Jump to content

Cloudnet virus keeps on returning


Recommended Posts

Hello,

I used Malwarebytes to scan my laptop and found 8 malware files called Cloudnet. I put it into quarantine but when I scanned again it appeared again so I figured out that I should delete it after putting it into quarantine but still it appeared. It seems whenever I restart my laptop it returns back. From what I saw on other forums is that I should run FRST and scan but I don't know how to make a fixlist.txt and I am worried that I might do it wrong. I already scanned using FRST and attached it to this post, please help me in removing this trojan, thank you.

 

FRST.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open the Control Panel > Programs > Programs and Features.
If Cloudnet is installed delete it.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Edge Syncing.
If the problem persists  and you are Syncing Edge with other devices reset it.

https://www.tenforums.com/tutorials/36286-turn-off-sync-favorites-reading-list-microsoft-edge.html
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

Hi,

You may not have to do them all.
Check after each attempt.

Chrome.

If the problem persists and Chrome is Synced with other Devices reset it.

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

https://support.google.com/chrome/answer/185277

Execute the suggested fix.

Restart the computer normally.
===========

Firefox.

If the problem persists and you are Syncing Firefox it with other Devices reset it.

Navigate to this page and Remove it as suggested.

https://support.mozilla.org/en-US/kb/remove-synced-device-firefox-accounts

When done restart the computer normally.

If all is well.

Return to your Firefox Account and Click the Connect button.

Reset the sync.

Restart the computer normally.
<<<>>>

Opera

If the problem persists and Opera is synchronized between your devices, I suggest you Sign out.
Refer to this topic
http://help.opera.com/opera/Windows/2393/en/sync.html

Follow the instructions under the Sync Section.

When done restart Opera.

You can Sign in after the test.
====
 

Link to post
Share on other sites

Hi,

Let's make a list of all the files in the folder.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

 

fixlist.txt

Edited by nasdaq
Link to post
Share on other sites

Hi,

Let's see what we can find in the Registry.


Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
CloudNet
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Link to post
Share on other sites

Hi,

I have revisited your Farbar log.

HKLM-x32\...\Run: [SM?RT-Protection] => C:\Program Files (x86)\Smadav\SM?RTP.exe [1920080 2020-04-03] (Smadsoft) [File not signed]

 

This is normally signed by  Zainuddin Nafarin, it may be compromised.

Did you install this program?

Please run the Farbar program again and post the FRST.TXT and Addition.txt logs for my review.

Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
SMADAV version 13.5.0 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 13.5.0 - Smadsoft)

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.