v2.0 folder to be infected/modified/damaged. Sometimes the NanoCore window doesn't show at all and I just get an error message that says RegSvcs.exe wasn't able to start instead.

Hopefully, I have attached all required files.

Thank you for your help.

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I suggest that you remove this Chrome Extension. Read the remarks. Your call.
CHR Extension: (uBlock) - C:\Users\IXAJR\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-10-19]

Replace it with this one.
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

Thank you,
I have replaced the previous Ublock add-on with one from the link you sent me. I have also used the Fix function with the fixlist file as you told me to. I think it helped me to get rid off it. The NanoCare dialog window or that RegSvcs.exe error message didn't show up when I logged in this time. Also, the msconfig started to work again (it didn't work up until now, sorry I forgot to mention it before).

It really seems like the problem was that modified .NET Framework file.

Fixlog.txt

Link to post
Share on other sites

Hi,

It really seems like the problem was that modified .NET Framework file.


Well may be not.
With my fix the file was sent to VirusTotal.

It was reported in the Fixlog.txt as Good.
https://www.virustotal.com/file/d4527b7ad2fc4778cc5be8709c95aea44eac0568b367ee14f7357d72898c3698/analysis/1541867680/

The main point is that all is well.

===

Stay Safe.

Link to post
Share on other sites

Well, then I don't know. Nevertheless, you are right, the main point is that the problem has been solved. I have tried to restart the PC multiple times and it haven't returned as it used to return after a couple of restarts when I thought I managed to solve it in the past.

Thank you very much. :)

Link to post
Share on other sites

Oh, I apologize, that *hasn't was for this part of the sentence: 

2 hours ago, IXAJR said:

PC multiple times and it haven't returned

I have no problems with Firefox. The only problem I had was with that NanoCore dialog window and after I restarted the PC for about 8 times now, just to be sure, it looks like it's completely gone. The window hasn't returned ever since you helped me.

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.