Solved Removing Strongvault Online Backup

[Larry1211]

Hello.
So I'm here as I've discovered something on my computer which seems to be not something I asked for and probably for that reason can't easily get rid of.
I'm also here as I've gone through the blog document "Remove Strongvault Online Backup Virus (uninstall guide)" but without the results I want.
I went through the uninstall guides steps 2x. A few weeks ago and yesterday. Why do I think that? I could swear that MB caught Strongvault as a PUP and "deleted/quarantined" it. And then on rerun, showed no other issues. FYI: I went an purchased MB PRO yesterday evening.
Either way, MB still does not pick it up as a PUP any longer, but the software is still invoking itself.

There are 2 registry keys which contain 27 entries for Strongvault. They are HKEY_CLASSES_ROOT & HKEY_CLASSES_MACHINE.
I have included the JRT.TXT file output from JRT.EXE and Hitmanpro.log output from HITMANPRO.EXE.

When attempting upload I get an error message: There was a problem uploading your file. Is there a way to ascertain the cause? Do you really want me to copy/paste the contents into this thread?? Any other files you want uploaded?

I'm sure there is much to discuss. Beer's on me.
Thanks, Larry

 

[TwinHeadedEagle]

Hello,

Please follow this topic and upload requested reports:

Preparation Guide Before Requesting Malware Removal Help

 

[Larry1211]

I think this is what you're wanting. I used drag and drop and not the UPLOAD A FILE button.

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Larry1211]

Attached is fixlog.txt.
Thanks, Larry

 

[TwinHeadedEagle]

How is your PC behaving now?

 

[Larry1211]

How is it behaving? Let me just describe some things I have found.
The 27 Strongvault registry entries are still there in HKEY_CLASSES_ROOT AND in HKEY_CLASSES_MACHINE. See uploaded picture.
Right after restarting Windows ctl-alt-dlt would not bring up the Windows screen to allow for choosing Taskmgr . Running taskmgr in the run box did work. A few minutes later ctl-alt-dlt functioned normally .

The Nexus dock shortcut no longer works since it now points to "C:\FRST\Quarantine\C\Program Files (x86)\Winstep\Nexus.exe". See uploaded picture.

So, the original reason for being here remains unresolved and some new behaviour / changes have occured.
Larry

 

[Larry1211]

Also, FF now opens with its start page before opening the tabs it had opened before. This start page stuff is new behavior.

 

[Larry1211]

I forgot to include this in the above:
C:\Users\Larry\AppData\Local\Stronghold_LLC still exists and still contains

1. BackupLauncher.exe_Url_rycnmceplwcgzjz1hjomtzwf1sc24avz
2. SMessenger.exe_Url_0r3hblrifidjvridsvhhjxjtn2djshyv

 

[TwinHeadedEagle]

Okay, we will perform several steps now:

1)

FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

• Copy Strongvault into the Search: field in FRST then click the Search Registry button.
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
• Please attach it to your reply.

2) Open mozilla and go to this link:

Somerset County Library System-NJ-Home

1. Open a tab with the web page you want to use as your home page that is the link I gave you above.
2. Drag and drop that tab onto the Home button
   
   .
   
   
3. Click Yes to set this page as your home page.

3)

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.



4)

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[Larry1211]

Instructions followed and attached are the 4 output files.

 

[TwinHeadedEagle]

Please download Geek Uninstaller

Unzip it and start Geek.exe

In the programs list, find and right click on Strongvault Online Backup

Select Uninstall and then click Finish to remove all registry traces.



Tell me how is the situation after this.

 

[Larry1211]

Should that be the PRO or Free version of Geek?

 

[TwinHeadedEagle]

Free version.

 

[Larry1211]

Ran with the free version. it removed C:\Users\Larry\AppData\Local\Stronghold_LLC. However it left the regsitry entries.
Looks like we're getting there.

 

[TwinHeadedEagle]

Please run the first step from this message again.

 

[Larry1211]

here is the output file SearchReg.txt from just now run recent run of FRST64.

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Larry1211]

Here is fixlog.txt.
the strongvault entries are still there.

 

[Larry1211]

The FRST64 instructions say "If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run."
Often times when I do a restart, my machine doesn't restart on its own, even after a couple of minutes. I help it along by pressing the power button. Could that be causing a problem with the registry cleanup?