Solved Can't seem to get rid of this s.yimg pop up

Michael1771

New Member
Thread author
Aug 26, 2021
9
Hey all,

I've had a pop up occuring on my computer for a couple of days now, and I've tried Total AV, and just now malwarebytes to get rid of it. No luck...here is what pops up on my screen.

s yimg photo.png
Any help would be greatly appreciated. Thanks in advance.

Michael Wood
 
  • Like
Reactions: Nevi

icotonev

Moderator
Verified
Staff member
Mar 9, 2017
252
Hello, Welcome to MalwareTips..! :)

Please follow the following instruction ..! I look forward to your analysis diaries ..!

 

Michael1771

New Member
Thread author
Aug 26, 2021
9
OK....ran malwarebytes again, and problem still persists. I've attached the two reports requested, in record time for the senior division I believe. (y)
 

Attachments

  • FRST.txt
    50.9 KB · Views: 21
  • Addition.txt
    52.2 KB · Views: 21
  • Like
Reactions: Nevi

icotonev

Moderator
Verified
Staff member
Mar 9, 2017
252
Uninstall Program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs in the list:
Code:
Web Companion
TotalAV
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer


Farbar Recovery Scan Tool - Fix

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:
  • Fixlog.txt
 

Attachments

  • fixlist.txt
    6.8 KB · Views: 22

icotonev

Moderator
Verified
Staff member
Mar 9, 2017
252
Well done..! :) Next ....:

Malwarebytes Anti-Malware

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.


Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
In your next reply, please include:
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report
 

Michael1771

New Member
Thread author
Aug 26, 2021
9
Here ya go
 

Attachments

  • Malwarebytes scan report.txt
    1.2 KB · Views: 20
  • AdwCleaner[S00].txt
    4.5 KB · Views: 20

icotonev

Moderator
Verified
Staff member
Mar 9, 2017
252
Thanks..! :)


AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

In your next reply, please post:

  • The AdwCleaner[C0*].txt
 

Michael1771

New Member
Thread author
Aug 26, 2021
9
OK...here it is, and thanks for taking time to help me with this. I do appreciate the efforts on your part.(y)
 

Attachments

  • AdwCleaner[C01].txt
    4.9 KB · Views: 20

icotonev

Moderator
Verified
Staff member
Mar 9, 2017
252
Good morning..! Excellent work..! :)
Can you tell me what is the condition of your computer after all the procedures so far ..? Tell me what problems do you see at this stage ..?

After that, I will need fresh FRST logs.

Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply
 
  • Like
Reactions: upnorth

icotonev

Moderator
Verified
Staff member
Mar 9, 2017
252
I'm glad I was able to help you.. :)
However, to check please for:

Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply
 
  • Like
Reactions: upnorth

icotonev

Moderator
Verified
Staff member
Mar 9, 2017
252
Everything is fine..! We end:

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
 
  • Like
Reactions: Nevi

Michael1771

New Member
Thread author
Aug 26, 2021
9
# Run at 8/29/2021 10:47:28 AM
# KpRm (Kernel-panik) version 2.9.2
# Website KpRm | Suppression des outils de désinfection
# Run by micha from C:\Users\micha\Downloads
# Computer Name: DESKTOP-CCHEF22
# OS: Windows 10 X64 (19043)
# Number of passes: 1

- Checked options -

~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines

- Create Registry Backup -

~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\micha\NTUSER.dat backed up

[OK] Registry Backup: C:\KPRM\backup\2021-08-29-10-47-28

- Delete Tools -


## AdwCleaner
[OK] C:\Users\micha\Downloads\AdwCleaner.exe deleted
[OK] C:\AdwCleaner deleted

## FRST
[OK] C:\Users\micha\Downloads\Addition.txt deleted
[OK] C:\Users\micha\Downloads\Fixlog.txt deleted
[OK] C:\Users\micha\Downloads\FRST-OlderVersion deleted
[OK] C:\Users\micha\Downloads\FRST.txt deleted
[OK] C:\Users\micha\Downloads\FRST64.exe deleted
[OK] C:\FRST deleted

- Restore System Settings -

[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files

- Restore UAC -

[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

~ [OK] RP named Scheduled Checkpoint created at 08/20/2021 07:44:01 deleted
~ [OK] RP named AdwCleaner_BeforeCleaning_27/08/2021_13:00:11 created at 08/27/2021 20:00:13 deleted
[OK] All system restore points have been successfully deleted

- Create Restore Point -

[OK] System Restore Point created

- Display System Restore Point -

~ RP named KpRm created at 08/29/2021 17:47:40

-- KPRM finished in 26.31s --