Jump to content

Help with fixlist.txt for removal of Epicnet Inc/cloudnet.exe


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hi. Can anyone help? Epicnet Inc Folder and cloudnet.exe keeps popping up every time I restart my computer.
I'm following a fix here in the forums but I'm stuck at FRST fixlist.txt. It says that the file is no longer available.
 

Got the same problem with this dude. 
Attaching Malwarebytes Log, Adw, and FRST logs.

Please help.

20210716 0053 Malwarebytes Scan Result.txt 20210716 0103 AdwCleaner[C05].txt Addition.txt FRST.txt

Link to post
Share on other sites

HI.   :welcome:

My name is Maurice.   CAUTION:  Fixlists are customized.  Do not try using anyone else's.   Those are custom scripts & they can have steps that are just not applicable to your particular machine & situation.

This part here is just a first action.      

( sorry.  I see you've already run Adwcleaner.   retracted.).   Hold off.  I will make a follow up reply.

 

 

Edited by Maurice Naggar
amended
  • Thanks 1
Link to post
Share on other sites

This script is only for this machine.

Close any open work files ) if any are now open).  Exit / close other apps with opened windows.

Save this scrpt file named FIXLIST.txt  to  D:\Downloads\Programs

 

 

Start FRST64 .

Click on FIX button.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

 You will see a green progress bar start. 

If you receive a message that a reboot is required, please make sure you allow it to restart normally.

 

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

Edited by Maurice Naggar
  • Thanks 1
Link to post
Share on other sites

Hello.  Please attach the Fixlog after you have completed that run.   I also would urge a couple more scans.

[   1    ]

Do a new Scan with Malwarebytes for Windows.  Be sure to TICK all lines that are flagged & then Quarantine Selected.  Then attach the scan report

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 [    2   [

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select FULL scan.

Then start the scan. Have lots of patience. It may take several hours.

 

Let me know the result of this.    This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.

  • Thanks 1
Link to post
Share on other sites

Hi Maurice

 

Sorry it took a long time. Here are the logs you requested.
BTW, when MS safety scanner was doing the scan, it detected 28 malicious files. After it finished, it said it didnt detect any viruses, spyware, etc. I also checked msert.log. the result summary shows it didnt find any infections. what happened to the 28 detected files?

20210716 1512 Malwarebytes Scan Result.txt msert.log Fixlog.txt

Link to post
Share on other sites

  • Solution

The Safety scanner bottom line end result is that it detected no virus / no infection.   ( some of the intermediate screen displays may be confusing or mis-leading).  Dont attach any unnecessary significance to that.  The Safety Scanner is a very useful scanner.

There is more work here.  It appears that the "Epic " pest is still persistent.  We will do more scans later.  For now, a new custom Fixlist.  This will attempt to do more cleanups and to run the Windows Defender antivirus to scan 2 sub-folders.  It will also do a run with System File Checker.

Fist.   DELETE the old file  you currently have  named FIXLIST.txt  on  D:\Downloads\Programs

.

NEXT

The custom script on this post is ONLY for this machine and NO other.   

Save this scrpt file named FIXLIST.txt  to  D:\Downloads\Programs

Fixlist.txt

 

Using File Explorer, go to   D:\Downloads\Programs

  • RIGHT click on  FRST64.exe   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run the tool. 
  • If the tool warns you the version is outdated, please download and run the updated version.
  • IF Windows prompts you about running this, select YES to allow it to proceed.

 

  • IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

Click on FIX button.

frst-fix.jpg.f6a25291b39a03d418acc9a3b7136900.jpg

 

 You will see a green progress bar start. 

If you receive a message that a reboot is required, please make sure you allow it to restart normally.

 

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity.

There will be more to do after this, so please, stick with me  and as much as possible, stay current with this thread.

I will get back with you as I have the opportunity.  Kindly remember I am a volunteer here.

  • Thanks 1
Link to post
Share on other sites

Thank you.  That run is a good one.    I suggest we do this next scan.   Be aware it could take several hours to complete.  Have lots of patience.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.

You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

  • When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.
  • Click The blue Save scan log to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.

Please make sure you attach the log report.

  • Thanks 1
Link to post
Share on other sites

Thanks for the report & the good news.  I would suggest running these 2 programs.  They will not take a whole lot of time.

[    1    ]

Let's do one scan with Malwarebytes Adwcleaner to check for adwares.   Just before pressing that "scan" button, be sure that both Chrome & Edge are Closed.

First download & save it

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then do a scan with Adwcleaner

 

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.

[     2    ]

I would urge getting a readout report as to update status of some key apps.

Download SecurityCheck by glax24 from here  https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe

 

and save the tool on the desktop.

  • If Windows's  SmartScreen block that with a message-window, then

Click on the MORE INFO spot and over-ride that and allow it to proceed.

This tool is safe.   Smartscreen is overly sensitive.

  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.

You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

  • Thanks 1
Link to post
Share on other sites

Thank you for the reports.  According to SecurityCheck, this pc has a old version of Malwarebytes for Windows.

I would suggest that you insure to have Version 4.4.3  ( or later).

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

Let me know how that goes.   and when all is done, start Malwarebytes for Windows.  Click Settings icon.  Click the "About" tab.

Let me know what it shows for program Version.

.

[   2    ]    Other things highlighted by the SecurityCheck report.

Popcorn Time v.6.2.1.17 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it

 

EverythingToolbar v.0.7.0.0  Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.

 

The following all need updating to the latest updates.

NVIDIA GeForce Experience 3.21.0.36 v.3.21.0.36  Warning!  Download Update https://www.geforce.com/geforce-experience/download

 

WinRAR 5.40 (32-bit) v.5.40.0 Warning!  Download Update   https://www.rarlab.com/download.htm
Zoom v.5.5.2 (12494.0204)  Warning! Download Update  https://zoom.us/client/latest/ZoomInstaller.exe
VLC media player v.2.2.1  Warning! Download Update   https://www.videolan.org/vlc/download-windows.html

 

Edited by Maurice Naggar
  • Thanks 1
Link to post
Share on other sites

Hi Maurice 

 

Good evening. Updated the ff programs to their latest versions:

  • Malwarebytes 4.4.3.125
  • NVIDIA GeForce Experience 3.23.0.74

  • Zoom 5.7.3 (745)

  • VLC media player 3.0.16

 

Removed Popcorn Time via regedit (uninstall.dll missing)

I won't be removing EverythingToolbar coz it searches faster than windows, helps me find my files quicker.

 

Then I did another scan after all of this. No threats detected. Attaching here the scan log.

20210722 0024 Malwarebytes Scan Result.txt

Link to post
Share on other sites

Alright.  The scan with Malwarebytes for Windows is all good.

We can proceed with cleanup of tools we used.

To remove the FRST64 tool & its work files, do this. Go to your D:\Downloads\Programs.     Do a RIGHT-click on FRST64.exe & select RENAME & then change it to

UNINSTALL.exe

.
Then run that ( double click on it) to begin the cleanup process.

Delete MSERT,exe

Delete esetonlinescanner.exe

Any other download file I had you download, you may delete. I wish you all the best. Stay safe.

I am pleased to have worked with you.

Sincerely.

Maurice

  • Thanks 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.