Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possibly infected laptop [Solved]


  • This topic is locked This topic is locked

#16
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts
Apologies!!! Life has been busy Ive run the two processes you asked for I need to post them. The laptop has not been used since running them. I am hoping to post the log files this evening after Ive been to work thank you
  • 0

Advertisements


#17
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 603 posts

:thumbsup:


  • 0

#18
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

mbam130120

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 13/01/2020
Scan Time: 02:07
Log File: 7c0f6350-35a9-11ea-a802-a0d3c1694068.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.14305
Licence: Trial

-System Information-
OS: Windows 10 (Build 15063.1387)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 289724
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 48 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.MySearchDial, HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [120], [168579],1.0.14305

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

eset130120

 

13/01/2020 09:33:12
Files scanned: 327585
Detected files: 2
Cleaned files: 0
Total scan time 04:08:50
Scan status: Finished
C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

 

thank you for being so patient


  • 0

#19
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

mbam130120

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 13/01/2020
Scan Time: 02:07
Log File: 7c0f6350-35a9-11ea-a802-a0d3c1694068.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.14305
Licence: Trial

-System Information-
OS: Windows 10 (Build 15063.1387)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 289724
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 48 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.MySearchDial, HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [120], [168579],1.0.14305

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

eset130120

 

13/01/2020 09:33:12
Files scanned: 327585
Detected files: 2
Cleaned files: 0
Total scan time 04:08:50
Scan status: Finished
C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

 

thank you for being so patient


  • 0

#20
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

mbam130120

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 13/01/2020
Scan Time: 02:07
Log File: 7c0f6350-35a9-11ea-a802-a0d3c1694068.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.629
Update Package Version: 1.0.14305
Licence: Trial

-System Information-
OS: Windows 10 (Build 15063.1387)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 289724
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 48 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.MySearchDial, HKU\S-1-5-21-4036567448-3610357976-3683549566-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [120], [168579],1.0.14305

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

eset130120

 

13/01/2020 09:33:12
Files scanned: 327585
Detected files: 2
Cleaned files: 0
Total scan time 04:08:50
Scan status: Finished
C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

 

thank you for being so patient


  • 0

#21
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

I don't know what you mean. Have you forgotten your Windows password?

I had forgotten the windows password but I found a way to reset it but it involved renaming utilman to utilman1 and then renaming cmd to utilman but now windows will not allow me to rename them back. do you have any ideas as to how I can rename the files?


  • 0

#22
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 603 posts

Is your account a local account or linked to your microsoft account?

==============================================

I didn't ask for a Malwarebytes log but when checking my last post, I posted the wrong 'fix' so please do the following:

Copy all text in the code box below and paste it into Notepad:

@echo off
del /f /s /q "C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe”
del /f /s /q “C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx”
del %0

  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as All Files
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the ‘delfile.bat’ file will also be deleted.

Please re-run Eset and post the results.
  • 0

#23
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 603 posts

It has again been 3 days since I replied. Please answer in the next 24 hours.

 

If I don't hear from you, I'll assume all is now well and close the topic.

 

Satchfan


  • 0

#24
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

Sorry, life got in the way again, ill kick off the eset scan so it canrunwhile I'm at work


  • 0

#25
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 603 posts

:thumbsup:


  • 0

Advertisements


#26
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

Eset log

 

22/01/2020 18:16:10
Files scanned: 476104
Detected files: 2
Cleaned files: 0
Total scan time 09:45:58
Scan status: Finished
C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)


  • 0

#27
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 603 posts

Let's try it in safe mode.

 

Again, disable AVG.

 

Start your computer in safe mode.

Copy all text in the code box below and paste it into Notepad:

@echo off
del /f /s /q "C:\Program Files (x86)\AVG\Antivirus\setup\aswOfferTool.exe”
del /f /s /q “C:\Program Files (x86)\AVG\Antivirus\setup\offertool_x64_ais-c24.vpx”
del %0
  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.

Please run Eset again and send the new log.


  • 0

#28
nigella

nigella

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 231 posts

I ran eset after deleting files in safe mode but I don't have the log file so I am rerunning now


  • 0

#29
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 603 posts

Thanks for the update.

 

To be honest, those are not a big problem and running Eset to get rid of them is a bit like using a hammer to crack a nut.

 

Almost everything found by AdwCleaner was AVG-related.

 

I would suggest that you uninstall AVG, which is not a reliable antivirus any more and brings adware an unwanted programmes bundles with it. Avast acquired AVG and neither one of those are what they used to be. Windows Defender is as good as you'll get on Windows 10. It's what I use, as do many of the malware removal team.

 

See https://www.bleeping...ndows-defender/

 

Please let me know what you decide to do and if there are any remaining problems.

 

Satchfan


  • 0

#30
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 603 posts

Can you please answer the last post.

 

If I don't hear from you in 24 hours, I'll assume that all is OK and close the topic as 'solved'.

 

Satchfan


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP