Jump to content

Recommended Posts

HI Team,

I work up today morning and the system was behaving odd. It was super slow and few adds popped up from no where. I went to start and found new apps in recent, I found out that most of them are virus. So i deleted it from appwiz and cleared the root folder from ProgramX86 and User path but unfortunately i'm unable to delete this Atuct.exe from ProgramX86. Please help me remove all the virus.

Apps i found-Barousel.exe

WebCompanion.exe

PremierOpinion.Exe

Atuctapp.Exe

Atuct APP.png

Untitled.png

Link to post
Share on other sites

  • Root Admin

Hello @Ashwin1996 and :welcome:

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

[ 1 ]

Please make the following system changes.

  • Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the scans are completed.
  • Disable-Fast-Startup
  • Show-Hidden-Folders-Files-Extensions

[ 2 ]

Malwarebytes AdwCleaner

Let's do a special run of Malwarebytes AdwCleaner to help prepare the computer to be able to run other scanning software that may be blocked

Please read all the information below before starting so that you have a good understanding of the process.
Take your time and be careful. Make sure you select all of the listed items below - before- pressing the scan button.
 
  • Please download Malwarebytes AdwCleaner and save the file to your Desktop or Downloads folder.
  • Here is another link to download if the link above does not work:  Malwarebytes AdwCleaner alternative link
  • Locate the program where you downloaded it. Double-click to start AdwCleaner.  Do not rush. There are a few choices to set as listed below.
  • Malwarebytes AdwCleaner guide
  • Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt.
  • Accept the End User License Agreement.
  • Wait until the database is updated. Do Not click on anything yet.
 
When AdwCleaner starts, on the left side panel of the window, click on Settings and enable these repair actions on the Application tab
Clicking their button to the far-right will enable the ON status
 
  • Delete IFEO keys
  • Delete tracing keys
  • Delete Prefetch files
  • Reset Proxy
  • Reset Chrome policies
  • Reset IE Policies
  • Reset Winsock
  • Reset Hosts file (If you're not having any issues accessing security or other websites you can uncheck this item)

 

image.png.a06f1c3da463f5f1a4d071a910ff71

 

ONLY after you have set the selections above ....only after that .....
Now On the left side of the AdwCleaner window, click on the Dashboard panel and then click the Scan button to perform a computer scan.
 
image.png.7a0c726e4d63978cfe4d95bca514c7
 
  • DO NOT uninstall or remove the Preinstalled software if found. Uncheck any items listed for Preinstalled
  • When finished, if items are found please click Quarantine to finish the cleaning process.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach that log to your next reply. You can also open the Log Files panel to locate.
  • This can take several minutes to complete, please be patient.
  • When the AdwCleaner scan is completed it will display all of the items it has found. Click on the Quarantine button To remove what it found.
  • AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean.
  • Click on the Continue button to finish the removal process.
  • If No Detections are found, Click the Basic Repair button to have it reset the checked items above.


[ 3 ] 

Malwarebytes for Windows

  • If you already have Malwarebytes installed then open Malwarebytes and click on the small gear icon, then click on the "Check for updates" button on the General tab.
  • After any updates, click the middle Scan button from the main page. It will automatically run a Threat Scan.
  • If you don't have Malwarebytes installed yet, please download it from here or alternative link and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed, make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let us know in your next reply that the scanner would not run.

 

View Reports and History in Malwarebytes for Windows v4
https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows

Malwarebytes for Windows v4 guide
https://support.malwarebytes.com/hc/en-us/articles/360038984693-Malwarebytes-for-Windows-v4-guide

 

RESTART THE COMPUTER Before running Step 4

[ 4 ]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Please rename FRST.EXE or FRST64.EXE to FRSTEnglish.exe
  • After renaming the file right-click over FRSTEnglish.exe and select "Run as administrator"
  • When the tool opens click Yes to the disclaimer
  • Make sure there is a check mark in the Addition.txt check box
  • Press the Scan button.
  • It will make a log FRST.txt and Addition.txt in the same directory the tool is run from. Please attach both logs to your next reply.

 

 

Thank you

 

Example image of where to click to attach files when posting your reply

image.thumb.png.e208c182ff570799c53bcf57

 

 

 

Link to post
Share on other sites

Hi,

Thanks for the immediate response. I've followed your instruction and shared you the logs. Please let me know if it looks alright now and I really appreciate your help. 

Note: I've removed the actual AtuctaApp.exe with help of some YouTube video but still wanted to be 100% sure as you guys are the best in business 

Addition.txt AdwCleaner[C00].txt AdwCleaner[S00].txt FRST.txt MalwareBytes.txt

Link to post
Share on other sites

  • Root Admin

Thank you for the logs.

It is not recommended to have this account enabled. I would recommend you keep it disabled as it was originally when Windows was installed.

Administrator (S-1-5-21-3061352425-3256183149-2745956117-500 - Administrator - Enabled) => C:\Users\Administrator

 

Please follow the steps below

[ 1 ]

Please go to Control Panel, Programs, Programs and Features, Uninstall a program

Then right-click and uninstall the following

  • Adobe Flash Player 11 Plugin (Adobe dropped Flash years ago)


[ 2 ]

Your current DNS Servers:    183.82.243.66 - 49.205.72.130   

Please consider changing your default DNS server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

Pick just one of these 4 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6

  • Google Public DNSIPv4   8.8.8.8 and 8.8.4.4   IPv6   2001:4860:4860::8888 and 2001:4860:4860::8844
  • CloudflareIPv4   1.1.1.1 and 1.0.0.1   IPv6   2606:4700:4700::1111 and 2606:4700:4700::1001
  • OpenDNSIPv4   208.67.222.222 and 208.67.220.220  IPv6  2620:119:35::35 and 2620:119:53::53
  • DNSWATCHIPv4   84.200.69.80 and 84.200.70.40   IPv6  2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b


The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

 

[ 3 ]

Warning: Windows Firewall is disabled.

We will be attempting to re-enable and reset the Firewall in a fix below.

 

[ 4 ]

Are you sure you want this enabled or allowed? Push Notifications on your browser appear to be enabled.

CHR Notifications: Default -> hxxps://a.mylink.vc; hxxps://adfs.prochant.com; hxxps://eparbeld.com; hxxps://rekadvice.com; hxxps://twitter.com; hxxps://www.facebook.com; hxxps://youractualjournal.com

https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Turn notifications on or off - Google Chrome

Web Push notifications in Firefox

 

[ 5 ]

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

  • NOTICE: This script was written specifically for this user, for use on this particular machine.
  • Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\NEW\Downloads\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

  1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
  2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
                Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
  3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Discord cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

Great, overall the log looks good, but terminated due to a Time out.

Fixing is terminated due to reaching maximum fixing time of 60 minutes. <==== ATTENTION

Windows Resource Protection found corrupt files and successfully repaired them.

 

Please download and run this updated FIXLIST.txt file as before and post back the FIXLOG.txt file when done.

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

Google Chrome continues to have issues according to the logs.

Please follow the directions from the following topic for a more extensive article on cleaning Google Chrome

Resetting Google Chrome to clear unexpected issues
 

 

 

As for uTorrent

 

 

The act of torrenting itself is not illegal. However, downloading and sharing unsanctioned copyrighted material is illegal, and there is always a chance of prosecution if caught by the authorities.
Torrenting non-copyrighted material is perfectly fine and is allowed. However, be aware that we have seen increased malware bundled with software downloads over P2P.

Recent Ransomware infections have been seen to encrypt user data so that no one can decrypt the data without the private key.
When sharing files, please keep in mind that you're increasing your system's attack surface area, which can increase the risk of infection.

Scan all files before running them. https://www.virustotal.com

If you don't need or use the P2P software, you should uninstall it.

P2P File-Sharing: Know the Risks
https://www.bankinfosecurity.com/p2p-file-sharing-know-risks-a-737

 

Hidden risks in pirated software https://news.microsoft.com/apac/2019/01/08/hidden-risks-in-pirated-software/
Why You Shouldn't Use Pirated Software (But Why People Still Do) https://www.computer.org/publications/tech-news/trends/why-you-shouldnt-use-pirated-software

 


Games that use P2P

Malwarebytes can often block Steam and other games because Steam uses what is known as Peer-to-Peer (P2P) technology, meaning it connects to many different servers, workstations, and IP addresses.

Sometimes Torrent based software will connect to a server that is also known for hosting malicious content. This is because multiple sites often share servers, workstations, IP addresses.

So although what you are playing or downloading through Torrent-based software may be perfectly safe, some of the sites hosted on some of the IP addresses the Torrent-based software connects to may be malicious.
Such connections are typically not a threat, and you may exclude Torrent-based software from the Web Protection component in Malwarebytes to stop the block alerts.

Generally speaking, your web browser and other critical web-facing programs will still be fully protected from malicious websites and other malicious content.

To do so, add the game executable program file to your exclusions using the method described under the Exclude an Application that connects to the Internet section of Exclude detections in Malwarebytes for Windows

https://support.malwarebytes.com/hc/en-us/articles/360038479234-Add-to-the-Allow-List-in-Malwarebytes-for-Windows-v4

NOTE: Some torrenting software binds to your network card, and it may not be possible to exclude from Malwarebytes.

 

 

 

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.