IHATERED Posted November 6, 2023 ID:1598532 Share Posted November 6, 2023 (edited) i dont know how i got this but its killing my pc pls help here are some farbar things i got from a scan FRST.txtAddition.txt Edited November 6, 2023 by AdvancedSetup Corrected font issue 1 Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 6, 2023 ID:1598542 Share Posted November 6, 2023 Hello My name is Maurice. I will guide you from here, forward. Please allow me a few minutes to review your report files. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 6, 2023 ID:1598552 Share Posted November 6, 2023 (edited) Thank you for your patience. Do these 2 steps so that ALL folders & Files are set to SHOW, plus also, Turn OFF Windows Fast start. 1. Show-Hidden-Folders-Files-Extensions https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/ 2. Disable-Fast-Startup https://forums.malwarebytes.com/topic/299350-disable-fast-startup/ Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine. NOTE-1: This custom fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will target the removal of the pest atruic and its related parts. It will attempt to run a Quick scan with Microsoft Defender antivirus. It will attempt to clear temporary file areas. It rebuilds the Winsock. Depending on the speed of your computer this fix may take 50-55 minutes or more. Please Close all open work before you actually do begin this run. FRST64 program location: Downloads folder. The tool is already on system. That is what we will use. Please download the attached fixlist.txt file and save it to Downloads Fixlist.txt<- < - - - - NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work. Right-click with your mouse on FRST64 and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important. next, press the Fix button just once and wait. You will see a green-color scroll display while FRST is running. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. Plus also, attach the file Klearemlog.txt on your Desktop folder. A request please I would like to get a copy of what we placed in Quarantine, from the runs I had you do. Please. Using Windows File Explorer, Navigate to C:\FRST folder on your system. Expand the folder so you see all contents. Right click on Quarantine > Send to > Compressed (zipped) folder Upload the archive in your next reply If archive is too big you can upload here > https://wetransfer.com/ Also, I would like to get a collected ZIP file named pest.zip from the Desktop folder. It is likely to be huge. So see about sending up to Wetransfer. and be sure to post the Link where it is on the Wetransfer service cloud. After you upload pest.zip, then please go ahead and delete the pest.zip file. NOTICE: For potential outside readers, This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm. Edited November 6, 2023 by Maurice Naggar amended Link to post Share on other sites More sharing options...
IHATERED Posted November 7, 2023 Author ID:1598669 Share Posted November 7, 2023 Fixlog.txt i tink it removed the virus and i didnt get any pest.zip file on my desktop nor in my files i did make sure to seach for it in the bar and the quarantine folder i couldnt zip because it had no ``read permision`` and it didnt work for WeTransfer either Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 7, 2023 ID:1598673 Share Posted November 7, 2023 Hello. 😎 Thanks for the Fixlog. Please stick with me. Your machine has the FRST64 report tool on the Downloads folder. We will use that. Go to Downloads folder. RIGHT-click on FRST64 and select Run as Administrator and tap ENTER. And reply YES to allow to proceed. When the tool opens click Yes to the disclaimer. And be very sure to TICK the box for Addition.txt Press the Scan button. It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run Have patience since the run may take something like 10 or so minutes (less depending on your hardware speed) Close Notepad IF those show up on Notepad. Just please Attach the 2 files FRST.txt +Addition.txt with your next reply. You may if you wish, put the 2 files in a ZIP archive, and just attach the ZIP file. Link to post Share on other sites More sharing options...
IHATERED Posted November 9, 2023 Author ID:1598957 Share Posted November 9, 2023 ok here are the files FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Solution Maurice Naggar Posted November 9, 2023 Solution ID:1598972 Share Posted November 9, 2023 There are just a few inert ( inactive) traces of the "ATUCT -ATUCTSOFT" on the registry. This will be a real quick cleanup run. Please run the following custom script. Read all of this before you start. The meaning of the "Fix button" operation here is just to run a custom script just for this particular machine. Please Close all open work before you actually do begin this run. FRST64 program location: Downloads folder. The tool is already on system. That is what we will use. Please download the attached fixlist.txt file and save it to Downloads Fixlist.txt<- < - - - - NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work. Right-click with your mouse on FRST64 and select "Run as Administrator" and reply Yes and allow it to proceed when prompted. That is important. next, press the Fix button just once and wait. You will see a green-color scroll display while FRST is running. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. The system will be rebooted after the fix has run. Attach FIXLOG.txt with next reply. Plus also, attach the file Klearemlog.txt on your Desktop folder. NOTICE: For potential outside readers, This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause harm. NEXT I would recommend getting a readout report as to update status of some key apps. Temporarily disable Microsoft SmartScreen to download the next software below Download SecurityCheck by glax24 from here and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt When all done, you may go back to turn ON the EDGE Smartscreen protection. Link to post Share on other sites More sharing options...
IHATERED Posted November 11, 2023 Author ID:1599321 Share Posted November 11, 2023 i didnt have problems with smart screen. i found no Klearemlog.txt file on my desktop and here is the fixlog and security check SecurityCheck.txt Fixlog.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 11, 2023 ID:1599372 Share Posted November 11, 2023 Thank you. Here are the applications that need your attention, per the SecurityCheck report. AMD Software v.23.10.2 Warning! Download Update Notepad++ (64-bit x64) v.8.5.4 Warning! Download Update Google Drive v.76.0.3.0 Warning! Download Update Microsoft OneDrive v.23.209.1008.0002 Warning! Download Update Discord v.1.0.9013 Warning! Download Update Zoom v.5.13.3 (11494) Warning! Download Update Microsoft Edge v.119.0.2151.44 Warning! Download Update AdBlock Shield 1.0.0.0 v.1.0.0.0 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it Stick with me. We want to do a new check for 'trace' leftover. Find & then start FRST64 Type the following ( better yet, use COPY then Paste) into the search box exactly as shown SearchAll: Atuct;pinaview;atruic Then press the Search Files button Please wait while the program searches for all entries relating to this , when done a search.txt log will be saved to the desktop. Please attach this log to your next reply. Link to post Share on other sites More sharing options...
IHATERED Posted November 14, 2023 Author ID:1599859 Share Posted November 14, 2023 Search.txt i dont recognise that adBlock thing and i cant find it to uninstall it the other ones are just updates Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 14, 2023 ID:1599870 Share Posted November 14, 2023 (edited) Alright. The search result is empty. Your machine is good to go. This is for tools cleanups. 👌💢 Temporarily disable Microsoft SmartScreen to download the next software below Let's go ahead and do some clean-up work and remove the tools and logs we've run. Please download KpRm by kernel-panik and save it to your desktop. right-click kprm_2-15.exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, ensure all boxes under Actions are checked. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log will open in Notepad titled kprm-(date).txt. You may attach that file to your next reply. (not compulsory) Your system is good-to-go. Sincerely. Edited November 14, 2023 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 14, 2023 ID:1599873 Share Posted November 14, 2023 p.s. and by the way, you may do a new scan with Malwarebytes. Link to post Share on other sites More sharing options...
Maurice Naggar Posted November 17, 2023 ID:1600395 Share Posted November 17, 2023 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts