Trying to remove Generic.Trojan.DiscordStealer.B.D6426E8C

Ok, remove Bitdefender with GeekUnisntaller, the reinstall it and scan again.

Reinstall Bitdefender and scan with Bitdefender?

Yep, Im thinking something is wrong with bitdefender, I am not seeing any malware nor did Kaspersky or Dr Web. Remove Bitdefender with Geek uninstaller and reboot reinstall it and scan again please.

Okay will do

Good deal, and if it is detected agian, please post a screen shot of the detection, and if the file path is also listed, please post a screen shot of that.

This is what shows up on Bitdefender.

[ATTACH type=“full”]11215[/ATTACH]

This online scanner uses Bitdefender and Arcabit engines, it will remove anything detected and very good at doing so.

This is a scanner based out of Poland, so it is not in english.

Disable Bitdefender.
Download Arcabit Online scanner from the link below.

Save it to your desktop.
Right click. Run as administrator.
Click [COLOR=rgb(184, 49, 47)]Rozpocznij skanowanie systemu which is [COLOR=rgb(147, 101, 184)]Start a system scan
Allow it to complete, once finished click on the [COLOR=rgb(184, 49, 47)]Usun zagrozenia which is [COLOR=rgb(147, 101, 184)]Remove Threats.
Make sure and screen shot the detection.
Then exit out of the program.[/COLOR][/COLOR][/COLOR][/COLOR]

Don’t think it had any threats since it had a tick and did not say anything else

We can run a few more checks, but I think bitdefender is wrong here… Post fresh frst and addition.txt logs for me to review, I will check again to make certain I did not miss anything.

---

Along with these scans.

TdssKiller Scan.

Download TdssKiller from ====> Here.
Save to your desktop.
Right click and run as administrator.
Click Accept to the agreement.
Click on change parameters.
Make sure all items are ticked.
A reboot will be required.
Start the program again after reboot.
Click start scan.
If anything is detected click on report and copy the log.
Post it here.

---

ZHP cleaner Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine.
After you reboot a report will open on your desktop.
Attach the report here in your next reply.

---

Download RogueKiller and install the program.
Once downloaded and installed, right click and run as admin.
Click the check for updates button.
Go to scan setting then slide the MalPE option right to activate.
Then go to scan, then start a full scan on your machine.
Then click report when the scan completes.
Under Share my report click on open then select text file.
Copy it and paste the results here.
Make sure you do not remove anything detected until I see the log please.

So theses are the files first.

Would It be okay If I can take a break for today, And will return to do the scans tomorrow please?

Sure. I’ll post a FRST fix in a few.

Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

[ICODE] Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: RemoveProxy: VirusTotal: C:\ProgramData\Nexon\NGS\NGService.exe virusTotal: D:\Steam\steamapps\common\wallpaper_engine\bin\wal lpaperservice32_c.exe C:\Windows\system32\Drivers\etc\hosts.rollback C:\Users\theph\AppData\Roaming\uTorrent C:\Users\theph\AppData\Local\BitTorrentHelper ShortcutWithArgument: C:\Users\theph\Desktop\Launchers\9Anime.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kkhmlnhenkbmpkojdhniaicigbblkobp ShortcutWithArgument: C:\Users\theph\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\Google Maps.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=nfoelejpajdgdjldhnpaobkadhhhlmha ShortcutWithArgument: C:\Users\theph\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml AlternateDataStreams: C:\Users\theph\AppData\Local\Temp:$DATA [16] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = CMD: del /f /s /q %windir%\prefetch\*.* CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.* CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\Use r Data\Default\Cache\*.*" cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\Us er Data\Default\Cache\*.*" cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*" CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*" CMD: ipconfig /flushdns C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp emptytemp: Reboot: End::[/ICODE][/COLOR]

You can also use the Rescue Environment

[MEDIA=imgur]9OH9BRR[/MEDIA]

Or BitDefender Rescue CD

@Phoenix VR I had a person who is far more experienced than I check this thread, they to believe this is a false positive by Bitdefender, none the less you can post the logs and we can continue to check if you wish.