Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A1pccleaner problem. How do I remove?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Lmhteach

Lmhteach

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 21 March 2015 - 11:21 AM

I keep getting a warning in the middle of my screen that will not go away saying:  Your PC may be at Risk  Check for Malware and Registry Issues  You need to fix your PC problem immediately.  your
Data is on 94% Risk    FIX

I have tried Adware, Eset scanner, Rogue Killer, malware bytes, junkremoval    It is still there.  I was unable to open my computer in safe mode today to try these removal programs in safe mode.

 

Rogue Killer shows:

 

RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lynn [Administrator]
Started from : C:\Users\Lynn\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/21/2015  10:38:24

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] Google+ Auto Backup.exe(4512) -- C:\Users\Lynn\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 18 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_8433\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_8433\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_8433\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"  -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_8433\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"  -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2042515690-782354764-4064259432-1003\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Lynn\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2042515690-782354764-4064259432-1003\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Lynn\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_7791\ControlSet001\Services\vToolbarUpdater18.0.5 -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_7791\ControlSet002\Services\vToolbarUpdater18.0.5 -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_8433\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_8433\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2042515690-782354764-4064259432-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2042515690-782354764-4064259432-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_8433\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_8433\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \FellowSky\FellowSky -- "C:\ProgramData\FellowSky\FellowSky.exe" (-p "Installium" -c "Installium_Default" -s "PP1" -i "656810" -g "") -> Found
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Found

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] Dropbox.lnk -- E:\Documents and Settings\Lynn\Start Menu\Programs\Startup\Dropbox.lnk [LNK@] E:\DOCUME~1\Lynn\APPLIC~1\Dropbox\bin\Dropbox.exe /systemstartup -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM0 02-1BD142 SATA Disk Device +++++
--- User ---
[MBR] 8537c432165bce580543dc5f3c1e0504
[BSP] fc7a4d5a5da7af468ccc8bb7cccd9f6c : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD75 01AALS-00J7B0 SATA Disk Device +++++
--- User ---
[MBR] bc860b832bbb30030a18901da19a67a1
[BSP] 9b88260b20c097b5ba40e33f4222b3a0 : Windows XP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

 

 

I have txt from Malwares and another one but cannot get to it right now.

I am NOT an expert, but can usually follow directions.

 

Thanks for any help you may be able to give.\

 

Lmhteach

 

Attached Files

  • Attached File  JRT.txt   1.2KB   0 downloads


BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 23 March 2015 - 08:22 PM

Hello 

Lmhteach

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:29 AM

Posted 29 March 2015 - 05:55 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users