Jump to content

Persistent Virus how do I remove them Trojan:Win32/Tiggre!rfn


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hello @Pedro26 and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted.

Thank you.

Link to post
Share on other sites

Hi,

Thank you, but I think I'll have to re-post here, when I'm in a position to follow the advice given. In the next few days this will not be possible, so I don't want to waste the expert's time, unless they have advice I'll be able to follow later, that means they will not be waiting for more log files, as I will not be able to respond in good time.

 

I also ran Microsoft security scanner, but it seemed to just keep looping.

Link to post
Share on other sites

Hello @Pedro26 Hope you are doing well. We've not heard from you in several days. I suggest this next special scan to check for viruses, trojans, other malware.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted items from a system. This tool does not install. It is run on-demand.

This link is for the 64-bit version of MSERT.exe . Be sure you save the file first
https://definitionupdates.microsoft.com/download/DefinitionUpdates/safetyscanner/amd64/MSERT.exe

Upon completion of the save, Please make sure you Exit out of any other program you might have open so that the sole task is to run the following scan.
That goes especially for web browsers, make sure all are fully exited out of and messenger programs are exited and closed as well

Launch MSERT.exe
Accept the agreement terms of Microsoft
Select CUSTOM scan
Look on Scan Options & select CUSTOM scan & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.

Once you see it has started, take a long long break; walk away. Do not pay credence if you see some intermediate early flash messages on screen display. The only things that count are the End result at the end of the run.
Again, any on-screen display about repeat 'infection' is not to be relied on. Ignore those.
We only rely on the end result that is on the log-report-file.


This is likely to run for many hours ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log

the log will be at

Windows\debug\msert.log
Please attach that log with your reply

It is normal for the Microsoft Safety Scanner to show 'detections' during the scan process on the screen itself.

It is scanning for basically all bread crumbs or traces of files and registry entries that "might" be or have been part of some infection or previous infection.

That DOES NOT mean the computer is infected. Once the scan has been completed it uploads the log to their Cloud service which then uses Artificial Intelligence to determine if in fact any of the traces are an infection or not.

Link to post
Share on other sites

  • 3 weeks later...

Alright. Just stick around. I need you to run 2 new reports.

I also would appreciate this report:

Download   Farbar's Service Scanner utility

and Save to your Desktop.

Right-Click on fss.exe and select Run As Administrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are check-marked:

  • Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.   Please attach that file.  

( 2 )

Temporarily disable Microsoft SmartScreen to download the next software below 

I would recommend getting a readout report as to update status of some key apps.
Download SecurityCheck by glax24 from here

and save the tool on the desktop.

                   If Windows's  SmartScreen block that with a message-window, then
                         Click on the MORE INFO spot and over-ride that and allow it to proceed.

                             This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

When all done, you may go back to turn ON the EDGE Smartscreen protection.

Link to post
Share on other sites

I have got the FSS report. It has no personal or identifiable info of any sort. None of the reports we ask you to run have personal info. This FSS report does show that there is more fixing to do. Will be providing you a new task to do. Stick with me on this forum.

Link to post
Share on other sites

Please run the following custom script. Read all of this before you start. Please make sure you temporarily disable any real-time antivirus ( live AVIRA )  before running this script. Once completed, make sure you re-enable it.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.  One main goal here is to insure to Enable Windows Update service. Depending on the speed of your computer this fix may take 50 minutes or more.

Please Close all open work.

Farbar  FRST64 program location:   Downloads folder

Please download the attached fixlist.txt file and save it to Downloads

Fixlist.txt <- < - - - -

 

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run  FRST64 and press the Fix button just once and wait.

You will see a green-color scroll display while FRST is running.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with net reply.

Link to post
Share on other sites

The custom-run is good. The Windows System File Checker has made some corrections.

Windows Resource Protection found corrupt files and successfully repaired them.


This last run has completed what was originally intended. 

I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative updates on Windows. select the Windows Start  button, and then go to Settings  > Update & Security  > Windows Update . and click Check for Updates.
Have much patience.

Link to post
Share on other sites

Thank you I'll do that.

 

NB A full scan with Avira finds nothing, but a full scan with Microsoft Defender, (takes all day), still keeps finding a low risk threat, PUABundler:Win32/CandyOpen, I let it 'deal' with it, but it is still there on the next scan with Microsoft Defender.

I also did a temporary download of AVAST One Essential and ran it, that found nothing. I uninstalled it, immediately afterwards, as I like Avira.

Link to post
Share on other sites

You ought to have checked with me first before installing Avast One !  swithcing out from 1 brand ( non-Microsoft) to another brand can lead to potential leftover traces. Plus, by installing any name-brand other than Microsoft does diminish the capability of MS Defender. And most of the time, that other 3rd-party non-Micropsoft antivirus will disable MS Defender.

That said, do this for now. 

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it
guide & download link

Then be sure to close all web browsers after the download & before launching the tool.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

Guide article

Attach the clean log from Adwcleaner when all completed.

Link to post
Share on other sites

Hi Maurice,

 

I had/have Avira set as my my main antivirus program, with Microsoft Defender enabled to do occasional scans. I just thought I'd try Avast one essentials because it won the latest antivirus ranking by PC magazine's poll of the 4 main independent test labs rating of commercial productsAdwCleaner[S01].txt.

 

Please find attached the adaware cleaner log file, as requested.

Link to post
Share on other sites

The HP preinstalled applets you may keep. But my goal here was to insure that Preinstalled.WildTangentGamesBundle is removed.

Did you indeed press the Clean option ?  I am looking for a C001 report from Adwcleaner.  Again, we want / need to see WildTanget removed.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.