Bingo321 Posted July 21, 2019 ID:1324117 Share Posted July 21, 2019 I believe my PC is infected and I need some help. Malware Bytes scan shows no threats, but I have some evidence of an infection. Files are attached. See thread on Save Yourself Email virus. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Bingo321 Posted July 21, 2019 Author ID:1324169 Share Posted July 21, 2019 FYI, I found a questionable application called Wondershare Application Framework in my startup services. Link to post Share on other sites More sharing options...
Bingo321 Posted July 21, 2019 Author ID:1324175 Share Posted July 21, 2019 Isn't Malware Bytes supposed to catch and block programs like Wondershare? I've found a ton of information about it pointing to all kinds of malware, including key loggers. Link to post Share on other sites More sharing options...
Bingo321 Posted July 21, 2019 Author ID:1324176 Share Posted July 21, 2019 By the way, Wondershare doesn't even show up as an installed program anywhere in control panel. The only place I find reference to it is in my startup services Link to post Share on other sites More sharing options...
nasdaq Posted July 22, 2019 ID:1324274 Share Posted July 22, 2019 Hi, No malware was found in your logs. What problems are you having with this computer? Link to post Share on other sites More sharing options...
Bingo321 Posted July 22, 2019 Author ID:1324288 Share Posted July 22, 2019 The problem is that Wondershare is Malware and is installed on my machine. Malware bytes does not detect it for some reason. I've had to manually remove it. It is not listed as an installed program either when you look under Programs in control panel. I did not install it. It is also a memory hog, and is a known bad actor. I don't understand why MalwareBytes doesn't detect and remove it. Link to post Share on other sites More sharing options...
nasdaq Posted July 23, 2019 ID:1324597 Share Posted July 23, 2019 Hi, Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The Computer will restart when the fix is completed. It will create a log (Fixlog.txt) please post it to your reply. === Please post the Fixlog.txt and let me know what problem persists. fixlist.txt Link to post Share on other sites More sharing options...
Bingo321 Posted July 23, 2019 Author ID:1324601 Share Posted July 23, 2019 I have already manually deleted the folder under C:\Program Files (x86)\Wondershare Will this still work? Link to post Share on other sites More sharing options...
nasdaq Posted July 23, 2019 ID:1324607 Share Posted July 23, 2019 yes it will remove all remnant items. Link to post Share on other sites More sharing options...
Bingo321 Posted July 23, 2019 Author ID:1324617 Share Posted July 23, 2019 Thank you for your help, I ran it and looked through the log file and it appears to have found and removed all the entries in the registry and removed the process. I appreciate your help, and hope you understand my frustration with this. One last question, would it be possible to get Wondershare added to the list of Malware that MB looks for and removes? Link to post Share on other sites More sharing options...
nasdaq Posted July 24, 2019 ID:1324896 Share Posted July 24, 2019 Hi, If you still have a copy of the exe program you can submit hit here. https://forums.malwarebytes.com/forum/42-file-detections/ They will check it out and inform you of what they find and do with it. p.s. Since you have deleted the folder I removed the remnant items in the registry. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 2, 2019 Root Admin ID:1327192 Share Posted August 2, 2019 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts