How to remove malware

Thats it done.

Ok. Since you have an older version of FRST we first need to remove that, and one certain way to do so is…

I should clarify that the last tool you used got me newer logs, I just do not want any confusion on which version of FRST you have being run for the fix below.

Download KpRM
Save to Desktop
Check Delete Tools’
Create Restore point.
Then click run.

---

Download the latest vesion I have uploaded it for you click here to download it.
Unzip it to your desktop!!!

---

Now uninstall All AVG related products from your machine, it is simply trash software and may hender our efforts in this thread.

I suggest you remove them all with GeekUninstaller.

Then run the AVG removal tool.

Make sure and remove the other software listed below, with geek tool.

AVG AntiVirus FREE (HKLM...\AVG Antivirus) (Version: 22.10.3258 - AVG Technologies)
AVG Secure Browser (HKLM-x32...\AVG Secure Browser) (Version: 107.0.19254.108 - AVG Technologies)
AVG Update Helper (HKLM-x32...{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1207.2 - AVG Technologies) Hidden
Browser Assistant (HKLM-x32...{EF511737-E6B5-4675-90FA-5B3DA3D0301A}) (Version: 1.40.3232.31760 - Realistic Media Inc.) <==== ATTENTION
IEBrowserAssistant (HKLM-x32...{BC63C727-3079-49AA-876A-8E459D35CB72}) (Version: 1.0.0 - Realistic Media Inc.) <==== ATTENTION

---

FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

You should know that your machine is infected, and you should run the fix I provided.

HKU\S-1-5-21-4164995525-931560966-1168492100-1001...\Run: [BAStartup] => C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powersh ell -ExecutionPolicy bypass -c “$env:COMPLUS_version=‘v4.0.30319’;$w=”$env:APPDAT A"+'\Browser Assistant';cd $w;&powershell{& ./edge/x86/node.exe ./ed (the data entry has 15 more characters). (No File) <==== ATTENTION
FirewallRules: [{04604670-727D-4EED-864B-BE8D79C55D27}] => (Allow) LPort=32682
FirewallRules: [{BA3FA3D7-0526-4F15-947A-E6863F98E4B8}] => (Allow) LPort=26822

Here are a couple of items that pertain to the malware on your machine, which if you run the fix provided will be eliminated. And just know that removing AVG is only going to help your situation…

Your choice, update the thread when you get a chance.

@areilly18

Its alright now I fixed it my own way cheers

Thanks for letting me know. Have a great night.

These open ports thru your firewall represent a back door onto your machine, hopefully your method cured that.

FirewallRules: [{04604670-727D-4EED-864B-BE8D79C55D27}] => (Allow) LPort=32682
FirewallRules: [{BA3FA3D7-0526-4F15-947A-E6863F98E4B8}] => (Allow) LPort=26822

I highly suggest you follow the steps laid out for you.