file containing a virus and was deleted

[tracey32]

Hello, posting files as requested. Have tried various solutions now over 8 hours or so including malware bytes but can't remove this root kit. Please find attached files requested. Welcome any assistance. Thanks

 

[icotonev]

Hi ,tracey32 ...! Welcome to MalwareTips ..! I am icotonev and will be helping you with your computer problems..! Please give me some time to go over your logs and I will get back to you as soon as possible... !!!

 

[icotonev]

Uninstall a Program

• Press the Windows Key + R.
• Type appwiz.cpl in the Run box and click OK.
• The Add/Remove Programs list will open. Locate the following program(s) on the list:

AVG Update Helper
HitmanPro 3.8
McAfee WebAdvisor
RogueKiller
Trojan Remover
Zemana AntiMalware

• Select the above program(s) and click Uninstall.
• Restart the computer if prompted.

Please post the contents of the latest Malwarebytes clean log:

• Open Malwarebytes
• Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
• Select Export in the bottom left corner, and click Text File. Save the file to your desktop.
• Open the Malwarebytes log on your desktop and copy/paste its contents into your next reply.

FRST scan

• Double-click FRST.exe/FRST64.exe to run it.
• Press the Scan button.
• When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
• Please copy and paste the logs in your next reply.

---------------------------------------------------

In your next reply, please include:

• FRST.txt
• Addition.txt
• Malwarebytes log

 

[icotonev]

Hi..! Are you still with us..?

 

[icotonev]

Due to lack of response, this topic will now be closed. If you need support, please begin a new thread, and provide a link to this topic. Have a nice evening...!

 

[tracey32]

Hello,

Was getting some help on the following thread: file containing a virus and was deleted

Apologies for taking too long to respond but please find attached the information requested. Note that we also followed the instruction to delete various apps as requested. The list included a request to remove but this didn't appear in the application list on when I ran appwiz.cpl.

In addtion to FRST files attached, please find below Malwarebytes log as requested.

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 1/5/20
Scan Time: 6:05 PM
Log File: cff6fde6-2f89-11ea-92eb-d46d6de90236.json
-Software Information-
Version: 4.0.4.49
Components Version: 1.0.785
Update Package Version: 1.0.17267
License: Free
-System Information-
OS: Windows 10 (Build 18362.535)
CPU: x64
File System: NTFS
User: LAPTOP-1CONAC7D\trace
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 280411
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 4 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)

(end)

 

[icotonev]

Hi ,tracey32 ...!

Uninstall a Program - Revo Uninstaller

• Right-click RevoUninstaller_Portable.zip and select Extract All.
• When prompted, select Browse and select Desktop to extract the files to your desktop.
• Right-click RevoUPort.exe and select Run as Administrator.
• Read and accept the End User License Agreement.
• Right-click the following program and select Uninstall:

AVG Update Helper
Lenovo App Explorer
McAfee WebAdvisor

• Revo Uninstaller will create a System Restore point. Once complete, the program's uninstaller will open.
• Follow the prompts to uninstall the program.
  Note: Do not restart the computer if prompted.
• In the Scanning Modes dialog box, select Advanced > Scan.
• On the Found leftover registry entries dialog box (if present) click Select All > Delete > Yes.
• On the Found leftover files and folders dialog box (if present) click Select All > Delete > Yes.
• Click OK if prompted, then Finish.

Farbar Recovery Scan Tool - Fix

Please download the attached file * fixlist.txt * to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:

• Fixlog.txt

 

[tracey32]

Many thanks for your follow up. Completed all steps as requested except please note that when using revo uninstaller I could not see "avg update helper" in the list. Further please note that I was unable to get the "portable version" of revo to extract to desktop so I downloaded the other option and followed your instructions using that version (version 2.1.1).

Please find attached fixlog.txt

 

[icotonev]

Hi ,tracey32 ...! Excuse me for the delay.. Business engagements...!
Excellent work so far...! How does your system behave, do you observe the initial problems..?

AdwCleaner

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now...
  • When the scan has finished a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Filestab ...
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

----------------------------------------------------

FRST scan - fresh

• Double-click FRST.exe/FRST64.exe to run it.
• Press the Scan button.
• When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
• Please copy and paste the logs in your next reply.

---------------------------------------------------

In your next reply, please include:

• AdwCleaner[S0*].txt
• FRST.txt
• Addition.txt

 

[tracey32]

Hello again, apologies for the delay. After a couple of days of normal operation and seeing the original problem go away the laptop is now behaving unusually. I need to investigate further and will be back to you on this. Thanks, Tracey32

 

[icotonev]

Hi ,tracey32 ...! No problem...!
I await your answer..!
Thanks ..!