I can't get rid of a virus

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Pedio
    PCHF Member
    • Nov 2019
    • 5

    #1

    I can't get rid of a virus

    Hello community
    Last month i tried to download Mario 64 , but sadly it turned out to be some dangerous virus , i had read every forum and watched every video and downloaded every antivirus or antimalware for this problem but nothing helped me .
    I tried to delete the virus files manually with SAFE MODE but the virus applications are still running and starts up with windows .
    Tried to disable them from startup , and then run Malwarebytes that didn’t work too .
    i also tried to delete the apps from the registry editor and delete it from start-up but it’s not showing there too .
    This is what i found in the task manager :
    [MEDIA=imgur]a/dikOnqV[/MEDIA]
    Is there i can get rid of them WITHOUT RESETING WINDOWS
    Please help
  • veeg
    PCHF Director
    • Jul 2016
    • 8982

    #2
    Hello

    Hopefully some of our members will chime in soon..

    @Malnutrition jmarket @gus

    Comment

    • Pedio
      PCHF Member
      • Nov 2019
      • 5

      #3
      Originally posted by vger
      Hello

      Hopefully some of our members will chime in soon..

      @Malnutrition @jmarket
      I have all time
      Thanks for your concern

      Comment

      • jmarket
        PCHF Owner
        • Jan 2015
        • 7634

        #4
        Hi @Pedio and welcome to PCHF

        Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

        If you are unsure if your operating system is 32 or 64 Bit please go HERE.

        Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu.



        If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
        Frst will open with two dialogue boxes, accept the disclaimer.


        Accept the default whitelist options,
        If the additions.txt options box is not checked please select it.
        Then select “Scan”



        Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



        Please Copy and Paste the contents of these logs in your next post for review by our Security Team

        Comment

        • Pedio
          PCHF Member
          • Nov 2019
          • 5

          #5
          Originally posted by jmarket
          Hi @Pedio and welcome to PCHF

          Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

          If you are unsure if your operating system is 32 or 64 Bit please go HERE.

          Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu.



          If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
          Frst will open with two dialogue boxes, accept the disclaimer.


          Accept the default whitelist options,
          If the additions.txt options box is not checked please select it.
          Then select “Scan”



          Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



          Please Copy and Paste the contents of these logs in your next post for review by our Security Team
          Hello , Thanks for answering
          I followed all the steps you asked me to do , but the reports are in french because my pc is in french , hope that wont be a problem for the security team

          Comment

          • jmarket
            PCHF Owner
            • Jan 2015
            • 7634

            #6
            We need you to run Malwarebytes Anti-Malware (MBAM) to get a log. Please download the free version of Malwarebytes HERE

            Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear and after the install click the new desktop icon https://pchelpforum.net/attachments/mwb-jpg.481 to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

            [ul]If the dashboard is not already displayed select it.[/ul]
            [ul]Then select Update to get the latest definition database.[/ul]



            [ul]Next we need to change a scanning option, select Settings on the main menu[/ul]
            [ul]Then Detection and Protection on the left.[/ul]
            [ul]Then select Scan for rootkits in the detection options, as well as the other two options already checked.[/ul]



            Now return to Dashboard on the main menu and select Scan Now at the bottom of the screen.



            [ul]Allow Malwarebytes to scan your system. It may take some time depending on how much data loaded onto your hard drive. When the scan is finished any threats will be listed for action. Ensure all threats are selected, and click Remove Selected
            [/ul]



            A dialogue box may open and ask to restart the computer, if so select Yes



            Once the computer restarts open Malwarebytes again and select History on the menu bar, Application logs, then click the scan just completed, then click Export, choose text file. Name the text file and select a location, preferably the desktop and close Malwarebytes.



            Please copy and paste the contents of the text file in your next post

            We will need a log from AdwCleaner for further information.

            Please go HERE and download AdwCleaner to your Desktop. Once downloaded right click the new icon and select Run as Administrator from the context menu to open the program. It will open at the Dashboard tab and no further changes to the program are necessary at this stage.

            Click the Scan Now button.

            [IMG alt="oklj3amfOpqEpPVXnuqk79lHRApDnhPQVXn6z6Y3NoRuE Owdc4_mOGQu11P43d4Fb8OGSEeDJ_AsebIM9FWRakQeH_rBtmE r8_ua1VJwBd_Ws3-miUSngeShjQ7W5K4p6SytCWs2=w2400" width="627px" height="401px"]https://lh3.googleusercontent.com/oklj3amfOpqEpPVXnuqk79lHRApDnhPQVXn6z6Y3NoRuEOwdc4 _mOGQu11P43d4Fb8OGSEeDJ_AsebIM9FWRakQeH_rBtmEr8_ua 1VJwBd_Ws3-miUSngeShjQ7W5K4p6SytCWs2=w2400[/IMG]

            Allow AdwCleaner to start scanning and depending on the amount of data on your PC it may take some time. At the conclusion of the scan any content considered unnecessary will be displayed in the Scan Results box. Ensure all items are selected for removal and click “Clean & Repair”
            [IMG alt="7pQdUft-ojpPn88OGfzif4Zs2nG7cOkKWXOxq2hnIP5ll37IPbMzLUh9W3 aC0wQonD-NEIwql19Hh7DJiYPOF1HL71bdqy81MiaqpcsP5f0JtykiLSk-l96KByQKj1ou2rexlOpo=w2400" width="627px" height="401px"]https://lh3.googleusercontent.com/7pQdUft-ojpPn88OGfzif4Zs2nG7cOkKWXOxq2hnIP5ll37IPbMzLUh9W3 aC0wQonD-NEIwql19Hh7DJiYPOF1HL71bdqy81MiaqpcsP5f0JtykiLSk-l96KByQKj1ou2rexlOpo=w2400[/IMG]

            After selecting “Clean & Repair” another dialogue box may appear asking to restart now or later. If so choose “Clean & Restart Now”
            Once the PC has restarted if AdwCleaner does not restart then open it again and click “Log Files” tab on the left. All log files will be listed. If you have used the program previously you may have several logs to select from so double click the most recent “Clean” log and it will open a notepad file on your Desktop.

            Please COPY and PASTE the contents of that file in your next post

            Comment

            • system
              PCHF Owner
              • Jan 2015
              • 7634

              #7
              @Pedio, do you still need help with this?

              Comment

              • Pedio
                PCHF Member
                • Nov 2019
                • 5

                #8
                My apologies sir ,
                I can’t get near my computer cause i’m in a work trip , i’ll be sure to do this when i go back .
                Hope you accept my apology !

                Comment

                • Pedio
                  PCHF Member
                  • Nov 2019
                  • 5

                  #9
                  Hello
                  My sincere apologies for the delayed response
                  i did all the steps but the first scan with (MBAM) didn’t detect any threats .
                  but the second one (AdwCleaner) detected 4 and here are the logs you asked me to [COLOR=rgb(247, 218, 100)]COPY AND PASTE [COLOR=rgb(255, 255, 255)]:
                  [HEADING=1]-------------------------------[/HEADING]
                  [HEADING=1]Malwarebytes AdwCleaner 7.4.2.0[/HEADING]
                  [HEADING=1]-------------------------------[/HEADING]
                  [HEADING=1]Build: 10-21-2019[/HEADING]
                  [HEADING=1]Database: 2019-11-20.1 (Cloud)[/HEADING]
                  [HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
                  [HEADING=1]-------------------------------[/HEADING]
                  [HEADING=1]Mode: Clean[/HEADING]
                  [HEADING=1]-------------------------------[/HEADING]
                  [HEADING=1]Start: 11-26-2019[/HEADING]
                  [HEADING=1]Duration: 00:00:03[/HEADING]
                  [HEADING=1]OS: Windows 10 Pro[/HEADING]
                  [HEADING=1]Cleaned: 5[/HEADING]
                  [HEADING=1]Failed: 1[/HEADING]
                  ***** [ Services ] *****

                  No malicious services cleaned.

                  ***** [ Folders ] *****

                  Deleted C:\ProgramData\Tencent
                  Deleted C:\Users\nek00\AppData\Local\Tencent
                  Deleted C:\Users\nek00\AppData\Roaming\Tencent
                  Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Tencent

                  ***** [ Files ] *****

                  No malicious files cleaned.

                  ***** [ DLL ] *****

                  No malicious DLLs cleaned.

                  ***** [ WMI ] *****

                  No malicious WMI cleaned.

                  ***** [ Shortcuts ] *****

                  No malicious shortcuts cleaned.

                  ***** [ Tasks ] *****

                  No malicious tasks cleaned.

                  ***** [ Registry ] *****

                  Deleted HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

                  ***** [ Chromium (and derivatives) ] *****

                  Not Deleted Touch VPN

                  ***** [ Chromium URLs ] *****

                  No malicious Chromium URLs cleaned.

                  ***** [ Firefox (and derivatives) ] *****

                  No malicious Firefox entries cleaned.

                  ***** [ Firefox URLs ] *****

                  No malicious Firefox URLs cleaned.

                  ***** [ Preinstalled Software ] *****

                  No Preinstalled Software cleaned.


                  [+] Delete Tracing Keys
                  [+] Reset Winsock


                  AdwCleaner_Debug.log - [23873 octets] - [26/11/2019 16:37:45]
                  AdwCleaner[S00].txt - [1722 octets] - [26/11/2019 16:39:03]

                  ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
                  \
                  But sadly the problem is still remaining … thee are unknown things running every time i start my computer like the Opps and Resistent in the image below.
                  all the “Disabilitato” programs means disabled are apps that sowed up when i tried to download mario 64
                  i can’t even find them in the control pannel to uninstall them
                  [ATTACH type=“full”]5542[/ATTACH]
                  thanks for helping me [/COLOR][/COLOR]

                  Comment

                  Working...