Trying to remove Generic.Trojan.DiscordStealer.B.D6426E8C

Disable your antivirus
Download Dr Web from the link below.

Save the file to your desktop.
Right Click on the randomly named file.
Run as administrator.
Agree to terms and continue.
Select objects for scanning, make sure all boxes are ticked.
Then check mark the click to select files and folders.
Make sure C: drive is checked.
Click OK.
Then click start scanning.
Once the scan is completed.
click on open report.
Then select file.
Save then save cureit.log to desktop.
Upload the log to https://catbox.moe/ or https://ufile.io/ and send me a link to the file.
If you are sure about the files detected being malicious.
Then make sure all items are ticked and under action move to delete.
Then hit the Neutralize button.
Reboot your computer after the scan.

Here is the link https://files.catbox.moe/nomshx.log

Also here is the xml file that bitdefender https://files.catbox.moe/87e0cp.xml

Ok, while I look over this.

Run this tool for me, it is similar to FRST but checks in different areas. I’ll check logs and provide another fix for you.

Download ZHP Suite to your desktop.
Right Click Run as admin.
Hit the scanner button.
Once it is complete a file name ZHPdiag.txt will be on your desktop.
Attach it.

---

Send this file to virustotal.

c:\users\theph\desktop\prinjectorfree\prinjector.e xe

This is what Bitdefnder is saying is a virus. I believe this is a false positive, but we will see what virustotal says, if you do not know what this file is delete it.

Did not like it how a bunch of browser popups showed up on my chrome but there is the txt.

Send this file to virustotal.

c:\users\theph\desktop\prinjectorfree\prinjector.e xe

This is what Bitdefnder is saying is a virus. I believe this is a false positive, but we will see what virustotal says, if you do not know what this file is delete it.

I removed the file since it was for a game, but I didn’t need it anymore..

OK. While I look over the ZHP log, scan with bitdefender again to see if the issue is still present.

Oki doki

Yep its still there.

Its not really doing anything to my PC
Its just there and I wanna try and get rid of it without resetting my pc

Still checking logs.

Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

[ICODE] Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: RemoveProxy: VirusTotal: C:\Windows\Installer\Razer\Installer\1652838079gKQ 1VdssRazerChromaBroadcasterSetup_v3.7.0531.051809. exe VirusTotal: C:\Windows\Installer\Razer\Installer\1652838079gKQ 1VdssRazerChromaBroadcasterSetup_v3.7.0531.051809. exe VirusTotal: C:\Windows\Installer\Razer\Installer\1652838079gKQ 1VdssRazerChromaBroadcasterSetup_v3.7.0531.051809. exe VirusTotal: C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.13. 0_x64__qmba6cd70vzyy\MyASUSUpdatedTask\PlugIn\Upda teMessenger.exe VirusTotal: C:\Windows\Installer\Razer\Installer\1652838079gKQ 1VdssRazerChromaBroadcasterSetup_v3.7.0531.051809. exe VirusTotal: C:\Program Files\Cheat Engine 7.4\ceregreset.exe VirusTotal: c:\users\theph\desktop\prinjectorfree\prinjector.e xe DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|ut DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|Salad DeleteValue: HKEY_USERS\S-1-5-21-1958790192-829533772-2814255167-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|ut DeleteValue: HKEY_USERS\S-1-5-21-1958790192-829533772-2814255167-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|Salad DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|THX22adHelper DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|THX051cHelper DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32|LogMeIn Hamachi Ui DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32|SunJavaUpdateSched DeleteKey: HKCU\SOFTWARE\05aa181a-e2c4-5231-ae02-02af49144086 DeleteKey: HKCU\SOFTWARE\ac231ef6-6414-5f8d-b36f-3b57705721dd DeleteKey: HKU\S-1-5-21-1958790192-829533772-2814255167-1001\SOFTWARE\05aa181a-e2c4-5231-ae02-02af49144086 DeleteKey: HKU\S-1-5-21-1958790192-829533772-2814255167-1001\SOFTWARE\ac231ef6-6414-5f8d-b36f-3b57705721dd C:\ProgramData\AnchorFree_Inc C:\ProgramData\LogMeIn C:\Users\theph\AppData\Local\7548048801bead4d93ddf 6a662bae9cf C:\Users\theph\AppData\Local\UT008 c:\users\theph\desktop\prinjectorfree\prinjector.e xe C:\ProgramData\DP45977C.lfl C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state On emptytemp: Reboot: End:: [/ICODE]

---

Remove malwarebytes with this tool.

Instructions in link.

---

Save it to your desktop.
I suggest a full scan with Kaspersky.
Disable Defender/antivirus prior to scanning…
Download and run a full scan with the Kaspersky Virus Removal tool.
Accept the terms.
Click Change Parameters.
Select the System drive.
All volumes.
Click OK, start Scan.
Delete any detected items.
Report any detections here.

Still scanning atm…Theses are the only options what should I do?

[ATTACH type=“full” alt=“zqV7OW4JM5.png”]11212[/ATTACH]

Delete the second one the first one is what I removed, and is already in quarantine.

Well you can delete both, no harm and post the last fix log please.

I think it created this one.