Jump to content
Painter

I'm infected - What do I do now?

Recommended Posts

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===


Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Hallo Nasdaq,

First thanks foor your help!

After i followed your instructions the pc rebooted

and then I opened Google Chrome where i noticed that Avira had installed twò extentions again:

The three dots on the upper right side of the browser screen, the 3 vertical dots (Menu), to go to the settings are now disappeared!

The Avira extentions are Safe Search and Browser Safety [ if I'm not mistaken]. 

In stead of the 3 vertical dots Google Chrome now shows an orange exclamation mark, that leads me to the settings,

due to the agressive installation of the Avira extentions I guess. 

I see that all òther extentions are GONE and the only ones left are the Avira Browser Safety and the Avira Passwort manager ! 

So thàt has changed: earlier I only got the Avira SafeSearch !!

And according to AdwCleaner the Avira Safesearch was a threat. [ PUP.Optional.Legay ?] 

As an attachement you'll find my Fixlog.txt.

Regards, Painter

 

Avira extentions.JPG

Fixlog.txt

Share this post


Link to post
Share on other sites

Hi

Please run the Farbar program and post fresh Logs for my review.

Quote

Instead of the 3 vertical dots Google Chrome now shows an orange exclamation mark, that leads me to the settings

This is not normal but I see it on occasions when Chrome is updated. 

 

Share this post


Link to post
Share on other sites

Hi,

Here are the fresh logs as attachements.

And in the meantime this happened;

Password Facebook no longer worked.Had to make a new password.
AdBlocker app was gone along with a number of other extentions.
The passwords of Tumblr and Twitter still work.
Maybe I should change that too.

Addition.txt FRST.txt

Share this post


Link to post
Share on other sites

Hi, 

In the meantime sound has disappeared in browser Google chrome. 

And on my desktop program to oranise desktop OrganiZen has disappeared. 

Share this post


Link to post
Share on other sites

I've undertaken no action, because you said not to do anything in the meantime.

Regrads, Painter

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

The Avira "OrganiZen" and *System Speedup" are the issue.

It does look like the Avira Password manage have taken over the passwords you had in Chrome.
The passwords in Chrome may still be available.

I would check and save them is still available.
How to export your saved passwords from Chrome
https://betanews.com/2018/03/09/export-chrome-passwords/

Or if the password options are disabled, enable them all.
Fire up Chrome, type chrome://flags into the address bar and hit Enter.
Search for the Password export option and use the drop down menu to set it to Enabled.
Restart Chrome by clicking the Relaunch now button.
===

If you do this search with Google you will find out that "OrganiZen" and *System Speedup" creating problems with many users.
https://www.google.com/search?q=OrganiZen&oq=OrganiZen&aqs=chrome..69i57&sourceid=chrome&ie=UTF

I'm not familiar with it so will not suggest anything that will worsen the situation.

Is removing Avira completely the solution. I do not know.

You decide after the fix if you wish to remove Avira complete and install the same something else.

They provide an uninstaller to clean all of it.
Avira
Download and run their uninstaller tool from this site.
https://www.avira.com/en/downloads-paid

Restart the computer when the removal is completed.

If you decide to remove it and reinstall the application will you have an option to install or not the "OrganiZen" and *System Speedup"?

I would check with them before proceeding.
<<<>>>

p.s.
Your Addition.txt logs shows many Shotcuts using OrganiZen

Such as:
ShortcutWithArgument: C:\Users\Stephan\Desktop\OrganiZen\Alles-in-één 21-04-2019\123Movies.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google Inc.) -> --profile-directory=Default --app-id=ejkcppdkiahpglojjohmbephijapoboo

etc...

If you want to remove them let me know and I will give you a fix.
====

I know there is a log of information.
If you need more details before proceeding please ask.


 

fixlist.txt

Share this post


Link to post
Share on other sites

Hi,

straight after doing the fix Avira installed two extentions again on my browser. 

I couldn't find the Password export flag in chrome://flags.

Maybe its under another name??

I think I will remove Avira completely, because its getting too annoying. And in the meantime i could use Windows defender. Would Avast be a good alernative ?? 

And I also want to remove the shortcuts you mentioned in your last post. 

Can I use CCleaner and Malwarebytes again?? Or do I have to wait for eventual next steps to take with you ? 

Regards, Painter

 

Fixlog.txt

Share this post


Link to post
Share on other sites

By the way: The passwords in G.Chr. are still available.

And in the meantime I had to change my Facebook password AGAIN the old one didn't function no more because of unknown reasons.

And my standard search engine was changed to Google again, I used Startpage.com. I had to change it back again. 

And I couldn't find the Avira Uninstall tool on the Avira site. Is there anòther save way to get rid of this awful Avira completely ???? 

Regards, painter

 

Share this post


Link to post
Share on other sites

Hi, 

I explained to a prof. trustworthy source and asked how to uninstall Avira completely.
he recommended to uninstall everything first through the normal Win7 way
and then with an regCleaner specially for Avira.
https://singularlabs.com/uninstallers/security-software/
> [04] Avira AntiVir > Info > Tool (Note: This tool is meant to be used after a normal uninstall of Avira and a reboot)
I tried to use it but it said - after I unpacked the .zip in WinRAR - it couldn't start the program becaus the mfc100.dll was missing!
It would be solved by restarting the program. 
I didn't managed to do it, because I haven't got the faintest idea what it means. 
Because I uninstalled everything from Avira the normal way
I used the CCleaner reg. cleaner to get rid of all the Avira reg. bits.- after making a back up of it first. I HOPE all the Aivra registry is gone now!
Now Windows Defender is my [temporary] antivirus progr. which I also updated.

And I also erased all the Aivra apps in my browser. 

 

Share this post


Link to post
Share on other sites

Hi,

I couldn't find the Password export flag in chrome://flags.

Open Chrome
Type or paste the string chrome://flags. in the Search bar. It will open the Chrome setting for your password.

====

I removed the StartPage.com.
I would not recommand it but if you want to keep it, it's your call.
===

Can I use CCleaner and Malwarebytes again?? Or do I have to wait for eventual next steps to take with you ? 

Yes no problems.
When using CCleaner to not remove any of the Registry items.
====

Re Avira removal tool.

I will changed my canned speech of the issue.

Read this article.
https://www.techsupportall.com/avira-uninstall-tool/

I think you did well, now to make sure all is gone I suggest you run the Revo Uninstaller.

Revo Uninstaller Portable

Please download the free version of Revo Uninstaller Portable from here and save the compressed file to your computer's Desktop.

  • Double-click the compressed file RevoUninstaller_Portable and extract the files within it (it will be created a folder with the same name);
  • Within that folder, right-click the file RevoUPort and select Run as administrator to open the tool;
  • Click Yes to accept the UAC security warning that may appear;
  • Click OK to accept the License Agreement and Copyright;
  • Select 'The Program to Remove' and click Uninstall. Follow the instructions to complete the removal process;
  • In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers;
  • Click on Select All and then on Delete and then Yes to delete the selected items;
    Note: You may have to repeat this step to delete all the leftovers (Registry items, files and folders);
  • Click the Finish button and restart the computer to complete the removal process.


===

After a restart of the computer install a Virus protection software.

You can install a 3rd party Virus protection program.
Refer to page 2 of this topic. Choosing an Anti-Virus Program
https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2316629

Before installing the program close all Windows and browsers
===

Download the Fixlist.txt attached and do the same procedure you did before to complete the fix.

Let me know what problem persists.
 

fixlist.txt

Share this post


Link to post
Share on other sites

Hi,

Revo Uninstaller Portable couldn't find Avira, the program to remove, because I already removed it the 'normal' way

and I guess it can't trace any leftovers.

By using the tool Junkfiles cleaner of Revo  it found several . I didn't remove any of them, because I don't know what they mean,

its always about trusting a certain kind of software. I made a screenshot of it for you to see if they are actually 'junk'files which can savely be deleted.

 

Revo Junkfile scan.png

Fixlog.txt

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.