Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HOW TO REMOVE [msiexec d2buh1bf1g584w.cloudfront.net]


  • This topic is locked This topic is locked
6 replies to this topic

#1 Chanatprk

Chanatprk

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 22 March 2017 - 05:09 PM

My computer was infected with virus Trotux Browser Hijacker such as UCBrowser ,Kuaizip  once, but i already deleted most of them with Malwarebyte,adwcleaner,junkware and etc.

 

So after that My msiexec still always try to connect d2buh1bf1g584w.cloudfront.net,but my malwarebyte blocked it.

 

But it was nvr removed from my PC.

 

Pls help me.

 

Rjq64vw.png

Attached Files


Edited by Chanatprk, 22 March 2017 - 05:20 PM.


BC AdBot (Login to Remove)

 


#2 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:12:43 PM

Posted 22 March 2017 - 07:31 PM

Hi Chanatprk,

Thanks for the logs. I will review them and give you more instructions soon. As I am still in training, my replies will need to be reviewed by another person before they can be posted, so there may be a small delay.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#3 Chanatprk

Chanatprk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 23 March 2017 - 05:32 AM

Thx for answer. i have more information if u want

 

T4UQ75J.png



#4 Chanatprk

Chanatprk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 23 March 2017 - 05:53 AM

Just now my window defender notice me that it detected malware

 

In spite of i used 4-5 anti virus deleted it and checked scan my PC 

 

until i thought they would had no threat anymore few days ago.

 

9FLJETq.png


Edited by Chanatprk, 23 March 2017 - 05:55 AM.


#5 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:12:43 PM

Posted 26 March 2017 - 11:56 AM

Hi Chanatprk,

Thanks for waiting. Please follow the below instructions. Let me know if those alerts stop showing up after following the instructions.

:step1: Did you install "C:\Users\Cn\Desktop\TOOLS\EncodingServer.exe"? Just let me know if you didn't.

:step2: iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located).
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Click on the Fix button.
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad.
  • Copy and paste its content in your next reply.
:step3: zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop.
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Accept the EULA (I accept), let the database update, then click on Scan.
    7RyaQR9.png
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes.
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it.
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply.
:step4: Farbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds.
  • Check the "Drivers MD5" button under "Optional Scan".
  • Click on the Scan button.
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files.
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply.

Attached Files


Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#6 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:12:43 PM

Posted 30 March 2017 - 05:43 PM

Hi Chanatprk,

Were you able to follow the above instructions? This topic will be closed in two days if you do not reply.

Thanks!

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,596 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 PM

Posted 03 April 2017 - 02:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users