Backdoor on my pc (Solved)

I did the scan on a french software and posted it on a french website, if you need me to use a different software, let me know.

Hello

I will tag our expert.. @Malnutrition

Alright, thank you!

@veeg move to malware area

Attach the autlogger, and Frst and addition.txt I’ll have a look when I get home.

Download Autologger to your desktop.
Disable your Anitivirus/Defender prior to running.
[ul]
[li]Unzip it there. – If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----[/li][li]Right click Autologger and run as admin. (Xp user double click)[/li][li]AVZ4 will open and scan your machine, allow this to complete.[/li][li]Upload Collectionlog.zip to your next reply.[/li][/ul]

---

OK, I apologize but I need these logs in english please. You can do that for me by renaming FRST

Sorry for the inconvenience.

I’d like to have these logs in English please.
Right Click on FRST64 and rename the FRST file to FRST64english.exe
Please then re-run the scan and post the FRSTand Addition.txt logs.
Make sure and still run the program as Administrator.

Attach them here, I will not visit sites I’m unfamiliar with.

Attach here or at pastebin.com
Then send me the link.

Alright

Thanks for your help. Here are the logs you asked for:

,

@Malnutrition let me know if you need something else.

I will be home in a couple hours. To check this over.

Alright thank you so much for your help, I will probably be asleep when you will be back which means I will reply tomorrow.

[COLOR=rgb(184, 49, 47)]Change all passwords to your youtube/social media if you have not done so already from a known clean machine or your phone!

---

---

---

Running from D:=======> Make sure you save the fixlist to the D: drive, and run it from there, the fixlist and FRST need to be in the same location in order for the fix to work.

---

---

---

Look in the Autologger folder and drag out the CheckBrowsersLNK file.
To your desktop.
AutoLogger\CheckBrowserLnk

Drag and drop onto the ClearLNK utility .
After saving ClearLNK to desktop.
[IMG alt=“move.gif”]https://dragokas.com/tools/move.gif

---

---

---

Run HijackThis! as admin! (located in the folder …Autologger\HijackThis)
Do a system scan, then check each item below, make sure and only check the items listed.
Then click Fix checked.
The computer will need to reboot, allow it to do so.
O4 - HKCU..\StartupApproved\Run: [Firefox Browser] = C:\Firefox\X-Firefox.exe (file missing) (2021/03/31)
O4 - HKCU..\StartupApproved\Run: [Windscribe] = C:\Program Files (x86)\Windscribe\Windscribe.exe -os_restart (file missing) (2021/03/31)
O4 - HKLM..\StartupApproved\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) (2021/02/06)
O4 - HKLM..\StartupApproved\Run32: [NAT Subsystem] = C:\Program Files (x86)\NAT Subsystem\natss.exe (file missing) (2021/02/06)
O22 - Tasks: NAT Subsystem - C:\Users\PCGAME~1\AppData\Local\Temp\Rar$EXb11152. 43368\Vape V4 cracked.exe $(Arg0) (file missing)
O22 - Tasks: OneDrive Standalone Update Task-S-1-5-21-13960046-46231223-1468497707-1001 - C:\Users\PCGAMER\AppData\Local\Microsoft\OneDrive\ OneDriveStandaloneUpdater.exe (file missing)
O22 - Tasks: OneDrive Standalone Update Task-S-1-5-21-13960046-46231223-1468497707-1002 - C:\Users\PCGAMER\AppData\Local\Microsoft\OneDrive\ OneDriveStandaloneUpdater.exe (file missing)
O22 - Tasks: Opera scheduled Autoupdate 1616069614 - C:\Users\PCGAMER\AppData\Local\Programs\Opera\laun cher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Tasks: Red Giant Link - C:\Program Files\Red Giant Link\Red Giant Link.exe --silent (file missing)
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\107.1.45.133\elevation_service .exe (file missing)

---

---

---

[COLOR=rgb(184, 49, 47)]Disable your antivirus prior to running AVZ!
Run AVZ as admin! (located in the folder …Autologger\AVZ) click File => Customs Scripts.
Copy the content of the text file I uploaded. (AVZFix.txt)
Click edit select all copy.
Paste into AVZ window.
Make sure the word begin is in the absolute top left of the window as per picture below.
[ATTACH type=“full” alt=“1671501413627.png”]11053[/ATTACH]
Hit Run Fix.

The computer will reboot.

---

---

---

FRST Fix.
Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

---

---

---

Uninstall with Geek Uninstaller.
Reimage Repair (HKLM...\Reimage Repair) (Version: 1.9.7.2 - Reimage) <==== ATTENTION[/IMG][/COLOR]

Hello, thanks for your help but I got some questions:
Running from D:=======> Make sure you save the fixlist to the D: drive, and run it from there, the fixlist and FRST need to be in the same location in order for the fix to work.

The fixlist and FRST are the only programs that needs to be in D:/ drive?
Do a system scan, then check each item below, make sure and only check the items listed.

Which items?

and what do I do with this?
Look in the Autologger folder and drag out the CheckBrowsersLNK file.
To your desktop.

@Malnutrition doing this is 100% going to remove the backdoor on my computer and we will be able to check whether its still here or not?
Thanks again for the help.