sonuj2 Posted January 24 ID:1613473 Share Posted January 24 This morning when I logged in to my Windows PC and opened up the Chrome browser I saw a 'Privacy Test Updated Successfully' tab pop up. Turns out it is the 'Hotcleaner.com/privacy-test-updated.html'. I ran Malwarebytes (I have the premium version) but it did not remove this virus. How do I get rid of this Hotcleaner virus? URGENT ..... Please help!!! Link to post Share on other sites More sharing options...
Solution MKDB Posted January 24 Solution ID:1613477 Share Posted January 24 Hello @sonuj2 and My name is MKDB and I will assist you. Let's keep these principles as we proceed. Make sure to read the entire post below first. Please follow the steps in the given order and post back the log files. Please attach all log files into your post. Before we start, please make sure that you have an external backup, not connected to this system, of all private data. Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you. As English is not my native language, please do not use slang or idioms. It may be hard for me to understand. If you do not respond within 4 days, your topic will be closed. Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also a big source of current trojan infections. If you are running any kin of illegal software on your system, please uninstall them now, before we start the cleaning procedure. Open Google Chrome. Typ chrome://extensions in the adress bar and press Enter. Activate developer mode in the upper right corner. Search for the extension Privacy Test( ID: pdabfienifkbhoihedcgeogidfmibmhp ) and click on Remove. Confirm with another click on Remove. Close Google Chrome. Let me know if that was helpful. Link to post Share on other sites More sharing options...
sonuj2 Posted January 24 Author ID:1613480 Share Posted January 24 Hello MKDB, I activated the 'Developer Mode' per your suggestion and removed the 'Privacy Test' extension as it now popped up in the extensions. Once I clicked on 'Remove' it went away and I did not see the Privacy Test box again to click on 'Remove'. Am I missing something or that was the end of it? Please do let me know. And do I 'deactivate' the developer mode now? Thanks again for your instant help! Link to post Share on other sites More sharing options...
MKDB Posted January 24 ID:1613481 Share Posted January 24 @sonuj2 Yes, you can de-activate the developer mode now. Close Chrome, reboot your system and start Chrome again. Let me know if you still see Privacy Test or if it's really gone. We can have a closer look on your whole system if you like. I do recommend this, but it's up to you. Link to post Share on other sites More sharing options...
sonuj2 Posted January 24 Author ID:1613506 Share Posted January 24 I shutdown my laptop and started it again. I looked at the extensions, in 'Developer Mode', and I do not see 'Privacy Test' in there. Looks like I am all good for now. I would like to take you up on your offer to take a look at my whole system. What do I have to do? Please do let me know. I have to go out and run some errands now but if you send me a response with things you need me to do, I will do those and if I have any questions I will let you know. Do I send me a message when I am ready to do a whole system look up? Please let me know. And thanks again for all your help so far. Shekhar 1 Link to post Share on other sites More sharing options...
MKDB Posted January 24 ID:1613558 Share Posted January 24 @sonuj2 Thanks for your feedback regarding this chrome extension. Indeed, it seems that it is gone. It's almost 10 p.m. here in Germany. It's time for me to go to bed as I have to get up early. In order to get an overview of the whole system, I would like you to run a scan with Farbar Recovery Scan Tool (FRST). It is a powerfull tool that can help to detect and remove malware. Please download the suitable version of Farbar Recovery Scan Tool (FRST) and save it to your desktop: 32bit | 64bit Right click on the FRST icon and rename it to FRST64english Double-click to run it. If you receive any warning about the download, it is a false positive and you can ignore it. Click on More info to get the Run anyway option. When the tool opens, click Yes to disclaimer. Press the Scan button. FRST will create two logs (FRST.txt + Addition.txt) in the same directory the tool is run. Please attach these logfiles to your next reply. Link to post Share on other sites More sharing options...
sonuj2 Posted January 24 Author ID:1613573 Share Posted January 24 Hello MKDB, I have attached the files you requested. Please review and let me know if at all you need me to do anything further. Thanks and Good Night! Shekhar Addition.txt FRST.txt Link to post Share on other sites More sharing options...
MKDB Posted January 25 ID:1613688 Share Posted January 25 @sonuj2 Well done. Your logfiles look good to me. 😉 I recommend on final check. I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications. Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe If Microsoft SmartScreen blocks the download, click through to save the file This tool is safe. Smartscreen is overly sensitive. If SmartScreen blocks the file from running click on More info and Run anyway Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt Link to post Share on other sites More sharing options...
MKDB Posted January 28 ID:1614384 Share Posted January 28 Hi @sonuj2, do you still need help? If so, please follow my instructions and post the logfiles. Thank you. Link to post Share on other sites More sharing options...
sonuj2 Posted January 28 Author ID:1614394 Share Posted January 28 I am getting an error ....... Windows Defender blocks opening the file saying 'Security Check, Virus Detected, and I cannot go beyond that. Link to post Share on other sites More sharing options...
sonuj2 Posted January 28 Author ID:1614395 Share Posted January 28 Sorry about the delay, I was busy with other stuff and this got put to the side. I do not get the option 'More Info' and does not also give me the option for 'Run Anyway'. What do I do? Thanks. Link to post Share on other sites More sharing options...
MKDB Posted January 28 ID:1614400 Share Posted January 28 @sonuj2 That's a false positive by Windows Defender. You can try to disable Windows Defender for the time of downloading and running SecurityCheck: https://support.microsoft.com/en-us/windows/turn-off-defender-antivirus-protection-in-windows-security-99e6004f-c54c-8509-773c-a4d776b77960 Link to post Share on other sites More sharing options...
MKDB Posted January 30 ID:1614776 Share Posted January 30 Hi @sonuj2, do you still need help? If so, please follow my instructions and post the logfiles. Thank you. Link to post Share on other sites More sharing options...
MKDB Posted January 31 ID:1615023 Share Posted January 31 @sonuj2 If you can't run SecurityCheck, that's not that bad. Thank you for your cooperation. You can use KpRm to remove FRST and other tools. Please download KpRm by kernel-panik and save it to your desktop. Right-click kprm_(version).exe and select Run as Administrator. Read and accept the disclaimer. When the tool opens, select Delete Tools under Actions. Under Delete Quarantines select Delete Now, then click Run. Once complete, click OK. A log may open in Notepad titled kprm-(date).txt. I do not need it. Just close Notepad if it shows up. A few final recommendations can be found here: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Link to post Share on other sites More sharing options...
MKDB Posted January 31 ID:1615121 Share Posted January 31 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection. Thank you. As this topic seems to be solved, I do not follow it any longer. Take care! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 31 Root Admin ID:1615171 Share Posted January 31 We're glad that we were able to assist you. The following information will help you to keep your computer and data safer as well as improve your overall privacy Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site. https://www.howtogeek.com/780233/best-password-manager/ Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/ Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2 Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security Malwarebytes Browser Guard Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ uBlock Origin Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin Cybersecurity basics & protection Everything you need to know about cybercrime https://www.malwarebytes.com/cybersecurity Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/ Hopefully, we've been able to assist you with correcting your system issues. Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following to help you better protect your computer and privacy Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts