Jump to content

May be infected, please help


Recommended Posts

Hello @FMacN and:welcome:

 

My name is MKDB and I will assist you.

 

  • Please follow the steps in the given order and post back the logs as an attachment when ready. Thank you very much for your cooperation.
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
  • As English is not my native language, please do not use slang or idoms. It may be hard for me to understand

 

Please note:

We will not support customers trying to steal software. We will help you remove the software and possibly other infections it may have downloaded on its own.

Playing with cracked software is a lot more dangerous than it used to be. There are many people that have lost all their data due to an encryption attack on all their data.

 

 

Step 1

Did you knowingly/intentionally install the program "Web Companion"? Please let me know.

During the cleaning progress, I would like you to uninstall this program via Start > Settings > Apps.

After that, let the system reboot.

 

 

 

Step 2

Please download AdwCleaner and save it to your desktop.

  • Double-click to run it.
  • Accept the End User License Agreement.
  • Click Scan Now.
  • When finished, if items are found please click Next / Quarantine.
  • Maybe your PC will be rebooted, AdwCleaner will be opened automatically.
  • Click View Log File.
  • AdwCleaner will open one log (AdwCleaner[Cxx].txt).
  • Please attach the log to your next reply.

 

Link to post
Share on other sites

17 hours ago, MKDB said:

Hello @FMacN and:welcome:

 

My name is MKDB and I will assist you.

 

  • Please follow the steps in the given order and post back the logs as an attachment when ready. Thank you very much for your cooperation.
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
  • As English is not my native language, please do not use slang or idoms. It may be hard for me to understand

 

Please note:

We will not support customers trying to steal software. We will help you remove the software and possibly other infections it may have downloaded on its own.

Playing with cracked software is a lot more dangerous than it used to be. There are many people that have lost all their data due to an encryption attack on all their data.

 

 

Step 1

Did you knowingly/intentionally install the program "Web Companion"? Please let me know.

During the cleaning progress, I would like you to uninstall this program via Start > Settings > Apps.

After that, let the system reboot.

 

 

 

Step 2

Please download AdwCleaner and save it to your desktop.

  • Double-click to run it.
  • Accept the End User License Agreement.
  • Click Scan Now.
  • When finished, if items are found please click Next / Quarantine.
  • Maybe your PC will be rebooted, AdwCleaner will be opened automatically.
  • Click View Log File.
  • AdwCleaner will open one log (AdwCleaner[Cxx].txt).
  • Please attach the log to your next reply.

I did not download Web Companion and it's now deleted.

Here are my logs and thanks for the help!

AdwCleaner[C00].txt AdwCleaner[S00].txt AdwCleaner[C00].txt AdwCleaner[S00].txt

Link to post
Share on other sites

Thank you @FMacN for those logfiles.

 

Lets do another check with MSS (Step 1) and FRST (Step 2) on how your system is looking now.

Thank you!

 

 

Step 1

The Microsoft Safety Scanner (MSS) is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

  • The download links & the how-to-run-the tool are at this link at Microsoft.
  • Please let me know the results of this scan.
  • Run a Quick Scan.
  • The log is named MSERT.log.
  • The log will be at%SYSTEMROOT%\debug\msert.log which in most cases is

C:\Windows\debug\msert.log

  • Please attach that log with your next reply.

 

 

 

Step 2

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

 

Link to post
Share on other sites

On 3/21/2022 at 9:29 AM, MKDB said:

Thank you @FMacN for those logfiles.

 

Lets do another check with MSS (Step 1) and FRST (Step 2) on how your system is looking now.

Thank you!

 

 

Step 1

The Microsoft Safety Scanner (MSS) is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system.

  • The download links & the how-to-run-the tool are at this link at Microsoft.
  • Please let me know the results of this scan.
  • Run a Quick Scan.
  • The log is named MSERT.log.
  • The log will be at%SYSTEMROOT%\debug\msert.log which in most cases is

C:\Windows\debug\msert.log

  • Please attach that log with your next reply.

 

 

 

Step 2

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

 

Ok @MKDB! It seems I can get around the system wanting to constantly flag me for spam by quoting you reply. Not sure if this common on these forums but has been an issue for me.

That being said, I wanted to say thank you again first and foremost for your continued help, and let you know that the day after I posted the last reply my Malwarebytes Premium found 2 items to quarantine which I hadn't had any in the last maybe.. 6 months or more. I did accept the quarantine for those items, not sure if that is significant here. (Also I promise you that Premium is a paid version and not cracked! It is associated with my email and name)

I ran MSS and it prompted me that there were items which needed to be actioned, which I again clicked the box and did. Afterwards it asked me to reboot my PC which I also did. The log file is attached.

Once it rebooted, I ran FRST an those 2 log files are also attached here.

Appreciate all you're doing for me!

-Francis

msert.log Addition.txt FRST.txt

Link to post
Share on other sites

I do understand what you said about Surfshark (VPN) and powershell. But so far, the logfiles do not show any "mis-use" of powershell.

 

Did you know that Avast is using VPN as well?

Moreover, Surfshark contains an antivirus service as well like Avast does.

To sum up, you have 2x VPN and 2x AV... That's too much of a good thing. I wouldn't be surprised if problems could arise with this constellation.

1x VPN and 1x AV is enough. My suggestion to you is: Remove the other one.

It seems that MSS has wrongly detected/removed a file from Surfshark, this app seems not work correctly anylonger. So I suggest you do a full un-install and re-install to get this fixed if you still want to use this VPN.

 

 

We are going to remove some leftovers of PUP (Potentially Unwanted Program) and check windows system files. Maybe we can fix your powershell problem this way. This (Step1) will probably take some time (>15 min), so please be patient.

After that, let's do another check up with FRST (Step 2). We can have another look on the powershell app later as well if needed.

Thank you!

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to the location where you ran FRST from ( C:\Users\franc\Downloads\ ).

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

 

Step 2

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

 

 

 

 

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback, I do not follow this topic any longer.

 

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection.

Thank you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.