tiki8672 Posted February 4, 2022 ID:1500739 Share Posted February 4, 2022 (edited) There is a file called "Tone" in my file explorer in c/users/tiki8672/appdata/roaming. I know it is a virus because ever since I installed a shady file from a shady website yesterday, a grey heart symbol has appeared in my background apps. A picture of it is here https://gyazo.com/2861f76426020f9a00d75b06e2c96ba0 Another piece of evidence it must be a virus is that I got a windows security alert about it today https://gyazo.com/2861f76426020f9a00d75b06e2c96ba0 And the last piece of evidence, I don't have a screenshot for this, but when I was using malwarebytes, it randomly blocked websites that had "Tone" in their name because it detected a trojan, which likely means that this tone virus was attempting to give me a popup. Yet when I do scans it doesn't detect any viruses, and when I scan the tone file itself, it detects nothing. Windows defender also detected nothing. What should I do to remove this virus? Edited February 4, 2022 by AdvancedSetup Disabled live hyperlink Link to post Share on other sites More sharing options...
Porthos Posted February 4, 2022 ID:1500742 Share Posted February 4, 2022 6 minutes ago, tiki8672 said: There is a file called "Tone" in my file explorer in c/users/tiki8672/appdata/roaming. Could zip and attach that file. Link to post Share on other sites More sharing options...
tiki8672 Posted February 4, 2022 Author ID:1500747 Share Posted February 4, 2022 Here it is, but since the file limit was a bit exceeded by it, one file was skipped. Link to post Share on other sites More sharing options...
tiki8672 Posted February 4, 2022 Author ID:1500749 Share Posted February 4, 2022 It didn't let me attach it for some reason Link to post Share on other sites More sharing options...
tiki8672 Posted February 4, 2022 Author ID:1500752 Share Posted February 4, 2022 (edited) Also, I'm not sure this post should have been moved to false positives. Tone is known by multiple websites such as https://malwaretips.com/blogs/remove-tone-adware/ and https://www.pcrisk.com/removal-guides/22894-tone-adware to be a virus Edited February 4, 2022 by AdvancedSetup Disabled live hyperlink Link to post Share on other sites More sharing options...
Porthos Posted February 4, 2022 ID:1500754 Share Posted February 4, 2022 (edited) 8 minutes ago, tiki8672 said: Also, I'm not sure this post should have been moved to false positives. I moved it temporarily to see if your version of Tone is bad. Trying to ease the work in the malware removal section. Also I wanted it so it can be added to detection's if needed so Malwarebytes could remove it. 15 minutes ago, tiki8672 said: Here it is, but since the file limit was a bit exceeded by it, one file was skipped. All I was looking for is the Tone file you stated was in c/users/tiki8672/appdata/roaming. Not the whole folder. You must zip it to attach here. Edited February 4, 2022 by Porthos Link to post Share on other sites More sharing options...
Porthos Posted February 4, 2022 ID:1500756 Share Posted February 4, 2022 31 minutes ago, tiki8672 said: but when I was using malwarebytes, it randomly blocked websites that had "Tone" in their name because it detected a trojan The log from this would also help. Link to post Share on other sites More sharing options...
David H. Lipman Posted February 4, 2022 ID:1500761 Share Posted February 4, 2022 (edited) @tiki8672 Frankly -- If it is too large to upload, it is NOT a "virus". Computer viruses are malicious that self replicate. That is a computer virus is able to spread autonomously and without assistance. A file infecting virus will prepend, append or cavity inject malicious code into a legitimate file. Once infected, that infected file can further the infection by infecting other legitimate files. Computers worms are a sub-type of virus that uses uses computer constructs or Internet Protocols to spread such as using removable media and email. Please note that you posted in; False Positives ---> File Detections This sub-forum is for situations here Malwarebytes already detects a file that one may think is safe and not malicious or a PUP. Ergo; a False Positive. Additionally, this forum allow one to directly insert graphics so no third party site like gyazo.com is needed. Edited February 4, 2022 by David H. Lipman Edited for content, clarity, spelling and/or grammar Link to post Share on other sites More sharing options...
Porthos Posted February 4, 2022 ID:1500763 Share Posted February 4, 2022 1 minute ago, David H. Lipman said: Please note that you posted in; False Positives ---> File Detections I moved him here for more info. Link to post Share on other sites More sharing options...
David H. Lipman Posted February 4, 2022 ID:1500764 Share Posted February 4, 2022 Gotch'ya @Porthos Xiexie ni Link to post Share on other sites More sharing options...
tiki8672 Posted February 4, 2022 Author ID:1500768 Share Posted February 4, 2022 (edited) @Porthos The tone file in c/users/tiki8672/appdata/roaming is the whole folder and I did zip it but it still was too big to attach. @David H. Lipman I personally think using gyazo is easier for me. Also, tone installed without me knowing and doesn't let me delete it or close it from the background, so regardless of the term you want to use, the file is at least malicious. Edited February 4, 2022 by AdvancedSetup Corrected font issue Link to post Share on other sites More sharing options...
tiki8672 Posted February 4, 2022 Author ID:1500769 Share Posted February 4, 2022 But, here is the exe its folder if you wanted that. Tone.rar Link to post Share on other sites More sharing options...
David H. Lipman Posted February 4, 2022 ID:1500776 Share Posted February 4, 2022 (edited) https://www.virustotal.com/gui/file/2c6f4c75e1731efc61b7418613d866cdcf60f0546f6c9a133ff4bccf8f85f13d/detection Edited February 4, 2022 by David H. Lipman Link to post Share on other sites More sharing options...
tiki8672 Posted February 4, 2022 Author ID:1500777 Share Posted February 4, 2022 (edited) @David H. Lipman https://gyazo.com/be967fbfd5dc5089327188d13b442cfc Edited February 4, 2022 by AdvancedSetup Disabled live hyperlink Link to post Share on other sites More sharing options...
David H. Lipman Posted February 4, 2022 ID:1500778 Share Posted February 4, 2022 Again. please attache here as... Link to post Share on other sites More sharing options...
David H. Lipman Posted February 4, 2022 ID:1500781 Share Posted February 4, 2022 I submitted the file in Newest Malware Threats as; large adware for you. Link to post Share on other sites More sharing options...
tiki8672 Posted February 4, 2022 Author ID:1500783 Share Posted February 4, 2022 @David H. Lipman This is kind of less of a concern than the virus on my computer... I just like gyazo better because it lets me attach files without having to take storage on my drive... Link to post Share on other sites More sharing options...
tiki8672 Posted February 4, 2022 Author ID:1500785 Share Posted February 4, 2022 @David H. LipmanThank you. Link to post Share on other sites More sharing options...
David H. Lipman Posted February 4, 2022 ID:1500786 Share Posted February 4, 2022 I'm sorry, but attaching in the Forum is the best way so forum viewers see the content HERE and inline with the dialogue and do not need to go to a third party site. Link to post Share on other sites More sharing options...
David H. Lipman Posted February 4, 2022 ID:1500787 Share Posted February 4, 2022 Just now, tiki8672 said: @David H. LipmanThank you. Link to post Share on other sites More sharing options...
tiki8672 Posted February 4, 2022 Author ID:1500788 Share Posted February 4, 2022 @David H. Lipman Next image I will attach properly Link to post Share on other sites More sharing options...
David H. Lipman Posted February 4, 2022 ID:1500790 Share Posted February 4, 2022 Domo arigato. Link to post Share on other sites More sharing options...
Porthos Posted February 4, 2022 ID:1500799 Share Posted February 4, 2022 29 minutes ago, tiki8672 said: But, here is the exe its folder if you wanted that. Do you have Tone listed in add remove programs by chance? Link to post Share on other sites More sharing options...
tiki8672 Posted February 4, 2022 Author ID:1500801 Share Posted February 4, 2022 Not sure why I didn't do this before, but the reason it wasn't letting me delete tone was because it was running in the background. So I went into task manager, ended all tasks of tone and managed to delete all of tone manually. Does me manually deleting it mean it's gone for good or could there still be remnants of it on my device? Link to post Share on other sites More sharing options...
Porthos Posted February 4, 2022 ID:1500807 Share Posted February 4, 2022 17 minutes ago, tiki8672 said: Does me manually deleting it mean it's gone for good or could there still be remnants of it on my device? I was hoping it was in programs and features so you would have a chance of uninstalling it instead of deleting it manually. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you After you post the logs I will move the post back to malware removal for an additional check of the machine.🙂 Link to post Share on other sites More sharing options...
Recommended Posts