Strongvault Online Backup tries to reinstall at Bootup
- Thread starter DAVE1020
- Start date
- Mar 8, 2013
- 22,627
Hi,
Before we start:
Because of this, I advise you to backup any personal files and folders before you start.
<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>
<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
Download TDSSKiller and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Before we start:
- Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
- Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
- Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
- Like everyone, I have a private life, so be patient with me. Sometimes I will respond immediately, sometimes it will take a coupe hours.
- Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
- The absence of symptoms does not mean your PC is fully disinfected.
- If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
- Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.
Because of this, I advise you to backup any personal files and folders before you start.
<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>
<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
Download TDSSKiller and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
- Press Start Scan
- If Suspicious object is detected, the default action will be Skip, click on Continue.
- If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Last edited by a moderator:
Thanks for the help.
I have run the three tools you suggested.
AdwCleaner
TDSSKiller
Farber Recovery Scan Tool
The resulting log files are attached.
I have run the three tools you suggested.
AdwCleaner
TDSSKiller
Farber Recovery Scan Tool
The resulting log files are attached.
- Mar 8, 2013
- 22,627
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
[attachment=6198]
Open FRST, and click Fix. Attach me that report after it is finished.
Then...
Please download TFC by OldTimer to your desktop
[attachment=6198]
Open FRST, and click Fix. Attach me that report after it is finished.
Then...
Please download TFC by OldTimer to your desktop
- Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion. - Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
I have run FRST with fixlist.txt and attached the resulting Fixlog.txt.
Thanks
Thanks
TwinHeadedEagle said:
Now I have downloaded & run TFC.exe
No joy. Windows still tries to reinstall StrongVault Online Backup at Boot.
No joy. Windows still tries to reinstall StrongVault Online Backup at Boot.
TwinHeadedEagle said:
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em> performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</>.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------------
How to run the Combofix scan :
Additional notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li> If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em> performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</>.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------------
How to run the Combofix scan :
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Additional notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li> If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>
Last edited by a moderator:
I have downloaded & run Combofix. The log file is attached.
No joy! Windows still tries to install SV Online Backup.
No joy! Windows still tries to install SV Online Backup.
TwinHeadedEagle said:
- Mar 8, 2013
- 22,627
Open notepad and copy/paste the text present inside the code box below:
Save this as CFScript.txt
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
Can you post me the ScreenShot, so I can see, how does it look like, when computer starts?
Code:
File::
c:\windows\system32\drivers\85355879.sys
c:\windows\SysWow64\temp.007
c:\windows\SysWow64\temp.006
c:\windows\SysWow64\temp.008
c:\windows\SysWow64\temp.009
c:\windows\SysWow64\temp.00A
c:\windows\SysWow64\temp.00B
ClearJavaCache::Save this as CFScript.txt
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
Can you post me the ScreenShot, so I can see, how does it look like, when computer starts?
I have copy/pasted CFScript.txt into ComboFix.exe. It ran immediately. I have attached the Log file ComboFix.txt.
I am sorry that I was not able to get a screen shot of the beginning of the process. When I dropped in the Script file, Combofix 'digested' it almost immediately (within about 5 sec) and then started running at its normal pace. The rapidity of the initial 'digestion' phase startled me.
I am sorry that I was not able to get a screen shot of the beginning of the process. When I dropped in the Script file, Combofix 'digested' it almost immediately (within about 5 sec) and then started running at its normal pace. The rapidity of the initial 'digestion' phase startled me.
TwinHeadedEagle said:Open notepad and copy/paste the text present inside the code box below:
Code:File:: c:\windows\system32\drivers\85355879.sys c:\windows\SysWow64\temp.007 c:\windows\SysWow64\temp.006 c:\windows\SysWow64\temp.008 c:\windows\SysWow64\temp.009 c:\windows\SysWow64\temp.00A c:\windows\SysWow64\temp.00B ClearJavaCache::
Save this as CFScript.txt
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
Can you post me the ScreenShot, so I can see, how does it look like, when computer starts?
To: Malware Removal Assistance Team
Having done a thorough job of "cleaning" my computer of Malware, I came to the conclusion that maybe my problem was with the Windows installer. Microsoft offers a free tool to help with installer/uninstaller issues: MicrosoftFixit.ProgramInstallUninstall.RNP.149307561506251357.1.1.Run
This tool addresses issues with many different software installers, but the StrongVault Online Backup installer is one of them. I selected the StrongVault Online Backup Uninstaller item and ran the tool. I had to run this tool twice to clear my issue, but my computer now boots up without attempting to install SrongVault Online Backup.
Thanks for all your help. You operate an awesome forum.
Dave1020
Having done a thorough job of "cleaning" my computer of Malware, I came to the conclusion that maybe my problem was with the Windows installer. Microsoft offers a free tool to help with installer/uninstaller issues: MicrosoftFixit.ProgramInstallUninstall.RNP.149307561506251357.1.1.Run
This tool addresses issues with many different software installers, but the StrongVault Online Backup installer is one of them. I selected the StrongVault Online Backup Uninstaller item and ran the tool. I had to run this tool twice to clear my issue, but my computer now boots up without attempting to install SrongVault Online Backup.
Thanks for all your help. You operate an awesome forum.
Dave1020
DAVE1020 said:I have copy/pasted CFScript.txt into ComboFix.exe. It ran immediately. I have attached the Log file ComboFix.txt.
I am sorry that I was not able to get a screen shot of the beginning of the process. When I dropped in the Script file, Combofix 'digested' it almost immediately (within about 5 sec) and then started running at its normal pace. The rapidity of the initial 'digestion' phase startled me.
TwinHeadedEagle said:Open notepad and copy/paste the text present inside the code box below:
Code:File:: c:\windows\system32\drivers\85355879.sys c:\windows\SysWow64\temp.007 c:\windows\SysWow64\temp.006 c:\windows\SysWow64\temp.008 c:\windows\SysWow64\temp.009 c:\windows\SysWow64\temp.00A c:\windows\SysWow64\temp.00B ClearJavaCache::
Save this as CFScript.txt
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )
Can you post me the ScreenShot, so I can see, how does it look like, when computer starts?
- Mar 8, 2013
- 22,627
Great, glad that you make it 
Please download DelFix by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
Please download DelFix by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
- Remove disinfection tools
- Create registry backup
- Purge System Restore
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
Clean up complete.
Thanks, DAVE1020
Thanks, DAVE1020
TwinHeadedEagle said:Great, glad that you make it
Please download DelFix by "Xplode" to your Desktop.
Run the tool and check the following boxes below;
- Remove disinfection tools
- Create registry backup
- Purge System Restore
Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
Similar threads
