Jump to content

Proxy Virus

patrickpan

By patrickpan,
in Resolved Malware Removal Logs

 Share

Recommended Posts

kevinf80

kevinf80

Posted
Posted (edited)
Hello patrickpan and welcome to Malwarebytes,

There is an issue with the files you have posted from FRST, I cannot open those files. Can you rerun FRST and post fresh logs please:

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

user posted image

Thank you,

Kevin...
Edited by kevinf80
added image file
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for that update, Avast does have some kind of proxy protection, not sure how it works.

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.


Does the proxy return..?

fixlist.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted (edited)
Hello patrickpan,
Does the proxy return after a system reboot, or immediately after removal..?
 
Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

user posted image

 

Edited by kevinf80
added text
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted (edited)

Are any of the following programs known to you and trusted..

Quote

Task: {066A2E29-9234-4CAC-B8D9-A9FEA2FFCD26} - System32\Tasks\suppressantssuppressants => C:\Program Files (x86)\sampan\sampan.exe
Task: {10F35889-9F34-4FE8-8F45-0F574B7942E1} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [390760 2019-05-30] (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
Task: {12A54B80-6F4E-4228-9AE4-6C589B827D12} - System32\Tasks\baez => C:\Program Files (x86)\Eko\Galen.exe
Task: {41419B76-C5ED-4CEB-9BD5-7F0BB7719C04} - System32\Tasks\suppressants => C:\Program Files (x86)\sampan\sampan.exe
Task: {67F1D2BB-47E6-456A-A932-D2A83452E67F} - System32\Tasks\shallows_lacerated => C:\Program Files (x86)\Ganja\Galen.exe
Task: {7154A68D-2D12-4366-AE1E-A8376104B10C} - System32\Tasks\baezbaez => C:\Program Files (x86)\Eko\Galen.exe
Task: {799EFA97-63E9-4CD5-85E8-1F39F75D7B1F} - System32\Tasks\shallows_laceratedshallows_lacerated => C:\Program Files (x86)\Ganja\Galen.exe

Tencent QQMail Plugin (HKLM-x32\...\QQMailPlugin) (Version:  - )

 

Edited by kevinf80
added text
Link to post
Share on other sites
patrickpan

patrickpan

Posted
  • Author
Posted
7 hours ago, kevinf80 said:

Task: {10F35889-9F34-4FE8-8F45-0F574B7942E1} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [390760 2019-05-30] (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)

 

7 hours ago, kevinf80 said:

Tencent QQMail Plugin (HKLM-x32\...\QQMailPlugin) (Version:  - )

I do recognize and trust those two, which is for my Chinese keyboard and email. However, the rest I do not know.

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted
Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

user posted image
 
Next,
 
Please download Zemana AntiMalware and save it to your Desktop.
 
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
     
  • Open Zemana AntiMalware again.
  • Click on user posted image icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • Attach saved report in your next message.

Let me see those logs in your reply, also let me know if there are any remaining issues or concerns...

Thanks,

Kevin..

 

fixlist.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for the logs and update patrickpan, if no remaining issues or concerns we can clean up:

Uninstall the following program:

Zemana

http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Next,

Right click on FRST here: C:\Users\18387\Desktop\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept