No Reply need help! problem with oneetx.exe; cant remove it please help

[eduhatesbots]

I downloaded some software without doublechecking and now alerts keep coming even when the antivirus (avira) has already quarentined the file. I didn't know what else to do so I used a couple of known programs: spybot, panda, avg.... nothing, except panda shows an alert when the malware wants to access the internet
I'm running out of options here, what else can I do? It really slows down the computer and the potential security breach is alarming at least
the file is called oneetx.exe, and apparently it runs other files too? like .dll?
thank you in advance!

edu

 

[icotonev]

Hello, Welcome to MalwareTips..!

Please follow the following instruction ..:

By Staff - [MANDATORY] Preparation Guide Before Requesting Malware Removal Help

Hi and welcome to MalwareTips Malware Removal Forum. If you are reading this, then you are probably seeking help or feel infected. Over 5000 topics have been posted in this forum and most of them have reached a successful conclusion. All instructions are very simple and you need only basic...

malwaretips.com

Thank you..!

 

[eduhatesbots]

hello, thanks for your answer, i thought i had it eliminated after using malwarebytes antirrot kit but now im seeing it infiltrated my ig account an di dont know what else
here are the files from the farbar tool

 

[icotonev]

Hello..! A few things in advance that I see in your files..!

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Avira Antivirus (Enabled - Up to date) {8A154ED8-4428-DB2D-0E3F-BD82C448FD94}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: Panda Dome (Enabled - Up to date) {E18DAE3C-0817-EA74-9F24-3E92157CCE76}
FW: Panda Firewall (Enabled) {D9B62F19-4278-EB2C-B47B-97A7EBAF890D}

+

HitmanPro
Spybot - Search & Destroy
SpyHunter

This is too much security software that installs a lot of files in your system. They can conflict at some point, leading to problems in the operation of your operating system. In addition, they all make the analysis of your system quite difficult.

• Download the Revo Uninstaller Free and save it on your Desktop.
• Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
• Double click the program's icon to open it.
• Write in the search area, on the top left, the following program:

AV: Avira Antivirus (Enabled - Up to date) {8A154ED8-4428-DB2D-0E3F-BD82C448FD94}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: Panda Dome (Enabled - Up to date) {E18DAE3C-0817-EA74-9F24-3E92157CCE76}
FW: Panda Firewall (Enabled) {D9B62F19-4278-EB2C-B47B-97A7EBAF890D}

HitmanPro
Spybot - Search & Destroy
SpyHunter

• Choose the Uninstall tab from the menu and let the program to create a Restore point.
• Choose Scan, and then the Advanced mode scan.
• Select all the Online Services items found, Delete and Next.
• Let the procedure be completed and click on Finish.
• Restart the computer.

..Next ...:

I see you are using a non-English version of FRST. This makes it difficult for me to read your logs, so please do the following ....

• Rename FRST64.exe to FRSTEnglish.exe
• Run a new scan
• Post the new FRST.txt and Addition.txt logs, which should now be in English.

 

[icotonev]

..something else....:

Question ..... did you install Team Viewer yourself ..?
If so no problem. If not, please uninstall it.

 

[eduhatesbots]

Hello! thank you for the quick answer. I used the revounistalle rand followed your instructions, here are the files, hope this helps!

thank you again!

 

[eduhatesbots]

Oh, I uninstalled teamviewer, what's the issue with it?is it too easy to gain access to?

 

[icotonev]

Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:

• Fixlog.txt

 

[eduhatesbots]

one more question, is it safe to keep using the computer knowing it may be infected? should I disconnect the internet?
thanks!

 

[icotonev]

one more question, is it safe to keep using the computer knowing it may be infected? should I disconnect the internet?

For now, this is not necessary..! I'm waiting for the result of the fix..!

 

[eduhatesbots]

ok, here it is!
once again, thank you for your assistance

 

[icotonev]

Great..!

Malwarebytes Anti-Malware

• If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
• If you don't have Malwarebytes installed yet please download it from here and install it.
• Once installed then open Malwarebytes and select Scan and let it run.
• Once the scan is completed make sure you have it quarantine any detections it finds.
• If no detections were found click on the Save results drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
• If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
• If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
• If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now.
  • When the scan has finished, a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Filestab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

FRST scan ( run a new scan with FRST, and post me the new FRST.txt and Addition.txt logs )

• Double-click FRST.exe/FRST64.exe to run it.
• Press the Scan button.
• When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
• Please copy and paste the logs in your next reply.

Scanning with SecurityCheck by glax24

• Download SecurityCheck by glax24 from here and remember the tool on the desktop.
• Run the program right-click the administrator name
• Wait for the scan to finish. It will open in a text file named SecurityType.txt. Copy the contents of this file to your next post
• You can find this file in the root of the system disk in a folder called SecurityCheck, C: \\ SecurityCheck \\ SecurityCheck.txt

In your next reply, please include:

• The AdwCleaner[S0*].txt
• The Malwarebytes report
• FRST.txt
• Addition.txt
• SecurityCheck.tхt

 

[eduhatesbots]

thanks again for the quick replies, I really appreciate you taking off your day to help me. Here are the reports, I hope everything is alright

 

[eduhatesbots]

I meant taking time off your day to help me, hope everything is ok! once again, thanks Icotonev,
the malware seems to have been eliminated
edu

 

[icotonev]

Hello..!

the malware seems to have been eliminated

I think so too...!

SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 17.04.2023 12:00:57
Path starting: C:\Users\User\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: User
VersionXML: 10.52is-12.04.2023
___________________________________________________________________________

Windows 10(6.3.19044) (x64) Professional Release: 2009 Lang: Spanish(0C0A)
Installation date OS: 29.03.2022 11:09:17
LicenseStatus: Windows(R), Professional edition Windows is in Notification mode
LicenseStatus: Office 19, Office19Standard2019R_Grace edition Windows is in Notification mode
LicenseStatus: Office 19, Office19Standard2019VL_KMS_Client_AE edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [446.4 Gb] Used: [273.8 Gb] Free: [172.6 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 3)
Centro de seguridad (wscsvc) - The service is running
Registro remoto (RemoteRegistry) - The service has stopped
Detección SSDP (SSDPSRV) - The service is running
Servicios de Escritorio remoto (TermService) - The service has stopped
Administración remota de Windows (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Avira Security (enabled and up to date)
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
AVG Antivirus (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Firewall de Windows Defender (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
AVG AntiVirus Free v.23.3.3278
Malwarebytes version 4.5.26.259 v.4.5.26.259
Avira Fallback Updater
Avira Security v.1.1.86.3
AVG Update Helper v.1.8.1582.3
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Office Standard 2019 - es-es v.16.0.16227.20280 [+]
Python 3.10.5 (32-bit) v.3.10.5150.0 Warning! Download Update
Python 3.10.5 (64-bit) v.3.10.5150.0 Warning! Download Update
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.23.066.0326.0005 [+]
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 6.11 (64-bit) v.6.11.0 Warning! Download Update
------------------------------- [ Imaging ] -------------------------------
paint.net v.4.3.11 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
Zoom v.5.10.1 (4420) Warning! Download Update
---------------------------- [ ProxyAndVPNs ] -----------------------------
Avira Phantom VPN v.2.41.1.25731
--------------------------------- [ P2P ] ---------------------------------
qBittorrent 4.4.5 v.4.4.5 Warning! Download Update
-------------------------------- [ Media ] --------------------------------
VLC media player v.3.0.17.4 Warning! Download Update
AIMP v.5.02.2370 Warning! Download Update
K-Lite Codec Pack 17.1.0 Full v.17.1.0 Warning! Download Update
Winamp v.5.8
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 es-ES) v.102.0.1 Warning! Download Update
Google Chrome v.112.0.5615.86 [+]
AVG Secure Browser v.111.0.20716.148
Microsoft Edge v.112.0.1722.48 [+]
WebView2 Runtime de Microsoft Edge v.112.0.1722.48 [+]
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\AVG\Antivirus\aswidsagent.exe v.23.3.8047.0
C:\Program Files\AVG\Antivirus\aswEngSrv.exe v.23.3.8047.0
C:\Program Files\AVG\Antivirus\wsc_proxy.exe v.21.4.6162.0
AVG Antivirus (AVG Antivirus) - The service is running
C:\Program Files\AVG\Antivirus\AVGSvc.exe v.23.3.8047.0
C:\Program Files\AVG\Antivirus\AVGUI.exe v.23.3.8047.0
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1525
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1213
Servicio Antivirus de Microsoft Defender (WinDefend) - The service has stopped
Servicio de inspección de red de Antivirus de Microsoft Defender (WdNisSvc) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
Avira System Speedup v.6.25.0.17 << Hidden Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
----------------------------- [ End of Log ] ------------------------------

Update the tagged software from the quote..! Uninstall the Avira System Speedup program..!

 

[icotonev]

By the way my personal opinion is that you don't need a 3rd party AV if you are using Windows 10. It won't give you better protection than Windows Defender that comes with W10, it will slow down your machine unnecessarily.
If you look in the logs you've posted, you'll see that AVG loads 15 different drivers, all of which are using up resources that don't need to be used up, and that's just the drivers.
But this is my opinion and the computer is yours. You decide..!

 

[icotonev]

For the final that's all I'm going to ask you to do...:

• Download KpRm and save it to your Desktop (see here if you must use Chrome)
• Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
• Right click on the icon and select Run as administrator
• Click Yes on the Disclaimer
• Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
• Click Run
• Click OK on All operations are completed
• KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
• You are free to remove any other tools/reports still remaining
• Please copy and paste its contents in your next reply.

 

[icotonev]

Are you still with us..?

 

[icotonev]

Due to lack of response, this topic will now be closed. If you need support, please begin a new thread, and provide a link to this topic..!