Jump to content

I have a virus and it slows my CPU


Recommended Posts

Hi,  
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible. 
  
Please only just attach   all report files, etc  that I ask for as we go along.

 

The scan report from Malwarebytes for Windows shows a lot of detected items  .....BUT  apparently you did not "tick"  the line items so that they could be Removed.

Your action is needed.

 

I would like you to do a new scan with Malwarebytes for Windows.  One of the major goals here is to have it remove all that it detects.  If it finds anything that is.
Start Malwarebytes from the Windows  Start menu.
Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.
Then click the Security tab.   Look for the section "Automatic Quarantine".   Be sure it is clicked On   ( to the far right side)

Then scroll down to the section Potentially Unwanted items.   We need the next 2 lines   ( for P U P  & for P U  M)  to be set to "Always ( Recommended) ".
You can make the change by clicking on the down-arrow selection list-control.   We want all P U P  &  P U M to be marked for removal.

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.
Next click the blue button marked Scan.
When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).

Then click on Quarantine selected.
Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Link to post
Share on other sites

PS.  It looks like the BitDefender tagged a Malwarebytes   ..... that is a false positive by BitDefender.

You may & should.....  temporarily ...turn off Bitdefender until after Malwarebytes had done its scan & cleanup run.

Link to post
Share on other sites

Please re-read all of my last reply.   There is a way to make all detected line items TICKED  ( selected for removal)   when you do a Review

""You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).""

That works in free mode / trial mode / Premium.

You must Review the screen when it shows you the list of items   >>   get all lines ticked for removal

Please use my last write-up reply

Link to post
Share on other sites

Please get, save, then run the Malwarebytes Support tool.   Then it is simply a case of going to Advanced >>then Gather logs.

When all done, attach the ZIP file with your next reply.

https://support.malwarebytes.com/hc/en-us/articles/360039023453-Upload-Malwarebytes-Support-Tool-logs-offline

Link to post
Share on other sites

Thanks for the report.   There are a large number of items waiting a RESTART so that they are finalized by Windows.  That includes a large number of Bitdefender files.

Please use the Windows menu to do a RESTART.

Be sure that is done  & after the Windows is settled back in, let me know that  so that we can plan the next things to do.

Link to post
Share on other sites

Ok.   Thanks.

Run a scan with Malwarebytes.
Start Malwarebytes from the Windows  Start menu.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the SECURITY  tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON  if it does not show a blue-color

Now click the small X  to get back to the main menu window.


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed.   Let it remove what it has detected    ( if anything was flagged)

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4
.

 

Link to post
Share on other sites

Thank you for the ZIP file.    I was actually only  for just the last Scan log-run report.

I am unsure if all of the 13 tagged items were removed.

I would urge you to do a new scan, just like what follows here.

 

One of the major goals here is to have it remove all that it detects.  If it finds anything that is.

Start Malwarebytes from the Windows  Start menu.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

 

Then scroll down to the section Potentially Unwanted items.   We need the next 2 lines   ( for P U P  & for P U  M)  to be set to "Always ( Recommended) ".

You can make the change by clicking on the down-arrow selection list-control.   We want all P U P  &  P U M to be marked for removal.

 

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.

Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).

 

MB4_scan_tick_ALL.jpg.a688aa84578b8b185743f20edd864382.jpg

 

Look & double-check that each line that was tagged has its check-box on the far left Ticked   ( selected with a check-mark )

Then click on Quarantine selected.

 

MB4_scan_all_Quarantine.jpg.5e37cb47391cff0e2b0acb1e2cb09c51.jpg

 

When the quarantine is completed,

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

I just need the run report for this last Scan.

and

Tell me, How is the System overall, at that point/

Link to post
Share on other sites

Hello.   Thank you for the mbst-grab-results zip file.   I just only needed the Scan run log for the July 1 scan run.

 

Let's do a scan with a different tool.   Just be sure that the Chrome browser is Closed   at the momemnt that you actually start the next scan.   I mean,  before you press the 'scan' button.

 

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

Also, let me know How things are.   Be aware we will do more later.

 

Link to post
Share on other sites

Thank you for the ESET scan run log.  ESET found and removed 4 potentially dangerous items + 1  P U P

Are you currently seeing any suspect malware ?   I mean if reported by security application.

 

Please do a new Scan on this machine, using Malwarebytes for Windows.

To run a Threat Scan, open Malwarebytes for Windows and click the blue Scan button.

Have patience during the run.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

Link to post
Share on other sites

Thanks for the ZIP file.  But I only needed the 1 Scan report from the last Scan.

That one tends to show there are still some P U P  items.  Like DriverToolkit.

 

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

Link to post
Share on other sites

# -------------------------------
# Malwarebytes AdwCleaner 8.0.6.0
# -------------------------------
# Build:    06-24-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-11-2020
# Duration: 00:00:09
# OS:       Windows 10 Pro
# Cleaned:  26
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\SecuritySuite
Deleted       C:\ProgramData\TotalAV
Deleted       C:\Users\User\AppData\Local\DriverToolkit
Deleted       C:\Users\User\Favorites\Spigot

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\spigotmc.org
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.spigotmc.org
Deleted       HKCU\Software\SSProtect
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant

***** [ Chromium (and derivatives) ] *****

Deleted       Touch VPN - Secure and unlimited VPN proxy - bihmplhobchoageeokmgbdihknkjbknd

***** [ Chromium URLs ] *****

Deleted       MyStart Search
Deleted       MyStart Search
Deleted       SweetIM Search
Deleted       SweetIM Search
Deleted       http://www.mystartsearch.com/?type=hp&ts=1416498854&from=smt&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3AKFC2AKFC2
Deleted       http://www.mystartsearch.com/?type=hp&ts=1416498854&from=smt&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3AKFC2AKFC2
Deleted       http://www.mystartsearch.com/?type=hp&ts=1416498854&from=smt&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3AKFC2AKFC2
Deleted       http://www.mystartsearch.com/?type=hp&ts=1416498854&from=smt&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3AKFC2AKFC2
Deleted       mystartsearch
Deleted       mystartsearch
Deleted       mystartsearch
Deleted       mystartsearch
Deleted       mystartsearch
Deleted       mystartsearch
Deleted       mystartsearch
Deleted       mystartsearch

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3273 octets] - [11/07/2020 01:43:43]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Link to post
Share on other sites

Thanks for the Adwcleaner report.  A very worthwhile cleanup.  It cleaned several adwares, plus a Chrome search hijacker.

 

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

Go to the saved file, and double click it to get it started.

 

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.

There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.