Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multi Tencent & QQPCMgr leftovers after forced uninstall , need help !


  • This topic is locked This topic is locked
5 replies to this topic

#1 cyberpax

cyberpax

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 06 June 2016 - 12:44 PM

Hi there a girlfriend of mine asked me if i could help her ... she got infected by the Tencent Chinese & QQPCMgr (manager?!)

After a brut force uninstall process with file uninstaller and Malwarebytes ... Tencent stoped but ... lots of leftovers in the system !!!???

 

Can someone help me in anyway, with a fast solution to fix this leftovers ?!

I'm new with the use of FRST64 (Farbar Recovery Scan Tool,) an other tools... :-(  any help would be very much appreciated ...

 

Please send me any info as soon as possible ! 

 

Best Regards from Portugal...

 

Yours

cyberpax  alias Antonio Fernandes    :thumbsup2:

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 cyberpax

cyberpax
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 06 June 2016 - 02:44 PM

Well I just run adwcleaner and it seems it was able to fix a remove allmost everything ... cool !  :bananas:

Just had to force uninstall of one ziptool  software that was still present ! 

Well this last Tencent tool was removed finally no strange insertions in the context menus ...

 

any advise ?

 

best regrads 

 

cyberpax

 

I soon have to give back the laptop to my friend !! so can't doo anymore scans  ... 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 AM

Posted 07 June 2016 - 09:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:


BHO: No Name -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> No File
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\BRaposo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-05]
CHR HKU\S-1-5-21-2287594054-1652869272-1702105927-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [X]
S3 blNetFilter; \??\C:\Windows\system32\drivers\blNetFilter.sys [X]
U2 DiagTrack; no ImagePath
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [X]
S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [X]
S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [X]
S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent-apagar!\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [X]
Task: {027C0CCD-0F75-4DC3-9159-21D13F367D83} - System32\Tasks\tasklist => C:\Users\BRaposo\AppData\Roaming\UPUpdata\service72564.exe <==== ATTENTION
Task: {0E4A9012-DDD1-43CD-8EBF-92156A977B6C} - System32\Tasks\PPTAssistantUpdateTask_BRaposo => C:\Users\BRaposo\AppData\Local\PPTAssist\assistupdate.exe [2016-06-06] (Zhuhai Kingsoft Office Software Co.,Ltd) <==== ATTENTION
Task: {9CE77046-9B66-49BD-8347-76A1A52CD497} - System32\Tasks\Tamisthivicult Mapper => C:\Program Files (x86)\Tamisthivicult\TamisthivicultMapperTask.exe <==== ATTENTION
Task: {A2C574A9-6AE1-4490-94A6-CA7F5A43EC77} - \Start Driver Reviver Schedule -> No File <==== ATTENTION
Task: C:\Windows\Tasks\PPTAssistantNotifyTask_BRaposo.job => C:\Users\BRaposo\AppData\Local\PPTAssist\notify.exe <==== ATTENTION
Task: C:\Windows\Tasks\PPTAssistantUpdateTask_BRaposo.job => C:\Users\BRaposo\AppData\Local\PPTAssist\assistupdate.exe <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION (yeabests)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
DNS Servers: Media is not connected to internet.
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKU\S-1-5-21-2287594054-1652869272-1702105927-1001\...\StartupApproved\Run: => "QGuan72564"
C:\Users\BRaposo\AppData\Roaming\UPUpdata
C:\Users\BRaposo\AppData\Local\PPTAssist
C:\Program Files (x86)\Tamisthivicult
C:\Users\BRaposo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Program Files (x86)\Tencent\QQPCMGR

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know of any remaining issues.

#4 cyberpax

cyberpax
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 07 June 2016 - 02:45 PM

GREAT  nasdaq !

many thx for your work ! effort and commitment in order to help me !!!

 

Well as I said ... already do not have the laptop  but I sent an email to my friend with your reply ... and fix !!!  many thx !

She send back an email with the result fixlog ... I already checked it ...

and it looks like adwcleaner, managed to erase the problems mentioned in your fix !!

adwcleaner !!! great tool  :thumbup2:

 

GREAT :bowdown: nasdaq   many thx :thumbsup2:

If you think we/she needs to do anything else ? please advise !

 

Best Regards from Portugal !

 

 

cyberpax

 

 

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 AM

Posted 08 June 2016 - 06:01 AM

Looking good.

Good luck.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:32 AM

Posted 14 June 2016 - 09:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users