Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rKill Error


  • Please log in to reply
16 replies to this topic

#1 El K

El K

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Interior Alaska
  • Local time:03:07 AM

Posted 14 December 2013 - 10:46 PM

I am trying to rid my computer of Scorpion Saver. I am running Windows 8.1 in safe mode and am trying to run Rkill but it does not seem to matter which  different file name of Rkill I download, this is the message I keep getting:

 

iExplorer

Rkill 2.6.3 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 bleepingcomputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 12/14/2013 06:39:37 PM in x64 mode. (Safe Mode)

 

Your operatimg system, Uknown Version, is not supported.

 

What should my next step be?

 

 



BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 14 December 2013 - 11:59 PM

Please run RKILL in safe mode.

 

Instructions to start Windows 8 in safe mode can be found HERE

 

Instructions for removing Scorpion Saver can be found HERE

(it is worth reading this guide carefully )

 

Let me know how it goes.

 

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#3 El K

El K
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Interior Alaska
  • Local time:03:07 AM

Posted 15 December 2013 - 07:36 PM

I am running it in safe mode - specifically "safe mode with networking" as the instructions stated. I am embarrassed to say it took forever to get to that setting in Windows 8.1, but I did and that is the response I get from all the different named files for Rkill. I tried to post a screen shot but when I did I got a message stating that format was not supported or allowed, I can't remember which, but the background was black, my icons and type bigger and along the top in white letters it said safe mode.



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 15 December 2013 - 08:25 PM

 
 

Please Read the Instructions i provided a link for entitled "Removing Scorpion Saver'.....in particular the part which i have reproduced below.

It is imperative that you DO NOT reboot at the end of RKill's scan.....Run MalwarteBytes immediately after....then follow the rest of the guide.

(It can help to have already downloaded MBAM (malwarebytes) ready to use)

If you are still having problems let me know.

 

 

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

 

Before we can do anything we must first end the processes that belong to Scorpion Saver so that it does not interfere with the cleaning procedure. To do this, please download RKill to your desktop from the following link.

RKill Download Link - (Download page will open in a new tab or browser window.)

When at the download page, click on the Download Now button labeled iExplore.exe download link. When you are prompted where to save it, please save it on your desktop.
 

Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Scorpion Saver and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Scorpion Saver when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that RKill can terminate Scorpion Saver . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again.

If you continue having problems running RKill, you can download the other renamed versions of RKill from the RKill download page. Both of these files are renamed copies of RKill, which you can try instead. Please note that the download page will open in a new browser window or tab.

 

Now you should download Malwarebytes Anti-Malware, or MBAM, from the following location and save it to your desktop:

Malwarebytes Anti-Malware Download Link (Download page will open in a new window)

 

etc

 

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#5 El K

El K
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Interior Alaska
  • Local time:03:07 AM

Posted 16 December 2013 - 12:52 AM

Okay, so the only thing I had not tried was to run Rkill from an external source. So I tried to run it from a stick and I am still getting "Your operating system is not supported" I keep trying to attach an image of my screen so you can see but I get a warning that states "You are not allowed to use that image extension on this community". I'd like to send you the image - what format does it need to be in to post on here? Otherwise, I promise you I spent a long time yesterday reading the instructions you referred me back to before I broke down and started to ask questions. Where I am stuck is trying to get Rkill to run. Arg.....

 



#6 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 16 December 2013 - 01:39 AM

 
 

Do you use Internet Explorer?    If so, Reset IE....in normal mode will be fine

If you are using another browser....let me know which one.

 

Go Here and download : http://support.microsoft.com/kb/923737
and run "FixIt" procedure.
It makes no difference which browser you use to download the "FixIt" file.
It Is important you follow ALL steps listed there.

 

Then.....run Rkill...from HERE

Regardless of whether rkill works or not.....

 

Please Download  AdwCleaner
* Close all open programs and internet browsers.
* Double click on adwcleaner.exe to run the tool.
* Click on the Scan button.
* When the scan has finished click on the
Clean button.
* NOTE : Your computer will be
rebooted automatically. A text file will open after the restart.
* Please post the contents of that logfile with your next reply.
* You can find the logfile at C:\AdwCleaner.txt as well.
Once I OK the log, please click the Uninstall button to fully remove all

 

 

Edited by Condobloke, 16 December 2013 - 01:54 AM.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#7 El K

El K
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Interior Alaska
  • Local time:03:07 AM

Posted 16 December 2013 - 03:37 AM

This computer is used by more than one family member so both Internet Expoler and Mozilla Firefox are used on this computer. What, if anything, should I do differently?



#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 16 December 2013 - 03:41 AM

At the top of the Firefox window, click the Firefox button, then select Add-ons.

Select the Extensions tab, then remove Scorpion Saver 5.0 and any other unknown extensions from Mozilla Firefox.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#9 El K

El K
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Interior Alaska
  • Local time:03:07 AM

Posted 16 December 2013 - 12:34 PM

The link for "FixIt" is for how to reset IR to normal settings. I nosed around in there to find FixIt myself, but as you well know, there are a lot of FixIts. Which one in particular am I needing to run?



#10 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 16 December 2013 - 02:44 PM

That is the correct link. The idea here is to reset IE to normal settings, thereby removing scorpion saver pop up ads from IE

The action i described for FireFox achieves the same result there

Then attempt to run RKill

Then regardless of whether rkill runs or not, run AdwCleaner


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#11 El K

El K
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Interior Alaska
  • Local time:03:07 AM

Posted 16 December 2013 - 06:33 PM

# AdwCleaner v3.015 - Report created 16/12/2013 at 14:29:25
# Updated 10/12/2013 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : akgirl03 - THELOVEJOYS
# Running from : C:\Users\akgirl03\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Level Quality Watcher

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\ScorpionSaver
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\ScorpionSaver Services
File Deleted : C:\Users\akgirl03\AppData\Roaming\Mozilla\Firefox\Profiles\31u7ywwf.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Adpeak, Inc.
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\akgirl03\AppData\Roaming\Mozilla\Firefox\Profiles\31u7ywwf.default\prefs.js ]

Line Deleted : user_pref("extensions.dynconff.cache.support.microsoft.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1674_1164_1146_1169_1263_1348_1482_1493_1521\">\r\n  <content id=\"MB_P1\">\r\n[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.bleepingcomputer.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1674_1164_1146_1169_1476_1263_1348_1482_1493_1521\">\r\n  <content id=\"MB_P[...]

*************************

AdwCleaner[R0].txt - [2834 octets] - [16/12/2013 14:28:39]
AdwCleaner[S0].txt - [2761 octets] - [16/12/2013 14:29:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2821 octets] ##########



#12 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 16 December 2013 - 07:10 PM

 
 

That's more like it !

 

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

and then...

 

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the finish of the installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version. <<< most important )
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here in your next Reply

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

 

 

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#13 El K

El K
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Interior Alaska
  • Local time:03:07 AM

Posted 16 December 2013 - 10:26 PM

WooHoo!  I thought that log looked promising! These look promising too!

 

Junkware log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 Pro x64
Ran by akgirl03 on Mon 12/16/2013 at 18:09:24.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\syswow64\wscm64.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\searchdonkey"

 

Anti-Malware log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.17.01

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
akgirl03 :: THELOVEJOYS [administrator]

12/16/2013 6:19:40 PM
mbam-log-2013-12-16 (18-19-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215036
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\ScorpionSaver (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> Quarantined and deleted successfully.

Files Detected: 14
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2169297450-1573268708-2220540709-1001\$R44ROA2.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\temp\InstallServices64.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\temp\scorpionsaver.exe (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\temp\ScorpionSaver.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Users\akgirl03\AppData\Local\Temp\ICReinstall_rkill.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\akgirl03\Downloads\expertpdf7.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\akgirl03\Downloads\Updater_Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Windows\Installer\17b4210d.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Users\akgirl03\AppData\Local\Temp\AdpeakProxyr.log (PUP.Optional.AdpeakProxy) -> Quarantined and deleted successfully.
C:\Windows\Temp\AdpeakProxy.log (PUP.Optional.AdpeakProxy) -> Quarantined and deleted successfully.
C:\Windows\Temp\AdpeakProxyr.log (PUP.Optional.AdpeakProxy) -> Quarantined and deleted successfully.

(end)
 



#14 El K

El K
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Interior Alaska
  • Local time:03:07 AM

Posted 16 December 2013 - 10:30 PM

Computer now restarted.  Could I have your suggestions for what I should be running to keep this kind of crap off my computer? We have Norton always on, but it didn't detect this and all else that was removed with this process.



#15 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,133 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:07 PM

Posted 16 December 2013 - 10:46 PM

 
 

Yes....that is an excellent result. Will leave some suggestions for you later.

 

This scan will take a while.....2 hours + is not unusual.

 

Please scan your computer with ESET Online Scanner
Disable active Antivirus and Antimalware programs How To Temporarily Disable Your Anti-virusHow To Temporarily Disable Your Anti-virus
This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not use Internet Explorer, then please read item 3 in this post
1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link  to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
a - Click on eset.exe  to download the ESET Smart Installer. Save it to your desktop.
b - Double click on the  icon on your desktop.
4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology
9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - Please be patient as this will take some time (first time scans are always longer).
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -
You can ignore any ESET detection of AdwCleaner...it is a false positive detection.

 

 

To finish up, run TFC

Please download TFC, or Temp File CleanerTFC, by Old Timer
Usage Instructions:

Download TFC from the download link above and save the file on your desktop.
Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
Double-click on the TFC icon.
When the program opens, click on the Start button. TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
When done, press OK and reboot your computer and finish the cleanup.

TFC produces no log....so no need for any copy and paste from it.

 

ReRun AdwCleaner and this time click on Uninstall....it will remove the program and will also take care of quarintined objects.

Right click on junkware removal tool (JRT) and delete. Do the same with the log produced.

 

MBAM (MaywareBytes) is definitely a keeper. Be sure to UPDATE and run it once a week. If you purchase the program it operates automatically for scans and updating.

TFC is well worth keeping. Very safe to use.

 

ABOVE ALL....educate the family members who use this PC, to choose the CUSTOM install when they have downloaded any software etc etc....,

and then to READ the small print before clicking on next....

 

Scorpion Saver is an adware program that is commonly bundled with other free programs that you download off of the Internet. Unfortunately, some free downloads do not adequately disclose that other software will also be installed and you may find that you have installed Scorpion Saver without your knowledge. {http://www.bleepingcomputer.com/virus-removal/remove-scorpion-saver}

 

Question : Did RKill finally run for you ?

 

 

 

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users