Jump to content

Please help need to Remove VIRUS EPIC IT keeps coming back, ???


Recommended Posts

Hello

 

My registered version of maleware bytes keep finding virus's on my windows 10 PC, the machine is running slow and sluggish and I know it is infected with something deep

The main reported virus was EPIC ????

after reading this post, this is exactly what I have done on several of my PC's.... foolishly installed SMADAV, thinking it was good ??

Did you installed this security Program.
SMADAV version 

YES !!

PLEASE PLEASE can some one help me remove this from the several PC's I have installed this SMADAV program

 

Thank you in advance for any help

 

Kind Regards

 

John

 

 

 

 

 

 

 

 

 

 

Link to post
Share on other sites
  • Replies 81
  • Created
  • Last Reply

Top Posters In This Topic

Hello @Johnnyh and :welcome:

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

OK

 

thank you very much for your help, it is very much appreciated

I have done what you have said, but I know I have installed this SMADAV on several more PC's and VMware Virtual images

So I have a lot of cleaning up to do !

 

But let's START first with the windows 10 pc that I raised the this post, you have asked me to SCAN using Malware Bytes, ADWCleaner and FRST

Please note I have done these Scans in windows SAFE MODE as was already trying to fix and repair this virus

I have done all three scans and attached the report files

Thank you for your help, I am now doing the same for all the other computers !

 

 

Addition.txt AdwCleaner[S04].txt FRST.txt malwarebytes report.txt

Link to post
Share on other sites

Please do not run these scans from Safe Mode. They really need to be ran from Normal Mode in order to validate, locate, and remove all types of threats.

Please log into Normal Mode and run all scans again and post back new logs please.

Thank you

 

Link to post
Share on other sites

Ok thank you for the info on safe vs normal mode

 

just going round all the pc's do A RE SCAN

 

ok the first PC windows 10 that is running slow and clunky and horrible, did not find anything in normal mode but here are the files

 

going to do the same scan on all 3 programs on all other pc's too

 

but lets see if we can get rid of the horrible EPIC / SMADAV rubbish

 

Thank you in advance

 

 

Addition.txt AdwCleaner[S05].txt FRST.txt malware bytes.txt

Link to post
Share on other sites

Do you know what this is?

C:\st\stm32cubeide_1.3.0

It has a rule in your firewall and a search on Google does not show much

FirewallRules: [TCP Query User{ACC96D40-91AD-4C97-BBAB-4C96687D53B0}C:\st\stm32cubeide_1.3.0\stm32cubeide\stm32cubeide.exe] => (Allow) C:\st\stm32cubeide_1.3.0\stm32cubeide\stm32cubeide.exe (Eclipse.org Foundation, Inc. -> ) [File not signed]
FirewallRules: [UDP Query User{FAD821EC-CB39-4F4E-9311-5042D00735CB}C:\st\stm32cubeide_1.3.0\stm32cubeide\stm32cubeide.exe] => (Allow) C:\st\stm32cubeide_1.3.0\stm32cubeide\stm32cubeide.exe (Eclipse.org Foundation, Inc. -> ) [File not signed]

Is this a Physical computer or a VMware hosted client?

You have a service for HitmanPro setup but most of the other information for HitmanPro doesn't appear to be there. Did you want me to script a removal of that?

You have Glary Utilities installed, which is okay, but many of those features should not be used as they could potentially create more issues for the computer than fix.

But if you look at the logs vs. even the other one you linked to none of those entries are found or loaded on this system. Though there are a couple of questionable issues they are not an infection.

We can do some general clean up but let me know if this is a virtual desktop or physical desktop please.

 

Link to post
Share on other sites

Thank you so much for you reply

 

Yes this is a physical PC that suffered with EPIC virus and that I installed SMADAV on, I did use malware bytes to clean and have run many other cleaner too along with malware bytes
hitman, rogue scanner, etc.

 

Anything STM should be safe as I design electronics and it has come from STM Micro's development software, but that SMAD AV did find something from STM and say it was a virus ?? I though strange at the time so possible SMADAV changed those firewall rules ???

 

I normally use glary utils on all PCs just to try and keep the pc running in tip top condition but take on board what you say

 

I am currently doing scan on every other PC to follow your clean up guide

 

YES PLEASE if you could script something to get this all clean again and snappy to use it would be very much appreciated

Anything cruddy and left over and possibly causing issues please remove 

 

This PC also runs WMWARE with virtual images

 

Thank you very much

 

Regards

 

 

 

 

 

 

Link to post
Share on other sites

Okay, I'll write a small script. It looks like Malwarebytes itself has crashed and may not be in the best state so it could potentially be causing a slow issue for you as well.

Back in a few

 

Link to post
Share on other sites

thank you

 

I know something is not good with this PC ?? so would make sense if it is malwarebytes crashing ? possible one of the viruses has damaged it ?

 

would you like me to deactivate my licence and registration of malware bytes, if I need to unistall maleware bytes

 

Regards

 

 

 

 

 

 

Link to post
Share on other sites

What about these entries? Good utilities at one time but ancient on a computer today

S4 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft Inc. -> SlySoft, Inc.)

Is this part of your SMAD AV?
C:\[Smad-Cage]

This does not appear to be a valid folder created by Windows
C:\Windows\SysWOW64\%TMP%

Generally speaking no executable files should ever be stored in the root of the drive or at the top level of most Parent folders. That is often a sign of an infected drop file. In this case it looks to probably be a valid file but it's saved location is not the best choice.
C:\mb_driver_606_asetup_19.10.16_whql.exe

 

 

Link to post
Share on other sites

This will run SFC and DISM to verify operating system files. It will also clean up temp files, remove some unwanted items as well as run a disk check on reboot. Depending on the speed of the computer it may take 30 minutes to an hour to complete, just let it run on its own.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

Link to post
Share on other sites

Thank you so much for your time and effort

Once every PC is clean good

I will image each pc using my acronis and make a good image backup

 

Will run your script right now

 

Regards

Link to post
Share on other sites

Hello and thank you

 

I have run the script and yes i would say the PC has improved, there is still a little lag when clicking around and I'm sure the pc has felt faster in the past but it may be that i'm running malware bytes, it does and will hinder the performance

I have done the same scan on various hardware computers and collating the scan info files together

 

but the I have two virtual VMWARE windows 7 images that at the moment are also suspect with this SMAD AV ?? etc.

I have run the same SCAN and adwcleaner found a nasty

would you please cast you eyes over these files, but these are for the VIRTUAL PC not physical

 

OK one quick question please

is there anyway running the infected Virtual PC that I have just scanned... that it could reinfect the window 10 pc we have just cleaned with the script ??

I may be paranoid, but the windows 10 we have just clean still feels sluggish, but it may be configuration, it so hard to tell the difference between infected and bad config slowing down a pc

 

anyway thank you

 

these files below are from VIRTUAL PC1 that have an infection     rs????

 

 

 

vm Addition.txt vm AdwCleaner[S01].txt vm FRST.txt vm Malwarebytes Virtual PC.txt

Link to post
Share on other sites

There is malware that can potentially escape the virtual system out there but in the years I've been doing scans, repairs, etc. I've never personally helped anyone with said malware and as you can see I have more posts than most helpers out on the Internet.

Can you please post back the fixlog for the physical computer you just ran as well as a new set of FRST logs for it too.

I will take a look at your virtual logs here momentarily as well.

 

Link to post
Share on other sites

For the virtual systems you can also open the hardware Virtual Machine Settings and Compact the drive, then Defrag the drive and that will normally improve performance quite a bit if you've never done it before.

image.png

Link to post
Share on other sites

For the Virtual machine with Windows 7

ATTENTION: System Restore is disabled (Total:59.9 GB) (Free:31.69 GB) (53%)

Even though you should be using Snapshots I would still recommend using the Microsoft System Restore unless you're very diligent with managing the snapshots from VMware as it will certainly get you out of a jam at times.

You appear to possibly be using another Virtual computer or Physical computer on the same network group and or router with the same name. Please ensure that ALL computer devices both Physical and Virtual have their own unique Windows name.

On all computers, for now, please temporarily uninstall Malwarebytes.

 

 

Please run the following fix on the Virtual System.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

I'll check back in a little while.

 

Link to post
Share on other sites

Thank you so much

 

Ok here are new log for the physical computer after clean, there is a definite lag still, nothing when clicking is responsive, it's like something or some setting is holding it back

just not click click as it should be

 

Thank you, will also proceed through the other post you have kindly displayed

 

here are the new win 10 log files

Addition.txt AdwCleaner[S06].txt FRST.txt windwow10 malware bytes.txt

Link to post
Share on other sites

Thank you so much 

 

appreciate the knowledge with snapshot and defrag

I have renamed the computer  

after running you clean up script the VM ware windows seem much better

I have also uninstalled malware bytes  which has given more responsiveness to every click and the overall feel,

still not 100% sure on the window 10 real machine but its much much better

a massive thank you , Will be ACRONIS imaging this machine very soon.

 

OK i uninstalled malware bytes on the virtual vmware machine and did an SFC /scannow just to check

but it says it corrupted and can not repair

 

 

that does not sound right ??? I have attached the log files

 

 

Thank you 

 

Regards

 

 

 

 

 

 

2020-04-29_04-59-47.jpg

CBS.log

Link to post
Share on other sites

Please try restarting the Virtual system again. Please don't be using Revo to uninstall anything at this time. Just reboot.

After the reboot please run FRST again and get both new logs for me to review.

See if you can get Windows Defender to run and check for updates and do a Quick Scan on the virtual Windows 7 box

 

Link to post
Share on other sites

Please uninstall Malwarebytes on the Physical computer (I think you said you did but logs are now old) Restart the physical computer 2 times with few minutes between reboots.

Then run FRST again and get both new logs to post please.

 

Link to post
Share on other sites

hello again and thank you

 

ok virtual machine has gone slow and clunky since turning on defender

 

Defender won't update fully gets to the end and complains about untrusted certificate 

 

here are the VIRTUAL logs

 

Thank you regards

2020-04-29_06-00-45.jpg

Addition.txt FRST.txt

Link to post
Share on other sites

Please uninstall the following from Virtual

Wise Care 365

Please verify the DATE and TIME are valid and correct.

Please change the DNS server to Google Public DNS for now

8.8.8.8 and 8.8.4.4

SYSTEM RESTORE still shows as disabled.

ATTENTION: System Restore is disabled (Total:59.9 GB) (Free:31.92 GB) (53%)

Please follow the directions from the following article to fix the Certificate issue

https://support.microsoft.com/en-us/help/2328240/event-id-4107-or-event-id-11-is-logged-in-the-application-log-in-windo

Once that has been corrected you should be able to update Windows Defender

Let me know how it goes.

 

Link to post
Share on other sites

Once the above has been completed for the Virtual system please run this fix.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

It's getting late for me (and I suppose you've probably been up all night maybe) I'll check back on you again though sometime in the morning

 

Link to post
Share on other sites

Thank you 

 

still having problems updating defender ?? have followed the link you sent and run command and delete cache, still will not up date ?? same error

 

do i need a reboot

 

regards

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.