Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdwCleaner repeatedly shows registry keys as threats


  • This topic is locked This topic is locked
3 replies to this topic

#1 pss108

pss108

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 08 November 2016 - 07:53 AM

Hello everyone, I am new to this forum and this is my first post. For a brief background, I'd like you all to know that I am not a very computer-savvy person and the first signs of malware/threats send me into a panic mode.

 

So here's the issue with my laptop. My laptop runs on Windows 10. This morning, I got a notification from Windows Defender that read "Found some malware. Windows Defender is removing it.". I thus opened Windows Defender, and found that in the History tab, under "All detected items" it showed me "Trojan:Win32/Dynamer!ac". I deleted it by clicking on "Remove all". The threat was shown to be removed. To check once again, I restarted my laptop. To my surprise, I received the same Windows Defender notification again, with the Trojan virus still intact. I tried to remove and restart a few more times, but the notification persisted each time my laptop restarted. I concluded that this was a recurring issue, so I googled to figure out ways to remove this virus completely. I stumbled upon a link which asked me to clean up using the following steps:

1. Run AdwCleaner and remove threats; reboot

2. Run MalwareBytes and remove malware; reboot if needed

3. Run Hitman Pro to remove any further undetected threats

 

I followed these steps. At every stage, the respective program displayed that the necessary action had been taken. Now, to verify that the virus had indeed gone, I ran AdwCleaner again. It showed me 4 registry threats. (Please see attached screenshot for the details of these threats). These 4 threats are constantly detected by AdwCleaner. Could someone please tell me if these are harmful and guide me with the required steps to remove them?

 

I also ran MalwareBytes again and it did not detect any threat. However, on running Hitman Pro again, it displayed a Malware by the name of "SoundProvider.exe". Also, Windows Defender Quick Scan did not report any threat. Is my laptop still infected? How do I verify this?

 

I am sorry if this post is too lengthy, but my only intention was to not miss out anything important. Any help would be much appreciated! :)

 

Thank you in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:38 PM

Posted 10 November 2016 - 11:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

We need more information.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Wait for further instructions.

#3 pss108

pss108
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 11 November 2016 - 07:15 AM

Hi Nasdaq,

 

Thank you for the reply. I don't seem to be facing the issue anymore. However, I will keep an eye for it in the near future, just to be sure. We could close this thread now and in case I do face the same issue again, I'll request a moderator to re-open it. Is that possible? Or would I have to start a new topic?

 

Thanks,

S



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:38 PM

Posted 11 November 2016 - 10:03 AM

Just send me a Personal Message and I will re open it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users