unknown virus from KAT.eu? no control over pc! Hlp

[TwinHeadedEagle]

I do not recommend usage of IOBIT products, they have bad reputation, and are prone to create problems. The company behind this product was found to be stealing the MBAM database. That is why I suggest to uninstall:
- Advanced SystemCare
- Driver Booster
- Game Booster
- IObit Malware Fighter
- IObit Uninstaller
- Smart Defrag
- Surfing Protection

When you see a word "Booster", "Optimizer", "TuneUp" or similar it is often some kind of silly application. You cannot "boost" you system more than it actually is. Microsoft optimized Windows perfectly and they are constantly working on improvements, so these tools are just selling you nothing but "fog".

Only way to actually boost your system is to upgrade your hardware by adding SSD, more processor power or more ram memory.



Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
• In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
• Click the Scan tab, choose Threat Scan is checked and click Start Scan.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

 

[wasnt me]

Ok thanks. Also I did some research on those programs and came to the realization that they are indeed just bloat ware and just a pretty picture! But like I said I tried to uninstall them but because certain parts of the program are missing it won't let me uninstall them! Someone said to re install them to repair the missing files then uninstall? What are your thoughts

 

[TwinHeadedEagle]

We will remove that parts later, just uninstall what you can.

 

[wasnt me]

Sorry for the delay I do have the requested scan files but my phone only puts a link to my email doing it this way so I will do it from my pic later! And I also want to say thank you so much! I know if I had gone to a of repair place I would have payed an arm and a leg! A donation will be make again thanks so much

 

[wasnt me]

Here is the file. Thanks a bunch.

 

[TwinHeadedEagle]

Did you run Zemana AntiMalware?

 

[wasnt me]

I did but only the first was able to upload from my phone not sure why so the other will come in a few hrs

 

[TwinHeadedEagle]

You cannot upload them from your computer?

 

[wasnt me]

Hi, here is the last report. Sorry for the delay.

 

[TwinHeadedEagle]

How is your PC behaving now?

 

[wasnt me]

It is running slow. I'm getting
Win_error
Could not find zone 'en_core_pre_gfx'?
Among multiple other errors on start up most of them I'm sure are the IObit.
Not sure if I'm missing or have corrupted drivers?
I am also just saw there is multiple processes that are running 5 or more times at the same time. That can't be good?
There are some toolbar applications that are running that I have never seen before.
Also the virus file is still on my PC

 

[TwinHeadedEagle]

Okay, let's see what we can do about it.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

• Copy Advanced SystemCare_is1;Driver Booster_is1;IObit Malware Fighter_is1;IObitUninstall;Smart Defrag 4_is1;IObit Surfing Protection_is1 into the Search: field in FRST then click the Search Registry button.
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
• Please attach it to your reply.

 

[wasnt me]

Hello, here are the requested files.

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[wasnt me]

Here is the log. Thank you.

 

[TwinHeadedEagle]

How is the situation now?

 

[wasnt me]

Hi, sorry we missed the notification that you responded. It seems to be running better and iobit is gone. We still have this WinRAR file that we cant remove. The error is "cannot open list file unistall.lst".

Ran a virus scan using AVG and it came back with no threats found compared to the 45 before.

Thanks for your help.

 

[TwinHeadedEagle]

Which file you can't remove?

 

[wasnt me]

the compressed file SETUP_9851 im sure its the original file containing the virus. well actually I know its the compressed file containing the virus. how it got in the recovery backup file im not sure. but I cant delete it. my guess is its waiting for me to be dumb enough to run it again but that would also mean the pc is still infected?

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.