Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Malware infection - help request [Solved]

malware advapi english-trainer.net

  • This topic is locked This topic is locked

#16
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Very good. The two tools didn't detect anything.
 
Just to ensure that everything is clean, let's do an online scan now. Have in mind that it will take some time, so most possibly I'll see the result tomorrow.

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

In your next reply please post:

  1. The eset.txt
  2. Feedback: how is the computer running? Please report any issue you are dealing with now.

  • 1

Advertisements


#17
Maffu

Maffu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hi Dr M,

Here are the contents of the eset.txt.

08/05/2023 22:47:21
Files scanned: 1710557
Detected files: 5
Cleaned files: 5
Total scan time 02:50:47
Scan status: Finished
D:\downloads\spsetup132.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
 
E:\appdata\Roaming\uTorrent\updates\3.5.5_45395.exe a variant of Win32/uTorrent.C potentially unwanted application cleaned by deleting
 
E:\appdata\Roaming\uTorrent\updates\3.5.5_45574.exe a variant of Win32/uTorrent.C potentially unwanted application cleaned by deleting
 
E:\appdata\Roaming\uTorrent\updates\3.5.5_45704.exe a variant of Win32/uTorrent.C potentially unwanted application cleaned by deleting
 
E:\appdata\Roaming\uTorrent\uTorrent.exe a variant of Win32/uTorrent.C potentially unwanted application cleaned by deleting

 

 

 
My connection seems to be faster, but I realise that could just be perception bias at this point..
I will monitor over the next day, including leaving it idle, both with browser open and with browser closed, and come back to you with the results of that.
I really appreciate all your help with this - thank you.

  • 0

#18
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

OK.

 

Work a bit with the computer and let me know about any issues.

 

At this point, I would like to check fresh FRST logs, Addition and FRST.


  • 0

#19
Maffu

Maffu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hi Dr M,

I've been using the machine today, including a couple of periods of inactivity and nothing has popped up.  Definitely seems less sluggish.

Also, thinking about your previous comment about SAP entries, I remembered I'd installed a demo version of Crystal Reports a while back that I never use, so I also uninstalled that.

I have attached the fresh scans to this reply.

Have a good evening.

Attached Files


  • 0

#20
Maffu

Maffu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Oh, one thing I should mention. i have Autoruns installed on my machine and after running all the scans and fixes etc, when I started my machine two instances of Windows Explorer open, both to the (empty)  Autoruns Disabled folder.

No other odd behaviour that i can see, though.


  • 0

#21
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Hi.
 
I see that you removed the SAP BusinessObjects. Good. Removing whatever you don't need/use is a good tactic.
 
This is in your Startup folder:
 
C:\Users\Maffu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2023-05-08]
 
So now everything is fine with Autoruns?
 
Just a few more things with the following fix:
 
 
FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\RunOnce: [DeleteSAPSetupEngine] => cmd /c rmdir /s /q "C:\Users\Maffu\AppData\Local\Temp\setup.engine.temp\\" (No File) <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Folder: 2023-05-01 19:56 - 2023-05-01 19:56 - 000000000 ____D C:\Users\Maffu\AppData\Local\pip
File: C:\Users\Maffu\AppData\Local\wle.log
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

  • 1

#22
Maffu

Maffu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hi Dr M,

Here is the Fixlog.

Autorund Disabled opened again after restart. I've removed it form startup.

Attached Files


  • 0

#23
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

There was an error in the fix. Apologies.
 
Please do the following:

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
Folder: C:\Users\Maffu\AppData\Local\pip
VirusTotal: C:\Users\Maffu\AppData\Local\wle.log
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

  • 1

#24
Maffu

Maffu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Hi again, 

Here is the fixlog.

Attached Files


  • 0

#25
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

OK!

 

Is there any remaining issue/question/concern regarding this computer? 


  • 0

Advertisements


#26
Maffu

Maffu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I don't think so - it's been fine again today, even after leaving it idle for a couple of hours I haven't seen anything popping up, and my connection seems fine.

Thank you for your help with this, I appreciate it.


  • 1

#27
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Hello.
 
I'm glad to hear that the computer is running fine now. :)
 
Now...

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 1

#28
Maffu

Maffu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Done.  Here is the log...

Attached Files


  • 0

#29
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,107 posts

Perfect!

You are clean now! Green pass from me.  :spoton: 
 
If you really want Java, you can install the latest version from here: Java SE Runtime Environment 8 - Downloads.  Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional. I would recommend, however, not to install it. If a program you use needs it, it will ask you to install it.
 

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now Avast. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing. ZZZQehw.gif


I'm glad I was able to help you.


  • 1

#30
Maffu

Maffu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

That's great.  thanks Dr M.

I really appreciate the time you've put into this.

Thank you again, and have a great evening!


  • 1






Similar Topics


Also tagged with one or more of these keywords: malware, advapi, english-trainer.net

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP