Solved UC Chinese Virus

[Malnutrition]

So... how are things running now? Any issues to speak of?

 

[Malnutrition]

Issue solved or not?

@Iaro96

 

[Iaro96]

Sorry for the late response. I'm in finals week.
I'm bit paranoic about having viruses hiding. Did you see anything on the logs I sent you? or was everything safe?
If it seems like I'm safe, then the only problems left are the Lenovo error pop up at startup and Chrome, which I'm unable to install even with the ResetMyBrowser.

 

[Malnutrition]

I see no virus left on your machine. Can you post FRESH hijack this and autoruns logs.

 

[Malnutrition]

Can you tell me the exact error that pops up, and also try and install Chrome with the Patch My PC Tool. Or log into the built in admin account and install Chrome that way.

 

[Malnutrition]

@Iaro96 How about an update for us? If there is no update in 48 Hours, this thread will be closed.

 

[Iaro96]

Hello! Really sorry, finals week.
I'm unfamiliar with those tools, but will try. Ill post a picture of the error shortly.

 

[Iaro96]

 

[Malnutrition]

Ok, using Autoruns type or copy and paste Lenovo-31951.vbs & Lenovo-31886.vbs into the search window, then uncheck the item once found. Reboot the machine.

Use Patch My Pc to install Google Chrome.

Fresh FRST Logs.


Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on FRST icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.

Please Copy & Paste them into your next reply

 

[Iaro96]

Alright, will do these things in the same order as listed!

 

[Iaro96]

Autoruns doesn't show me anything when I search for that

 

[gus]

Autoruns doesn't show me anything when I search for that

Whilst we are waiting for the experts, did you run Autoruns as Administrator, that is important

 

[gus]

If you are not sure how to do that, this will show you.


To use Autoruns open the folder and right Click Either
Autoruns.exe -- for 32 bit systems, or
Autoruns64.exe -- for 64 bit systems.
And on the right click context menu click "Run as administrator"
If you are unsure if your system is 32 or 64 bit CLICK HERE

When Autoruns opens.

1. Select the "Everything" tab.
2. Type "Lenovo-31886.vbs" in the filter box.
3. Deselect any entries found.

Then repeat the above typing "Lenovo-31951.vbs" in the filter box

 

[Iaro96]

Ahh, I was missing running as administrator. My bad...
Got it! Unchecked them and got Google Chrome
Here I've attached the fresh FRST logs.

 

[jmarket]

Your logs look good laro96 Any issues persisting?

 

[Iaro96]

This is the last thing remaining... it another error that pop-up after startup.

 

[jmarket]

Are you referring to startup of the computer or startup of a program?

 

[Iaro96]

When I boot the computer

 

[jmarket]

Can you post a fresh autoruns log? Something is trying to create a file in the %TEMP% directory but is unable to.

Also please try the following:

1. Navigate to C:\Users\[Username]\AppData\Local.
2. Right-click on the Temp folder and select Properties.
3. Select Security and click Advanced.
4. On the Permissions, you should see three options:
   ‘SYSTEM‘ with Full control which applies to ‘This folder, subfolders and files’
   ‘Administrators‘ with Full control which applies to ‘This folder, subfolders and files’
   ‘Your Username‘ with Full control which applies to ‘This folder, subfolders and files’
   
   
5. All these permissions inherited from the C:\Users\[Username]\ folder. Therefore, if the option Include inheritable permissions from this object’s parent’ is not marked with a tick, click on Change Permissions.
6. Mark ‘Include inheritable permissions from this object’s parent’ with a tick, click Apply and then OK.
7. Select Continue and remove inherited permissions.

 

[Iaro96]

Here is the fresh autoruns log.