I can't seem to remove a trojan, should I reset my pc ?

**Malnutrition** · 11-30-2022, 09:09 AM

@prescilgema any update? How are you moving along with the instructions?

**prescilgema** · 11-30-2022, 11:29 PM

Hello !

Sorry I didn’t have the time to work on this, but here is everything you ask for

RogueKiller report :

Code:

Program : RogueKiller Anti-Malware
Version : 15.6.3.0
x64 : Yes
Program Date : Nov 15 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : Support Form | Contact • Adlice Software
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Operating System : Windows 10 (10.0.19044) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Prescilia
User is Admin : Yes
Date : 2022/11/30 22:33:38
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 986
Found items : 3
Total scanned : 72199
Signatures Version : 20221128_091401
Truesight Driver : Yes
Updates Count : 10
************************* Warnings *************************
************************* Updates *************************
BlueStacks App Player (64-bit), version 4.260.0.1032
[+] Available Version : 5.9.410.1001
[+] Size : 1,99 Go
[+] Wow6432 : No
[+] Portable : No
Mozilla Firefox (x64 fr) (64-bit), version 107.0
[+] Available Version : 107.0.1
[+] Size : 216 Mo
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Mozilla Firefox
VLC media player (64-bit), version 3.0.12
[+] Available Version : 3.0.18
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\VideoLAN\VLC
WinRAR 5.91 (64-bit) (64-bit), version 5.91.0
[+] Available Version : 6.11
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\WinRAR
LibreOffice 7.0.3.1 (64-bit), version 7.0.3.1
[+] Available Version : 7.4.3
[+] Size : 657 Mo
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\LibreOffice
paint.net (64-bit), version 4.2.15
[+] Available Version : 4.3.12
[+] Size : 53,9 Mo
[+] Wow6432 : No
[+] Portable : No
Google Chrome (32-bit), version 108.0.5359.71
[+] Available Version : 108.0.5359.72
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files\Google\Chrome\Application
Java 8 Update 301 (32-bit), version 8.0.3010.9
[+] Available Version : 8.0.3330.0
[+] Size : 41,5 Mo
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Java\jre1.8.0_301
Discord (64-bit), version 0.0.311
[+] Available Version : 1.0.9007
[+] Size : 77,1 Mo
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Users\Prescilia\AppData\Local\Discord
Zoom (64-bit), version 5.4.9 (59931.0110)
[+] Available Version : 5.12.9
[+] Size : 9,76 Mo
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Users\Prescilia\AppData\Roaming\Zoom\bin
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
[QUOTE]
[QUOTE]
[QUOTE]
[QUOTE]
[QUOTE]
[QUOTE]
XX - System Policies
└── [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin – 0 → Found
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem *************************
[Tr.Razy (Malicious)] (folder) resources – C:\Program Files\resources → Found
[Adw.TopTools (Malicious)] (folder) Tools – C:\Program Files\Tools → Found
************************* Web Browsers *************************
************************* Antirootkit *************************[/QUOTE][/QUOTE][/QUOTE][/QUOTE][/QUOTE][/QUOTE]

**Malnutrition** · 12-01-2022, 02:27 AM

@prescilgema Ok, we need to run another fix with FRST.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
[COLOR=rgb(184, 49, 47)]The program will close all open browsers!
Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine.
After you reboot a report will open on your desktop.
Attach the report here in your next reply.

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Let me know what issues remain after this latest fix please. [/COLOR]

**prescilgema** · 12-01-2022, 08:50 PM

I did struggle a bit to use ZHP, I scanned more than one time, because I didn’t clean everything it found each time, I didn’t really know how to use it, so I put all the report it did, sorry for the incovenience.

**Malnutrition** · 12-01-2022, 09:56 PM

Any more issues to speak of? I’ll check the logs when I get home. Leaving work now.

**Malnutrition** · 12-01-2022, 11:31 PM

It appears that all items were indeed removed with ZHP Cleaner, the latest repair log, which is indicated with the prefix [R] indicated to me all detected items are removed. Also, in the FRST fix, all the processes went smoothly; as scripted.

I would like to know if your orginal issue which prompted you to make a thread here is solved? If the problem is solved I will have you run a tool to check for outdated software with options to fix that, and we will remove all the tools we used during the process and erase and create a new restore point.

**prescilgema** · 12-01-2022, 11:57 PM

I’m gonna do a full analysis on my computer to see and I’ll keep you updated, thanks !

**Malnutrition** · 12-02-2022, 01:22 AM

Either way, you might as well update your programs, with PatchMyPC. home version.

**prescilgema** · 12-02-2022, 05:40 PM

Thanks, I’ll update them !
I did a few complete scans with Windows Defender and Bitdefender and it seems clean ! Thanks a lot for your time and your help, I’m really grateful

**Malnutrition** · 12-02-2022, 11:04 PM

Alright, glad to be of service. You follow instructions well, so you made this easy for me.

We will clean all the tools we used…

Download KpRM
Save to Desktop
Check Delete Tools’
Check Delete Restore points.
Create Restore point.
Click delete quarantines.
Then click run.

I suggest the following…

Alternate DNS.
O&O ShutupTen.
UblockOrigin.

Since you are using Bitdefender, make sure and disable windows defender. You do not need two antivirus applications running on your machine at once.

[COLOR=rgb(184, 49, 47)]I’ll mark this as solved for you.

Tell a friend or two about the forums. [/COLOR]

I can't seem to remove a trojan, should I reset my pc ?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment