Solved UC Chinese Virus

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Status
Not open for further replies.
So... how are things running now? Any issues to speak of?
 
Sorry for the late response. I'm in finals week.
I'm bit paranoic about having viruses hiding. Did you see anything on the logs I sent you? or was everything safe?
If it seems like I'm safe, then the only problems left are the Lenovo error pop up at startup and Chrome, which I'm unable to install even with the ResetMyBrowser.
 
I see no virus left on your machine. Can you post FRESH hijack this and autoruns logs.
 
Last edited:
@Iaro96 How about an update for us? If there is no update in 48 Hours, this thread will be closed.
 
Hello! Really sorry, finals week.
I'm unfamiliar with those tools, but will try. Ill post a picture of the error shortly.
 
Untitled.jpg
 
Ok, using Autoruns type or copy and paste Lenovo-31951.vbs & Lenovo-31886.vbs into the search window, then uncheck the item once found. Reboot the machine.

pic.PNG


Use Patch My Pc to install Google Chrome.


Fresh FRST Logs.


Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.
Please Copy & Paste them into your next reply
 
If you are not sure how to do that, this will show you.


To use Autoruns open the folder and right Click Either
Autoruns.exe -- for 32 bit systems, or
Autoruns64.exe -- for 64 bit systems.
And on the right click context menu click "Run as administrator"
If you are unsure if your system is 32 or 64 bit CLICK HERE

WEuDcNy.jpg


When Autoruns opens.
  1. Select the "Everything" tab.
  2. Type "Lenovo-31886.vbs" in the filter box.
  3. Deselect any entries found.
Then repeat the above typing "Lenovo-31951.vbs" in the filter box

WkK6sBY.jpg
 
Ahh, I was missing running as administrator. My bad...
Got it! Unchecked them and got Google Chrome :)
Here I've attached the fresh FRST logs.
 

Attachments

Can you post a fresh autoruns log? Something is trying to create a file in the %TEMP% directory but is unable to.

Also please try the following:

  1. Navigate to C:\Users\[Username]\AppData\Local.
  2. Right-click on the Temp folder and select Properties.
  3. Select Security and click Advanced.
  4. On the Permissions, you should see three options:
    ‘SYSTEM‘ with Full control which applies to ‘This folder, subfolders and files’
    ‘Administrators‘ with Full control which applies to ‘This folder, subfolders and files’
    ‘Your Username‘ with Full control which applies to ‘This folder, subfolders and files’

  5. All these permissions inherited from the C:\Users\[Username]\ folder. Therefore, if the option Include inheritable permissions from this object’s parent’ is not marked with a tick, click on Change Permissions.
  6. Mark ‘Include inheritable permissions from this object’s parent’ with a tick, click Apply and then OK.
  7. Select Continue and remove inherited permissions.
 
Status
Not open for further replies.