Jump to content

Win32/Pitou.j Trojan, how can I delete him?

Recommended Posts

Hello guys, 2 days ago, I guess, i downloaded something what I didn't want to. The downloaded file brings to my notebook an Trojan Virus

Im from Czech republic so I have to translate this. ESET always when I turn on ntb send me notifications, that in my notebook I have trojan Virus in sector 0 on physical disc. (They says me, it can't be cover, so I have to do manually)

After that, I instaled malwarebytes. Mbam brings these file to quarantine, but they're still in my pc and take performance of ntb.

I really need help please.


Link to post
Share on other sites

Hello , David4974789...and :welcome:


Please, let me see the Malwarebytes report:

  • Open Malwarebytes, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.


Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.




In your next reply, please post:

  • The Malwarebytes report
  • FRST.txt
  • Addition.txt
Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites


-Podrobnosti logovacího souboru-
Datum skenování: 22.05.21
Čas skenování: 17:45
Logovací soubor: b1a2e16c-bb14-11eb-a3d0-00d86187e487.json

-Informace o softwaru-
Verze komponentů: 1.0.1292
Aktualizovat verzi balíku komponent: 1.0.40776
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 19042.985)
CPU: x64
Systém souborů: NTFS
Uživatel: MSI\david

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 300594
Zjištěné hrozby: 3
Hrozby umístěné do karantény: 3
Uplynulý čas: 1 min, 57 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 3
Malware.AI.182072971, C:\WINDOWS\SYSTEM32\DRIVERS\47JYYTSVMT.SYS, V karanténě, 1000000, 0, 1.0.40776, 0B75E35839983C0A0ADA368B, dds, 01256544, 9B77716F5F622C0D3101F6B19C149F55, D570C29522BCB03A1BE42C84113B68EBDDC0EBCA77A88D6612D3F1DA478DE663
RiskWare.ChromeCookiesView, C:\USERS\DAVID\APPDATA\LOCAL\TEMP\JFIAG3G_GG.EXE, V karanténě, 15316, 875351, 1.0.40776, 4DCA52A6AC0CEB4F22E5DF83, dds, 01256544, 7FEE8223D6E4F82D6CD115A28F0B6D58, A45317C374D54E322153AFD73F0E90F1486638D77B7FD85746D091071BBECD59
Malware.AI.1269300511, C:\USERS\DAVID\APPDATA\LOCAL\TEMP\7ZS4A47F80F\SETUP_INSTALL.EXE, V karanténě, 1000000, 0, 1.0.40776, 9F6D83E3AD980ABE4BA7FD1F, dds, 01256544, 33FC33C4DE440982A2EECEFEB6D4559A, DCDD22CA17D4A0D9CE1655C483ADA8F993E2C4A1A556E411EFA87303964033A2

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


Link to post
Share on other sites

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.




Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

Okey so, I run FRST64.exe in the folder with fixlist.txt. My computer has restarted after taht FRST64.exe said something. FRST64.exe created to my desktop folder "FRSR older version" and update the fixlist what do you send me.Fixlog.txt

My ntb has restarted and now, I have the Pitou.j still in my pc. (Idk if it has to be deleted after this fix)

Link to post
Share on other sites


8 minutes ago, David4974789 said:

My ntb has restarted and now, I have the Pitou.j still in my pc


Thanks to our notification, we will still work on your problems ..!

We continue like this:
  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.


Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.
Link to post
Share on other sites

3 minutes ago, David4974789 said:

On the adwcleaner I have 3 detections, so I moved them do quarantine, but I didn't get any log file

  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.
Link to post
Share on other sites

This one is [S00]

# -------------------------------
# Malwarebytes AdwCleaner
# -------------------------------
# Build:    03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-23-2021
# Duration: 00:00:07
# OS:       Windows 10 Home
# Scanned:  31983
# Detected: 3

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy             HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main|ImageStoreRandomFolder
PUP.Optional.Legacy             HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main|ImageStoreRandomFolder
PUP.Optional.PowerHandler       HKCU\Software\Microsoft\Etsy

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Link to post
Share on other sites

Why not do a full scan of your system with updated definitions and see what the result is or:


Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time, perhaps a couple of hours or more, so you can have your coffee or do something else in the mean time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.


Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.



Link to post
Share on other sites


TDSS Killer -- 1st Scan Options

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!



  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    • Vista - W7 users: Right-click and select "Run As Administrator".
    • If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.



Eset scans for MBR malware at boot time via it's startup scan. I would boot into Win Safe mode and run an Eset on-demand scan from there. Hopefully, Eset can clean it from Safe mode.

10 hours ago, David4974789 said:

Ane here is the FRST scan



These two diaries are not complete..! 

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.