Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #16  
Old November 3rd, 2018, 08:59 PM
EDO EDO is offline
Senior Member
 
Join Date: May 2004
Posts: 457
Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.10.2018
Ran by Ed (03-11-2018 12:49:45) Run:2
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Boot Mode: Normal
==============================================

fixlist content:
*****************
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe [440832 2016-12-07] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Dr.Fone for Android (CPC)\Library\DriverInstaller\DriverInstall.exe [124560 2016-12-13] (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [2017-01-04]
ShortcutTarget: BackupRemind.lnk -> C:\Program Files (x86)\Wondershare\Dr.Fone for Android (CPC)\Addins\AndroidBackupRestore\BackupRemind.exe (Wondershare)
C:\Program Files (x86)\Wondershare\Dr.Fone for Android (CPC)\Addins\AndroidBackupRestore\BackupRemind.exe
C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe
*****************

HKLM\System\CurrentControlSet\Services\WsAppServic e => removed successfully
WsAppService => service removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully
WsDrvInst => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk => moved successfully
"C:\Program Files (x86)\Wondershare\Dr.Fone for Android (CPC)\Addins\AndroidBackupRestore\BackupRemind.exe " => not found
"C:\Program Files (x86)\Wondershare\Dr.Fone for Android (CPC)\Addins\AndroidBackupRestore\BackupRemind.exe " => not found
C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe => moved successfully


The system needed a reboot.

==== End of Fixlog 12:49:45 ====
Reply With Quote


  #17  
Old November 3rd, 2018, 09:20 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 1,965
Hi EDO,


Step1:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step2:
Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.


Step3:

ESET Online Scanner:

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.
  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Delete found harmful. Place a checkmark at Delete application's data on close, click Finish and close the program.
Don't forget to re-enable previously switched-off protection software!

Reply With Quote
  #18  
Old November 6th, 2018, 01:41 AM
EDO EDO is offline
Senior Member
 
Join Date: May 2004
Posts: 457
AdwCleaner 7.2.4.0

# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-11-05.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-05-2018
# Duration: 00:00:07
# OS: Windows 10 Home
# Cleaned: 22
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare V8

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULA TION|Amazon1ButtonTaskbarApp.exe
Deleted HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppI E.dll
Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.metrolyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\metrolyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.metrolyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\metrolyrics.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www1.online.penfed.org
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www1.online.penfed.org
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\search.aol.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\search.aol.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion \AppContainer\Storage\microsoft.microsoftedge_8wek yb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com

***** [ Chromium (and derivatives) ] *****

Deleted gjkpcnacdgdlpfejlgflolpaigoicibh
Deleted AVG Secure Search

***** [ Chromium URLs ] *****

Deleted SecureSearch
Deleted Ask
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4650 octets] - [05/11/2018 16:33:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Reply With Quote
  #19  
Old November 6th, 2018, 02:23 AM
EDO EDO is offline
Senior Member
 
Join Date: May 2004
Posts: 457
Malwarebytes

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/5/18
Scan Time: 4:49 PM
Log File: d5b2dc12-e15d-11e8-adcb-c81f66b4c184.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7711
License: Trial

-System Information-
OS: Windows 10 (Build 17134.345)
CPU: x64
File System: NTFS
User: THEOSUNAPC\Ed

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 307230
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 26 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.Solvusoft, C:\USERS\ED\DOWNLOADS\SETUP_DRIVERDOC_2018.EXE, Quarantined, [2900], [331663],1.0.7711

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
Reply With Quote
  #20  
Old November 6th, 2018, 05:52 AM
EDO EDO is offline
Senior Member
 
Join Date: May 2004
Posts: 457
Eset Log

C:\FRST\Quarantine\C\Users\Ed\Downloads\avc-free (1).exe.xBAD a variant of Win32/FusionCore.T potentially unwanted application
C:\FRST\Quarantine\C\Users\Ed\Downloads\avc-free (2).exe.xBAD a variant of Win32/FusionCore.T potentially unwanted application
C:\FRST\Quarantine\C\Users\Ed\Downloads\avc-free (3).exe.xBAD a variant of Win32/FusionCore.T potentially unwanted application
C:\Users\Ed\Downloads\avc-free.exe a variant of Win32/FusionCore.T potentially unwanted application
Reply With Quote
  #21  
Old November 6th, 2018, 06:06 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 1,965
Hi EDO,


İnternet explorer:
Internet Explorer 9, 10 and 11 (Win) - Clearing Cache and Cookies
https://kb.wisc.edu/page.php?id=15141
Next >>
How to reset Internet Explorer settings
https://support.microsoft.com/en-us/kb/923737

============================


How is it now browsers and the system ?
Reply With Quote
  #22  
Old November 7th, 2018, 11:34 PM
EDO EDO is offline
Senior Member
 
Join Date: May 2004
Posts: 457
Status

Running a lot better since we deleted that app.

Thanks for all the help!

EDO
Reply With Quote
  #23  
Old November 8th, 2018, 11:35 AM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 1,965
In any case please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • Delfix will now delete all found traces of our removal process.
If there is still something left please delete it manualy.Then

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

Best regards. Greetings.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 09:34 AM.