Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop infected with virus [Solved]


  • This topic is locked This topic is locked

#16
BlueFireDragon

BlueFireDragon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

1. No I don't have yahoo intentionally as default search engine.

 

2. I do not have any problems with update, but if you suggest I should be on the later version I can update it.


  • 0

Advertisements


#17
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Assuming that you turned of the Sync option in Chrome (that applies for all the devices you are using), let's run a fix once more:
 
FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
Task: {3655E587-762A-45B0-A494-70251025D261} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\MITRUH\Downloads\esetonlinescanner.exe [15019488 2021-04-22] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {D9B42E0B-F054-446E-99DE-59882EDDBEAC} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\MITRUH\Downloads\esetonlinescanner.exe [15019488 2021-04-22] (ESET, spol. s r.o. -> ESET spol. s r.o.)
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US0G0&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
  • After that, perform a new FRST scan and attach only the FRST.txt log. I don't need Addition this time.

 

Check Services
 

Just to ensure that there isn't any issue regarding Update services:

  • Please download Farbar Service Scanner and save it on your Desktop.
  • Right click on the tool icon and run it as administrator.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.

 

In your next reply please post:

  1. The fixlog.txt
  2. The FRST.txt (attach)
  3. The FSS.txt

  • 0

#18
BlueFireDragon

BlueFireDragon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

FixLog.Txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021

Ran by MITRUH (25-04-2021 22:00:52) Run:3
Running from C:\Users\MITRUH\Downloads
Loaded Profiles: MITRUH
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {3655E587-762A-45B0-A494-70251025D261} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\MITRUH\Downloads\esetonlinescanner.exe [15019488 2021-04-22] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {D9B42E0B-F054-446E-99DE-59882EDDBEAC} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\MITRUH\Downloads\esetonlinescanner.exe [15019488 2021-04-22] (ESET, spol. s r.o. -> ESET spol. s r.o.)
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=E211US0G0&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxps://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3655E587-762A-45B0-A494-70251025D261}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3655E587-762A-45B0-A494-70251025D261}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9B42E0B-F054-446E-99DE-59882EDDBEAC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9B42E0B-F054-446E-99DE-59882EDDBEAC}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSuggestURL" => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20117035 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 38730 B
Edge => 0 B
Chrome => 24532521 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 9178 B
NetworkService => 9178 B
MITRUH => 564972312 B
 
RecycleBin => 971 B
EmptyTemp: => 591.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:01:49 ====
 
FSS.Txt
Farbar Service Scanner Version: 23-12-2020
Ran by MITRUH (administrator) on 25-04-2021 at 22:21:46
Running from "C:\Users\MITRUH\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Windows Security:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

Attached Files

  • Attached File  FRST.txt   41.36KB   94 downloads

  • 0

#19
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello, BlueFireDragon.
 
Everything seems good. Windows Defender is disabled because McAfee is enabled as your default antivirus.
 
Now...
 
If you want to upgrade Windows now, please do the following:

1. Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
2. Save the tool on your Desktop and double click to run it.
3. On the License terms page, if you accept the license terms, select Accept.
4. On the What do you want to do page, select Upgrade this PC now, and then select Next.
6. Follow the instructions and select Keep personal files and apps, when you are asked to.
7. It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
8. After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

9. Report back about the result and attach an FRST.txt log (as you did before), so I can give you the final instructions.

 

 

If you prefer to upgrade later:

 

Let me know, so I can give you the final instructions.


  • 0

#20
BlueFireDragon

BlueFireDragon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Windows upgrade - Done

 

FRST.txt - attached

Attached Files


  • 0

#21
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Congratulations for the upgrade. :yes:
 
If no other issues/questions...

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

#22
BlueFireDragon

BlueFireDragon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

kprm-date

 

# Run at 4/27/2021 7:54:53 PM
# KpRm (Kernel-panik) version 2.9
# Run by MITRUH from C:\Users\MITRUH\Downloads
# Computer Name: MITRUH
# OS: Windows 10 X64 (19042) 
# Number of passes: 1
 
- Checked options -
 
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines
 
- Create Registry Backup -
 
   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\MITRUH\NTUSER.dat backed up
 
     [OK] Registry Backup: C:\KPRM\backup\2021-04-27-19-54-52
 
- Delete Tools -
 
 
  ## AdwCleaner
     [OK] C:\Users\MITRUH\Downloads\AdwCleaner (1).exe deleted
     [OK] C:\Users\MITRUH\Downloads\AdwCleaner.exe deleted
     [OK] C:\AdwCleaner deleted
 
  ## ESET Online Scanner
     [OK] C:\Users\MITRUH\Desktop\Log Scan\ESET Online Scanner.lnk deleted
     [OK] C:\Users\MITRUH\Downloads\esetonlinescanner.exe deleted
     [OK] C:\Users\MITRUH\AppData\Local\ESET\ESETOnlineScanner deleted
 
  ## FRST
     [OK] C:\Users\MITRUH\Desktop\Addition.txt deleted
     [OK] C:\Users\MITRUH\Desktop\FRST.txt deleted
     [OK] C:\Users\MITRUH\Desktop\Log Scan\Addition.txt deleted
     [OK] C:\Users\MITRUH\Desktop\Log Scan\Fixlog.txt deleted
     [OK] C:\Users\MITRUH\Desktop\Log Scan\FRST.txt deleted
     [OK] C:\Users\MITRUH\Desktop\Log Scan\log 24apr21\Addition.txt deleted
     [OK] C:\Users\MITRUH\Desktop\Log Scan\log 24apr21\FRST.txt deleted
     [OK] C:\Users\MITRUH\Desktop\Log Scan\FRST 23April21\Addition.txt deleted
     [OK] C:\Users\MITRUH\Desktop\Log Scan\FRST 23April21\Fixlog.txt deleted
     [OK] C:\Users\MITRUH\Desktop\Log Scan\FRST 23April21\FRST.txt deleted
     [OK] C:\Users\MITRUH\Desktop\25Apr2021\Addition.txt deleted
     [OK] C:\Users\MITRUH\Desktop\25Apr2021\Fixlog.txt deleted
     [OK] C:\Users\MITRUH\Desktop\25Apr2021\FRST.txt deleted
     [OK] C:\Users\MITRUH\Downloads\Addition.txt deleted
     [OK] C:\Users\MITRUH\Downloads\Fixlog.txt deleted
     [OK] C:\Users\MITRUH\Downloads\FRST.txt deleted
     [OK] C:\Users\MITRUH\Downloads\FRST64 (1).exe deleted
     [OK] C:\Users\MITRUH\Downloads\FRST64.exe deleted
     [OK] C:\FRST deleted
 
  ## FSS
     [OK] C:\Users\MITRUH\Desktop\25Apr2021\FSS.txt deleted
     [OK] C:\Users\MITRUH\Downloads\FSS.exe deleted
     [OK] C:\Users\MITRUH\Downloads\FSS.txt deleted
 
  ## Malwarebytes (log)
     [OK] C:\Users\MITRUH\Desktop\Log Scan\Malwarebytes report.txt deleted
 
- Restore System Settings -
 
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
 
- Restore UAC -
 
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
 
- Clear Restore Points -
 
     [I] No system recovery points were found
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 04/28/2021 00:55:28
 
-- KPRM finished in 67.85s --

  • 0

#23
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Yes! Now, you are ready to go. :)

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled.


If you have any questions or concerns please don't hesitate to ask!

I'm glad I was able to help you.

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP