No Reply Potential malware

[IanF]

Hi, I've been trying to prevent cookies from a site named "findloudtools dotcom" without success. I've deleted them several times and they keep re-appearing.

The site itself doesn't appear to exist and I tried to find info on Google and Bing without success.

I've scanned my computer with Malwarebytes and SUPERAntispyware and they didn't find it

I'm using Windows 10 and Chrome.

Any advice is appreciated

 

[icotonev]

Hello..! Welcome to MalwareTips..!

Please follow the following instruction ..:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

---------------------------------------------------

In your next reply, please include:

• FRST.txt
• Addition.txt

 

[IanF]

Hi, here are the 2 requested files. I'm just tried to isolate the problem and it seems to re-appear after I visit Instagram.

The storage is 0 B and it generates 2 cookies

I was using 3 extensions to download photos and stories from IG

I just deleted all 3, re-opened and closed IG, and I don't see the file this time.

However, it's so persisent, I wouldn't be surprised if it comes back

I'm pretty sure it re-occured even when all 3 extensions were disabled

 

[icotonev]

You haven't posted all your FRST.txt log, I need to see it all. Please run a new scan with FRST and attach both your new FRST.txt and Addition.txt logs to your next reply.
+

Scanning with SecurityCheck by glax24

• Download SecurityCheck by glax24 from here and remember the tool on the desktop.
• Run the program right-click the administrator name
• Wait for the scan to finish. It will open in a text file named SecurityType.txt. Copy the contents of this file to your next post
• You can find this file in the root of the system disk in a folder called SecurityCheck, C: \\ SecurityCheck \\ SecurityCheck.txt

 

[IanF]

You haven't posted all your FRST.txt log, I need to see it all. Please run a new scan with FRST and attach both your new FRST.txt and Addition.txt logs to your next reply.
+

Scanning with SecurityCheck by glax24

• Download SecurityCheck by glax24 from here and remember the tool on the desktop.
• Run the program right-click the administrator name
• Wait for the scan to finish. It will open in a text file named SecurityType.txt. Copy the contents of this file to your next post
• You can find this file in the root of the system disk in a folder called SecurityCheck, C: \\ SecurityCheck \\ SecurityCheck.txt

Here's the new FRST.txt, Addition.txt, and SecurityCheck.txt logs

 

[icotonev]

Hello..! That is a sign of disk failure...!

System errors:
=============
Error: (05/07/2023 06:48:25 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Please do the following to check the disk.

• Click on the Start button and in the search box, type Command Prompt.
• When you see Command Prompt on the list, right-click on it and select Run as administrator.
• Enter the command below and press on Enter and wait for it to finish (~15 minutes)

chkdsk C: /r

• You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
• The process will take some time, depending on the disk condition.
• Download ListChkdskResult by SleepyDude and save it on your Desktop.
• Double click on the created icon.
• A notepad file will open. Copy its content and paste it in your next reply.

Next ....:

• Download CrystalDiskInfo from here and save it to your Desktop.
• Run the installer to install the program.
• When finished, open the installed program by double clicking on it.
• If everything is working properly, you should see the status “Good“ displayed. Other statuses you might see include “Bad” (which usually indicates a drive that’s dead or near death), “Caution” (which indicates a drive that you should most likely be thinking about backing up and replacing), and “Unknown” (which just means that information could not be obtained).
• Please take a screenshot of what you got.

Next ....:

• Download the Revo Uninstaller Free and save it on your Desktop.
• Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
• Double click the program's icon to open it.
• Write in the search area, on the top left, the following program:

VdhCoApp 1.4.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Wondershare Helper Compact 2.6.0 v.2.6.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Windows Live Essentials v.16.4.3528.0331 Warning! This software is no longer supported.

• Choose the Uninstall tab from the menu and let the program to create a Restore point.
• Choose Scan, and then the Advanced mode scan.
• Select all the Online Services items found, Delete and Next.
• Let the procedure be completed and click on Finish.
• Restart the computer.

Next ....:


Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:

• The chkdsk result
• The screenshot
• Fixlog.txt

 

[IanF]

Hello..! That is a sign of disk failure...!

System errors:
=============
Error: (05/07/2023 06:48:25 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Please do the following to check the disk.

• Click on the Start button and in the search box, type Command Prompt.
• When you see Command Prompt on the list, right-click on it and select Run as administrator.
• Enter the command below and press on Enter and wait for it to finish (~15 minutes)

chkdsk C: /r

• You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
• The process will take some time, depending on the disk condition.
• Download ListChkdskResult by SleepyDude and save it on your Desktop.
• Double click on the created icon.
• A notepad file will open. Copy its content and paste it in your next reply.

Next ....:

• Download CrystalDiskInfo from here and save it to your Desktop.
• Run the installer to install the program.
• When finished, open the installed program by double clicking on it.
• If everything is working properly, you should see the status “Good“ displayed. Other statuses you might see include “Bad” (which usually indicates a drive that’s dead or near death), “Caution” (which indicates a drive that you should most likely be thinking about backing up and replacing), and “Unknown” (which just means that information could not be obtained).
• Please take a screenshot of what you got.

Next ....:

• Download the Revo Uninstaller Free and save it on your Desktop.
• Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
• Double click the program's icon to open it.
• Write in the search area, on the top left, the following program:

VdhCoApp 1.4.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Wondershare Helper Compact 2.6.0 v.2.6.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Windows Live Essentials v.16.4.3528.0331 Warning! This software is no longer supported.

• Choose the Uninstall tab from the menu and let the program to create a Restore point.
• Choose Scan, and then the Advanced mode scan.
• Select all the Online Services items found, Delete and Next.
• Let the procedure be completed and click on Finish.
• Restart the computer.

Next ....:


Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:

• The chkdsk result
• The screenshot
• Fixlog.txt

I have the following but I no longer see an option to attach them to this message. I'm posting this reply and will trying sending them in a separate reply

• The chkdsk result
• The screenshot
• Fixlog.txt

I pasted the code you provided in the Revo search box but I received a message stating it couldn't find the programs so I uninstalled VdhCoApp 1.4.0 and Wondershare Helper Compact 2.6.0 v.2.6.0 manually in Revo

it appears that Windows Live Essentials is connected to 2 programs that I use, i.e. Movie Maker and Photo Gallery so I didn't uninstall Windows Live Essentials

 

[IanF]

Here's the files...It appears that I was logged out of my account and the upload files feature isn't visible in that case:

 

[icotonev]

As you can see from the screenshot, the status is “Caution” ...I recommend that you save your important information on another medium...There are signs of a disk failure..

How's your computer behaving now..?

 

[icotonev]

Please run FRST tool once more, and attach for me fresh logs:

• Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach these two logs in your next reply.

 

[IanF]

The potential malware appears to be gone so I'd say my computer is behaving except for the bad block on the disk

Can we fix that?

Here's the latest FRST.txt and Addition.txt. logs

I've saved my data on a USB drive. If I transfer everything on C drive, will that save my programs and registry files as well?

 

[icotonev]

Can we fix that?

Unfortunately, the fix we made did not help you..! In the new logs you provided, the problem with bad sectors is current..!
The good news is that the malware problem is solved...! I can see there's nothing suspicious left on your machine..!

 

[IanF]

Thanks a lot for your help!

If I transfer everything on C drive, will that save my programs and registry files as well?

 

[icotonev]

If I transfer everything on C drive, will that save my programs and registry files as well?

Hello..! The truth is that it is highly recommended to make a backup image of all your information, for example with

Macrium Reflect | Free 30-Day Trial

Macrium Reflect - Incredibly powerful software that allows you to create and schedule effective backups

www.macrium.com

or

Recovery & Virtual Isolation

malwaretips.com

This thread may be of great help to you..:

Troubleshoot - Software to fix bad sector in my External HDD hard disk

Dear , i want to know your recommendation for good software to fix bad sector in my external hard disk

malwaretips.com

That's all I'm going to ask you to do...:

• Download KpRm and save it to your Desktop (see here if you must use Chrome)
• Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
• Right click on the icon and select Run as administrator
• Click Yes on the Disclaimer
• Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
• Click Run
• Click OK on All operations are completed
• KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
• You are free to remove any other tools/reports still remaining
• Please copy and paste its contents in your next reply.

Stay Safe...!

 

[icotonev]

Do you still need help..?

 

[icotonev]

Due to lack of activity, this topic is now closed.
If you still need help, open a new topic, and wait for a new helper.