im necessarily not being hurt from this virus. but it is annoying and id love to get rid of it. if you can help that would be amazing.
i have random adds playing in the background
- Thread starter brandon t briggs
- Start date
- Mar 8, 2013
- 22,627
Hello,
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
okay i did the scan, looked at the results on the first on the processes (whitelisted) i found this C:\Program Files (x86)\Darned\kana.exe, and kana is the same thing i have to mute on my volume mixer. but im not sure thats the only thing.. because im getting pop up adds now.
- Mar 8, 2013
- 22,627
i was downloading a game off of the internet. rise of nations. and it was taking forever and i started hearing the adds playing while it was downloading. so it was the download. i stopped it and deleted the file as soon as i heard it.. but that is how it happened
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
Okay, thanks.
Please download Zemana AntiMalware and save it to your Desktop.
Please download Zemana AntiMalware and save it to your Desktop.
- Install the program and once the installation is complete it will start automatically.
- Without changing any options, press Scan to begin.
- After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
- Open Zemana AntiMalware again.
- Click on
icon and double click the latest report.
- Now click File > Save As and choose your Desktop before pressing Save.
- The only left thing is to attach saved report in your next message.
it didnt give me a report but it did highlight kana and a few other programs that i believe caused the ads. so i think that fixed the issue..
if so. i really thankyou for your help. i dont know you. but you really seem to know alot about this kind of stuff. im glad i found this sight!
if so. i really thankyou for your help. i dont know you. but you really seem to know alot about this kind of stuff. im glad i found this sight!
Zemana AntiMalware 2.50.2.133 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/10/8
Operating System : Windows 10 64-bit
Processor : 8X Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
BIOS Mode : UEFI
CUID : 129AC19F677BB27145BE3C
Scan Type : Smart Scan
Duration : 2m 8s
Scanned Objects : 39760
Detected Objects : 7
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
NlaSvc Manual Proxies
Status : Scanned
Object : HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@ = 1http=127.0.0.1:8877;https=127.0.0.1:8877
Proxy Settings (Policy)
Status : Scanned
Object : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = enabled
Proxy Settings (Policy)
Status : Scanned
Object : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = enabled
Proxy Enabled (System)
Status : Scanned
Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Repair
Related Objects :
Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled
Proxy Enabled (User)
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Repair
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled
Proxy Server (System)
Status : Scanned
Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
Proxy Server (User)
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
Cleaning Result
-------------------------------------------------------
Cleaned : 7
Reported as safe : 0
Failed : 0
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/10/8
Operating System : Windows 10 64-bit
Processor : 8X Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
BIOS Mode : UEFI
CUID : 129AC19F677BB27145BE3C
Scan Type : Smart Scan
Duration : 2m 8s
Scanned Objects : 39760
Detected Objects : 7
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
NlaSvc Manual Proxies
Status : Scanned
Object : HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@ = 1http=127.0.0.1:8877;https=127.0.0.1:8877
Proxy Settings (Policy)
Status : Scanned
Object : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = enabled
Proxy Settings (Policy)
Status : Scanned
Object : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = enabled
Proxy Enabled (System)
Status : Scanned
Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Repair
Related Objects :
Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled
Proxy Enabled (User)
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Repair
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled
Proxy Server (System)
Status : Scanned
Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
Proxy Server (User)
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
Cleaning Result
-------------------------------------------------------
Cleaned : 7
Reported as safe : 0
Failed : 0
thats the second one,
Zemana AntiMalware 2.50.2.133 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/10/8
Operating System : Windows 10 64-bit
Processor : 8X Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
BIOS Mode : UEFI
CUID : 129AC19F677BB27145BE3C
Scan Type : Smart Scan
Duration : 3m 46s
Scanned Objects : 39773
Detected Objects : 13
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
NlaSvc Manual Proxies
Status : Scanned
Object : HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@ = 1http=127.0.0.1:8877;https=127.0.0.1:8877
Proxy Settings (Policy)
Status : Scanned
Object : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = enabled
Proxy Settings (Policy)
Status : Scanned
Object : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = enabled
Proxy Enabled (System)
Status : Scanned
Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Repair
Related Objects :
Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled
Proxy Enabled (User)
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Repair
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled
Proxy Server (System)
Status : Scanned
Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
Proxy Server (User)
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
kana.exe
Status : Scanned
Object : %programfiles%\darned\kana.exe
MD5 : AF2FDBB38288E12956CFE2551CDB0B7E
Publisher : -
Size : 516096
Version : 1.0.0.0
Detection : Adware:Win32/Fitzia.A!Ltal
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\darned\kana.exe
Process - 4112 - C:\Program Files (x86)\Darned\kana.exe
Scheduled Task - C:\Windows\System32\Tasks\Da3975449239754492
Scheduled Task - C:\Windows\System32\Tasks\39754492
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup = C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\overfished = "C:\Program Files (x86)\Darned\kana.exe"
pinpricks.exe
Status : Scanned
Object : %systemroot%\pinpricks.exe
MD5 : AB98F594A71E7F9EFB4DCC4B9B7B3A56
Publisher : -
Size : 7680
Version : 7.2.6.18
Detection : Adware:Win32/Tyron.A!Aaea
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\pinpricks.exe
Process - 2260 - C:\Windows\pinpricks.exe
Registry Entry - HKLM\System\CurrentControlSet\Services\indentured\ImagePath = C:\Windows\pinpricks.exe
interstatnogui.exe
Status : Scanned
Object : %appdata%\interstatnogui\interstatnogui.exe
MD5 : E2D02E48943BD9D255661BB892656CBC
Publisher : OOO "FENIKS"
Size : 3220416
Version : 3.5.7.0
Detection : Adware:Win32/BandwidthStat-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\interstatnogui\interstatnogui.exe
Process - 5864 - C:\Users\Laptop\AppData\Roaming\Interstatnogui\interstatnogui.exe
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Interstatnogui = C:\Users\Laptop\AppData\Roaming\Interstatnogui\interstatnogui.exe
recalibrated.exe
Status : Scanned
Object : %systemroot%\recalibrated.exe
MD5 : 56D652CED8BF2843D66F775888940351
Publisher : -
Size : 7680
Version : 5.6.8.140
Detection : Adware:Win32/Gavin.A!Aaea
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\recalibrated.exe
Process - 2500 - C:\Windows\recalibrated.exe
Registry Entry - HKLM\System\CurrentControlSet\Services\murthy\ImagePath = C:\Windows\recalibrated.exe
sampras.exe
Status : Scanned
Object : %programfiles%\stahl\sampras.exe
MD5 : 03634CAD29542E643C38C0D7CEE0F0BA
Publisher : -
Size : 523264
Version : 7.7.5.136
Detection : Adware:Win32/Bander.A!Taec
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\stahl\sampras.exe
Scheduled Task - C:\Windows\System32\Tasks\b404112
Scheduled Task - C:\Windows\System32\Tasks\217173660
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pollack = "C:\Program Files (x86)\stahl\sampras.exe"
research soft
Status : Scanned
Object : NE->c:\windows\marketing research association\research soft
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA:Win32/Research Soft.B!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
Cleaning Result
-------------------------------------------------------
Cleaned : 13
this is the first one. it said its quarantined everything.
Zemana AntiMalware 2.50.2.133 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/10/8
Operating System : Windows 10 64-bit
Processor : 8X Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
BIOS Mode : UEFI
CUID : 129AC19F677BB27145BE3C
Scan Type : Smart Scan
Duration : 3m 46s
Scanned Objects : 39773
Detected Objects : 13
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
NlaSvc Manual Proxies
Status : Scanned
Object : HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@ = 1http=127.0.0.1:8877;https=127.0.0.1:8877
Proxy Settings (Policy)
Status : Scanned
Object : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = enabled
Proxy Settings (Policy)
Status : Scanned
Object : HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Proxy = enabled
Proxy Enabled (System)
Status : Scanned
Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Repair
Related Objects :
Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled
Proxy Enabled (User)
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Repair
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled
Proxy Server (System)
Status : Scanned
Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
Proxy Server (User)
Status : Scanned
Object : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Setting
Cleaning Action : Delete
Related Objects :
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
kana.exe
Status : Scanned
Object : %programfiles%\darned\kana.exe
MD5 : AF2FDBB38288E12956CFE2551CDB0B7E
Publisher : -
Size : 516096
Version : 1.0.0.0
Detection : Adware:Win32/Fitzia.A!Ltal
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\darned\kana.exe
Process - 4112 - C:\Program Files (x86)\Darned\kana.exe
Scheduled Task - C:\Windows\System32\Tasks\Da3975449239754492
Scheduled Task - C:\Windows\System32\Tasks\39754492
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup = C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\overfished = "C:\Program Files (x86)\Darned\kana.exe"
pinpricks.exe
Status : Scanned
Object : %systemroot%\pinpricks.exe
MD5 : AB98F594A71E7F9EFB4DCC4B9B7B3A56
Publisher : -
Size : 7680
Version : 7.2.6.18
Detection : Adware:Win32/Tyron.A!Aaea
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\pinpricks.exe
Process - 2260 - C:\Windows\pinpricks.exe
Registry Entry - HKLM\System\CurrentControlSet\Services\indentured\ImagePath = C:\Windows\pinpricks.exe
interstatnogui.exe
Status : Scanned
Object : %appdata%\interstatnogui\interstatnogui.exe
MD5 : E2D02E48943BD9D255661BB892656CBC
Publisher : OOO "FENIKS"
Size : 3220416
Version : 3.5.7.0
Detection : Adware:Win32/BandwidthStat-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %appdata%\interstatnogui\interstatnogui.exe
Process - 5864 - C:\Users\Laptop\AppData\Roaming\Interstatnogui\interstatnogui.exe
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Interstatnogui = C:\Users\Laptop\AppData\Roaming\Interstatnogui\interstatnogui.exe
recalibrated.exe
Status : Scanned
Object : %systemroot%\recalibrated.exe
MD5 : 56D652CED8BF2843D66F775888940351
Publisher : -
Size : 7680
Version : 5.6.8.140
Detection : Adware:Win32/Gavin.A!Aaea
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\recalibrated.exe
Process - 2500 - C:\Windows\recalibrated.exe
Registry Entry - HKLM\System\CurrentControlSet\Services\murthy\ImagePath = C:\Windows\recalibrated.exe
sampras.exe
Status : Scanned
Object : %programfiles%\stahl\sampras.exe
MD5 : 03634CAD29542E643C38C0D7CEE0F0BA
Publisher : -
Size : 523264
Version : 7.7.5.136
Detection : Adware:Win32/Bander.A!Taec
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\stahl\sampras.exe
Scheduled Task - C:\Windows\System32\Tasks\b404112
Scheduled Task - C:\Windows\System32\Tasks\217173660
Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\pollack = "C:\Program Files (x86)\stahl\sampras.exe"
research soft
Status : Scanned
Object : NE->c:\windows\marketing research association\research soft
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA:Win32/Research Soft.B!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
Cleaning Result
-------------------------------------------------------
Cleaned : 13
this is the first one. it said its quarantined everything.
- Mar 8, 2013
- 22,627
Okay, let's make sure everything is gone:
Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Make sure that Addition.txt option is checked.
- Press Scan button and wait.
- The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
- Mar 8, 2013
- 22,627
Similar threads
