Ground.exe problem

Status
Not open for further replies.

Trata Miento

New Member
Thread author
May 20, 2020
11
Hello There,
This is my second post regarding this topic, since the first one is weeks ago and closed now i will ask this in thi new post.
anyway, I found out that my laptop has been infected with the ground.exe virus and destroying my exe files. I Tried using malwarebytes and it work... At least until the free trial end and the virus is back again somehow, and yeah i need help from all of you to help me to remove this virus, looking back to my old post i tried to use Farbar Recovery Scan Tool and i will attach the scan result below.
 

Attachments

  • Addition.txt
    154.6 KB · Views: 9
  • FRST.txt
    187.3 KB · Views: 10

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Remove these program(s) in bold using the Control Panel > Programs > Programs and Features...
IDM Crack 6.29 build 1 (HKLM-x32\...\IDM Crack 6.29 build 1) (Version: 6.29 build 2 - Crackingpatching.com Team)
IDM Crack 6.35 build 14 (HKLM-x32\...\IDM Crack 6.35 build 14) (Version: 6.35 build 14 - Crackingpatching.com Team)
RelevantKnowledge (HKLM-x32\...\{d08d9f98-1c78-4704-87e6-368b0023d831}) (Version: 1.3.337.412 - TMRG, Inc.) <==== ATTENTION

Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.
 

Attachments

  • fixlist.txt
    81.8 KB · Views: 10

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,

If the problem persists and Chrome is Synced with other Devices reset it.



Execute the suggested fix.

Restart the computer normally.
===========


Set your system to see all files.
Unhide files/folders Windows.
How To:
<<<>>>

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
ground.exe
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

If nothing is found please run this program.

Read carefully and follow these steps.
TDSS

  • Download TDSSKiller and save it to your Desktop.[/*]
  • Doubleclick on TDSSKiller.exe to run the application.[/*]
  • Then click on Start Scan.[/*]
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If an infected file is detected, the default action will be Cure, click on Continue.[/*]
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.[/*]
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.[/*]
===
 

Trata Miento

New Member
Thread author
May 20, 2020
11
here are the results, should i use the TDSSkiller ?
 

Attachments

  • Search.txt
    557 bytes · Views: 6
  • SearchReg.txt
    249 bytes · Views: 6

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
Hi,

Boot the computer to Safe Mode.

Delete the files in bold.
C:\Users\M Ravi L\AppData\Roaming\Ground.exe
C:\Users\Creed\AppData\Roaming\Ground.exe

Restart the computer normally.

How is it now?

p.s.
No need for you to run the TDSSKiller.
 

Trata Miento

New Member
Thread author
May 20, 2020
11
Hi,

Boot the computer to Safe Mode.

Delete the files in bold.
C:\Users\M Ravi L\AppData\Roaming\Ground.exe
C:\Users\Creed\AppData\Roaming\Ground.exe

Restart the computer normally.

How is it now?

p.s.
No need for you to run the TDSSKiller.
lemme try
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
HI,

Is Chrome Synced with other devices?
See my post no 6.

Is any other browser(s) that you use synced also?

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller[/*]
  • Quit all programs that you may have started.[/*]
  • Please disconnect any USB or external drives from the computer before you run this scan![/*]
  • For Vista or above, right-click the program file and select "Run as Administrator"[/*]
  • Accept the user agreements.[/*]
  • Execute the scan and wait until it has finished.[/*]
  • If a Windows opens to explain what [PUM's] are, read about it.[/*]
  • Click the RoguKiller icon on your taksbar to return to the report.[/*]
  • Click open the Report[/*]
  • Click Export TXT button[/*]
  • Save the file as ReportRogue.txt[/*]
  • Click the Remove button to delete the items in RED[/*]
  • Click Finish and close the program.[/*]
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.[/*]
=======
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
HI,

Run the RogueKiller program and delete everything.

Restart the computer normally.

Run the Farbar program and post fresh logs for my review.

Let me know if the problem persists.
 

Trata Miento

New Member
Thread author
May 20, 2020
11
HI,

Run the RogueKiller program and delete everything.

Restart the computer normally.

Run the Farbar program and post fresh logs for my review.

Let me know if the problem persists.
what do you mean delete Everything?
 

nasdaq

Moderator
Verified
Staff Member
Nov 5, 2019
1,425
everything found by the RogueKiller program.
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
[PUP.Ask|PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\AskTBar -- N/A -> Found
[PUP.ByteFence|PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\.DEFAULT\Software\ByteFence -- N/A -> Found
[PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-2253825751-665123458-2163530786-1002\Software\csastats -- N/A -> Found
[PUP.ByteFence|PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-18\Software\ByteFence -- N/A -> Found
>>>>>> O87 - Firewall
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4BBC66D3-56E5-4E26-9413-DD070225D972} -- v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\MVdaYxaEOauZ.exe|Name=C:\WINDOWS\MVdaYxaEOauZ.exe|Desc=C:\WINDOWS\MVdaYxaEOauZ.exe| (C:\WINDOWS\MVdaYxaEOauZ.exe) -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.HackTool (Potentially Malicious)] (folder) AutoKMS -- C:\Windows\AutoKMS -> Found
[Adw.Xunlei (Malicious)] (folder) Thunder Network -- C:\ProgramData\Thunder Network -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

Trata Miento

New Member
Thread author
May 20, 2020
11
Anyway thanks for helping me so far, the virus is still here, and i gave up. I'm just gonna format my Hdd and reinstall the windows, it's on my old laptop anyway.
once again, thanks.
 
  • Like
Reactions: Gandalf_The_Grey
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top