Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have Adware.Elex in my laptop


  • Please log in to reply
22 replies to this topic

#1 PastMemories

PastMemories

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Labuan, Malaysia
  • Local time:05:42 PM

Posted 01 April 2017 - 05:47 AM

Adware.Elex has been in my system for a while now, since 2016 though I thought that I got rid of it using Malwarebytes Anti-Virus. Quarantine and deleting whatever gets detected by it only pops up weeks later (though possibly days later since I only check if I suspect there is any). This laptop is fairly new, my dad got it in Dec 2015.

 

It is to be noted that I don't actually detect anything different with my computer since detection (no major slowdowns, glitchy stuff, etc.) but in the last two days when I shut down the laptop a small screen pops up in a split second before it turns off. It looks like the 'Programs Still Running' screen that pops up if you have any while shutting down, but I'm not sure, though there were two files shown on it (with the usual file icon). Also, restarting takes forever if I initiate it on my own. It only works if a program initiates it with my consent.

 

I also checked a thread that had this problem with Adware.Elex, and I have been alerted that KMSpico has something to do with this malware. I have it on my computer, but I haven't done anything to it yet. Any advice on what should I do? I'd be posting this in the logs forum as I've already done a FRST scan but I don't seem to have permission to post there...

 

Some other information:

 

I'm running Windows 10 Home Single Language, and have a Intel Core i5-5200U CPU @ 2.20GHz processor.

 

I deleted the adware and some other files Malwarebytes Anti-Virus detected using it, and I still have the logs if needed. I also ran Malwarebytes AdwCleaner and saw that it detected a lot of files after a scan, but I did nothing and just closed the program and deleted the program afterwards.


Edited by PastMemories, 01 April 2017 - 06:16 AM.


BC AdBot (Login to Remove)

 


#2 kamild1996

kamild1996

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 01 April 2017 - 06:10 AM

You can post the logs here: https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
I'm going to attach myself to this thread because I'm actually also having the same problem. I keep getting infected with Elex/Kyubey and the situation is the same - I remove it with all I have, and it comes back. Even BitDefender is unable to detect it. One of the experts () also helped me remove the malware/adware from my computer, and despite logs being pure clean, the infection just comes back the next day, even though I did not download/install any software and did not plug in any new flash drives that could cause the reinfection.

Edited by kamild1996, 01 April 2017 - 06:10 AM.


#3 PastMemories

PastMemories
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Labuan, Malaysia
  • Local time:05:42 PM

Posted 01 April 2017 - 06:24 AM

I'd post the logs there, but I keep getting denied permission for it. I'm waiting for someone to ask for the logs so I can post them here... at least this adware doesn't seem to affect my system much (though I don't know if it's affecting my ads because I have AdBlock). Hopefully help can come fast for us!



#4 kamild1996

kamild1996

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 01 April 2017 - 06:29 AM

You should be able to do so in the category I posted earlier. Don't attach the logs as a file, instead just copy and paste the content straight into your first post.

The only thing I've noticed with this adware is that it periodically closes any open browsers (incl. Opera) and reinstalls infected versions of Firefox and Chrome.

 

To be honest, I may still have KMSPico installed on my computer, but I no longer need it so I'm going to uninstall it and check if it has changed anything. I've used it to test out MS Office for a bit longer but I've recently purchased a license so it serves no more purpose to me. Didn't use it for activating Windows though, I got Windows 10 straight from the MS image download tool (can't recall its name rn) and activated it with my own key...



#5 PastMemories

PastMemories
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Labuan, Malaysia
  • Local time:05:42 PM

Posted 01 April 2017 - 06:37 AM

Tried doing as you said by not attaching the logs as a file... still got denied. Oh well.

 

I don't dare do anything to that program yet, but I'm aware it's connected to this. I mean, it was sitting there innocently I thought nothing of it until I saw a similar thread about this adware and saw that the one who was helping the OP told them to uninstall it after checking.



#6 kamild1996

kamild1996

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 08 April 2017 - 05:09 PM

It may have been KMSPico that was actually guilty, because I removed it like 5 days ago, and I see nothing that would indicate the re-infection.



#7 PastMemories

PastMemories
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Labuan, Malaysia
  • Local time:05:42 PM

Posted 09 April 2017 - 04:37 PM

I've removed it by now, but I'm a little shocked that this thread has no one helping us yet. I've posted this 10 days ago...



#8 kamild1996

kamild1996

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 10 April 2017 - 03:35 AM

...goddammit, false alarm. KMSPico wasn't actively doing it, today it just reactivated again under a different name. It's no longer Kyubey, its names has changed now...

Is there really no way to get rid of this pest?

 

EDIT: Ok, I got more information about this infection. Apparently, Elex got updated and it just got identified this Saturday. Right now only ESET (and other less known AVs) is capable of detecting it (VirusTotal - https://www.virustotal.com/pl/file/5c94186197586b8b1a5b26a173bd1070dc48ff725d728d745a567cb78ad87313/analysis/1491816366/). ESET also has a special application made for removing Elex, it seems to clean up infected browsers but it probably doesn't remove the updated variant of Elex.

Right now I'm scanning with a trial version of ESET just to finally remove the infection. I would suggest doing the same, PastMemories, just remember to disable/uninstall other antiviruses you may be running right now.


Edited by kamild1996, 10 April 2017 - 05:07 AM.


#9 kamild1996

kamild1996

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 12 April 2017 - 02:27 PM

Update: Now ESET removed two services, which I couldn't remove with any admin commands: MVCService and Apple Azure. I thought these were legit, but looks like I assumed poorly... 

ESET removed those service like 15 minutes ago, so maybe it just got a definition update that lets it fully detect Elex now. I think my PC should be cleaned out of that garbage finally, but just in case I'm going to plug all my external drives and run a full scan on them to make sure these didn't get infected as well.


Edited by kamild1996, 12 April 2017 - 02:34 PM.


#10 PastMemories

PastMemories
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Labuan, Malaysia
  • Local time:05:42 PM

Posted 13 April 2017 - 05:42 AM

I think ESET fully did the job! A few scans using the antivirus for a few days got rid of a few trojans that I haven't been aware of. Then using that other special program you gave the link to, it fully removed Elex... at least, I think so. I'm not sure if it really just got rid of this updated variant of Elex, but I hope it did.



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:42 AM

Posted 17 April 2017 - 10:13 AM

Hello, you should also run...
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • [/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 kamild1996

kamild1996

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 17 April 2017 - 02:11 PM

^ Wasn't even needed in my case, after ESET removed Elex from my computer, AdwCleaner was unable to find anything that was left behind it.



#13 PastMemories

PastMemories
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Labuan, Malaysia
  • Local time:05:42 PM

Posted 18 April 2017 - 02:38 AM

Apparently I was wrong in my case. Still got the case of the nasty Elex.

 

Scan Log:

 

# AdwCleaner v6.045 - Logfile created 18/04/2017 at 15:27:16
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-17.1 [Server]
# Operating System : Windows 10 Home Single Language  (X64)
# Username : HP - DESKTOP-KH9N56S
# Running from : C:\Users\HP\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  SparkSvc
Service Found:  SparkUpdater
Service Found:  vonetframe
Service Found:  sparksvc
Service Found:  sparkupdater
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\HP\AppData\Roaming\eCyber
Folder Found:  C:\ProgramData\ReviverSoft
Folder Found:  C:\ProgramData\Application Data\ReviverSoft
Folder Found:  C:\Users\Public\Documents\pc faster
 
 
***** [ Files ] *****
 
File Found:  C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
File Found:  C:\WINDOWS\SysNative\drivers\vonetframe.sys
File Found:  C:\WINDOWS\vonetframeHelp.dll
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  YCMServiceAgent
Task Found:  SparkUpdater
Task Found:  sparkupdater
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.001
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.7z
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.arj
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.bz2
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.bzip2
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.cab
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.cpio
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.deb
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.dmg
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.fat
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.gz
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.gzip
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.hfs
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.iso
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.lha
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.lzh
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.lzma
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.ntfs
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.rar
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.rpm
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.squashfs
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.swm
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.tar
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.taz
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.tbz
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.tbz2
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.tgz
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.tpz
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.txz
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.vhd
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.wim
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.xar
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.xz
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.z
Key Found:  HKLM\SOFTWARE\Classes\WinZippers.zip
Key Found:  HKU\S-1-5-21-1203001410-619351588-2691447830-1001\Software\Classes\BaiduSparkHTML
Key Found:  HKCU\Software\Classes\BaiduSparkHTML
Key Found:  HKLM\SOFTWARE\Classes\Baidu.FacePack
Key Found:  HKLM\SOFTWARE\Classes\BaiduSparkHTML
Key Found:  HKLM\SOFTWARE\Classes\MTview.bmp
Key Found:  HKLM\SOFTWARE\Classes\MTview.dib
Key Found:  HKLM\SOFTWARE\Classes\MTview.emf
Key Found:  HKLM\SOFTWARE\Classes\MTview.exif
Key Found:  HKLM\SOFTWARE\Classes\MTview.gif
Key Found:  HKLM\SOFTWARE\Classes\MTview.ico
Key Found:  HKLM\SOFTWARE\Classes\MTview.jfif
Key Found:  HKLM\SOFTWARE\Classes\MTview.jpe
Key Found:  HKLM\SOFTWARE\Classes\MTview.jpeg
Key Found:  HKLM\SOFTWARE\Classes\MTview.jpg
Key Found:  HKLM\SOFTWARE\Classes\MTview.png
Key Found:  HKLM\SOFTWARE\Classes\MTview.tif
Key Found:  HKLM\SOFTWARE\Classes\MTview.tiff
Key Found:  HKLM\SOFTWARE\Classes\MTview.wmf
Key Found:  [x64] HKCU\Software\Classes\BaiduSparkHTML
Key Found:  [x64] HKLM\SOFTWARE\Classes\Baidu.FacePack
Key Found:  [x64] HKLM\SOFTWARE\Classes\BaiduSparkHTML
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.bmp
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.dib
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.emf
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.exif
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.gif
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.ico
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.jfif
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.jpe
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.jpeg
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.jpg
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.png
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.tif
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.tiff
Key Found:  [x64] HKLM\SOFTWARE\Classes\MTview.wmf
Key Found:  HKU\S-1-5-21-1203001410-619351588-2691447830-1001\Software\V9
Key Found:  HKU\S-1-5-21-1203001410-619351588-2691447830-1001\Software\STA
Key Found:  HKU\S-1-5-21-1203001410-619351588-2691447830-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark
Key Found:  HKCU\Software\V9
Key Found:  HKCU\Software\STA
Key Found:  HKLM\SOFTWARE\hdcode
Key Found:  HKLM\SOFTWARE\TSv
Key Found:  HKLM\SOFTWARE\V9
Key Found:  HKLM\SOFTWARE\WinZiper
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark
Key Found:  [x64] HKCU\Software\V9
Key Found:  [x64] HKCU\Software\STA
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com
Key Found:  HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites12
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.co
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.c
Key Found:  [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MTView]
Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MTView]
Key Found:  HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Key Found:  HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Key Found:  HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Key Found:  HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [7884 Bytes] - [18/04/2017 15:27:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7957 Bytes] ##########
 
Cleaning Log:
 
# AdwCleaner v6.045 - Logfile created 18/04/2017 at 15:32:48
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-17.1 [Server]
# Operating System : Windows 10 Home Single Language  (X64)
# Username : HP - DESKTOP-KH9N56S
# Running from : C:\Users\HP\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: SparkSvc
[-] Service deleted: SparkUpdater
[-] Service deleted: vonetframe
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\HP\AppData\Roaming\eCyber
[-] Folder deleted: C:\ProgramData\ReviverSoft
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ReviverSoft
[-] Folder deleted: C:\Users\Public\Documents\pc faster
 
 
***** [ Files ] *****
 
[-] File deleted: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[#] File deleted: C:\WINDOWS\SysNative\drivers\vonetframe.sys
[#] File deleted: C:\WINDOWS\vonetframeHelp.dll
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: YCMServiceAgent
[-] Task deleted: SparkUpdater
[-] Task deleted: sparkupdater
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\sparksvc
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\services\sparkupdater
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.001
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.z
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Key deleted: HKU\S-1-5-21-1203001410-619351588-2691447830-1001\Software\Classes\BaiduSparkHTML
[#] Key deleted on reboot: HKCU\Software\Classes\BaiduSparkHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\Baidu.FacePack
[-] Key deleted: HKLM\SOFTWARE\Classes\BaiduSparkHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.bmp
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.dib
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.emf
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.exif
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.gif
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.ico
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.jfif
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.jpe
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.jpeg
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.jpg
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.png
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.tif
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.tiff
[-] Key deleted: HKLM\SOFTWARE\Classes\MTview.wmf
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\BaiduSparkHTML
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Baidu.FacePack
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\BaiduSparkHTML
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.bmp
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.dib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.emf
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.exif
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.gif
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.ico
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.jfif
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.jpe
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.jpeg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.jpg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.png
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.tif
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.tiff
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\MTview.wmf
[-] Key deleted: HKU\S-1-5-21-1203001410-619351588-2691447830-1001\Software\V9
[-] Key deleted: HKU\S-1-5-21-1203001410-619351588-2691447830-1001\Software\STA
[-] Key deleted: HKU\S-1-5-21-1203001410-619351588-2691447830-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark
[#] Key deleted on reboot: HKCU\Software\V9
[#] Key deleted on reboot: HKCU\Software\STA
[-] Key deleted: HKLM\SOFTWARE\hdcode
[-] Key deleted: HKLM\SOFTWARE\TSv
[-] Key deleted: HKLM\SOFTWARE\V9
[-] Key deleted: HKLM\SOFTWARE\WinZiper
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spark
[#] Key deleted on reboot: [x64] HKCU\Software\V9
[#] Key deleted on reboot: [x64] HKCU\Software\STA
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spark
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yoursites123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yoursites123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yoursites123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yoursites123.com
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MTView]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MTView]
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Key deleted: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Key deleted: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key deleted: HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [8730 Bytes] - [18/04/2017 15:32:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [8136 Bytes] - [18/04/2017 15:27:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8876 Bytes] ##########


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:42 AM

Posted 18 April 2017 - 08:07 AM

Ok run these two also and see.

lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 PastMemories

PastMemories
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Labuan, Malaysia
  • Local time:05:42 PM

Posted 18 April 2017 - 10:59 AM

ESET is currently downloading its virus signature database so I'll post the log from JRT.

 

Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home Single Language x64 
Ran by HP (Administrator) on 18/04/2017 Tue at 23:17:37.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\BsrSvc (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/04/2017 Tue at 23:28:22.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users