Yes it is normal regarding steam. I moved it there.
#46
Posted 20 August 2015 - 04:14 PM
#47
Posted 20 August 2015 - 04:15 PM
It's frozen a couple of times, this one has taken hours and not even at 50% yet!! Should I pursue with it?
If possible yes. Many people set it to run overnight since it takes awhile. With the type of infection you had I don't want to take any chances. Also if you get a second and are able to answer my question in Post#44 that would be great. Thank you!
#48
Posted 20 August 2015 - 04:16 PM
And you answered the question. Thank you. You can ignore that last part then.
#49
Posted 20 August 2015 - 04:19 PM
Okay, I'm sticking at it! Luckily I'm using the laptop and it isn't freezing.
#50
Posted 20 August 2015 - 04:47 PM
I still have I - Cinema as an extension on Google Chrome. As well as two other suspicious ones. Will this remove them, do you think?
#51
Posted 20 August 2015 - 04:50 PM
I have a fix prepared that will remove those but was going to do it after the scan is finished. Because Chrome was compromised we're going to rip out most of the extensions and have you install only the ones that you use.
#52
Posted 20 August 2015 - 04:58 PM
Okay, thank you! I see what you mean, now. Shall I prevent myself from using Chrome at this time?
#53
Posted 20 August 2015 - 04:59 PM
I would try to stay away from it until our next fix.
#54
Posted 21 August 2015 - 03:59 AM
My computer restarted as I slept!!! I restarted it when I awoke and it's now on 44%. This program is a nightmare!! Hopefully it pays off.
#55
Posted 21 August 2015 - 04:00 AM
Arghhhh.....bummer.
#56
Posted 21 August 2015 - 05:04 AM
It failed...screen went blank!!
#57
Posted 21 August 2015 - 05:23 AM
OK, we'll attack this a little differently. Please do the following.
Step#1 - CCleaner Warning
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.
http://www.bleepingc...s/#entry2853053
http://miekiemoes.bl...weaking_13.html
Step#2 - Questions
1. It appears you moved all of your encrypted documents somewhere. Can you validate this? Just want to make sure.
2. I see you have another user account - simone_2. Do you use this account or is it a test account that can be removed?
Step#3 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.
fixlist.zip 185.48KB
216 downloads. The file was too large to attach to the forum so I had to zip it. Once saving to your desktop, right-click on the file and extract the fixlist.txt. Please ensure that you move the fixlist.txt to your desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
Step#4 - FRST Registry Search
1. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
2. Copy and paste globalUpdate,esgiguard,Shredder into the Search box and click the Search Registry button.
3. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
saved on your desktop named Search.txt.
Items for your next post
1. Answer to questions
2. FRST Fixlog.txt
3. FRST Search.txt log
#58
Posted 21 August 2015 - 10:17 AM
Sorry for the delayed response. It worked...it found tens of thousands infected files...so much so it won't even let me paste it here!
#59
Posted 21 August 2015 - 10:24 AM
I have private messaged you the SendSpace link
Similar Topics
Also tagged with one or more of these keywords: malware, virus, software, help, trojan, ads, file, infected
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users