Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MyCashBar - app won't remove even reinstalling windows.


  • This topic is locked This topic is locked
8 replies to this topic

#1 Rotar

Rotar

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 07 January 2018 - 10:30 PM

 Somehow MyCashBar ended up in my Computer, so I did a re-install of Windows that erases everything but some of the stuff on this computer, and the first thing I saw when I turned on the fresh computer was a prompt to install MyCashBar from mycashbar.com . I want that out of my computer! thank you!

 

oQzafLG.png

 

 

- Editor said my post was too long, so instead of coping and pasting the log results I'm attaching em - 

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:50 PM

Posted 08 January 2018 - 04:45 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***



Copy FRST / FSRT64.exe to your desktop!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt


Start::
CreateRestorePoint:
CloseProcesses:
Startup: C:\Users\lucia_wdwpmk6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyCashBar.appref-ms [2018-01-06] ()
R3 ALSysIO; C:\Users\lucia_wdwpmk6\AppData\Local\Temp\ALSysIO64.sys [46384 2018-01-07] (Arthur Liberman) <==== ATTENTION
End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.
How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Rotar

Rotar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 08 January 2018 - 06:41 AM

Thanks Jo!

 

The pop up did not appear after restart, so I guess that's a good sign!
 

 

What type of malware, Trojan was this please? What was it doing to my computer? so I can take the cautionary measures?

 

So many thanks!

Attached Files


Edited by Rotar, 08 January 2018 - 06:42 AM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:50 PM

Posted 08 January 2018 - 06:52 AM

The problem was only an entry in the Startup Folder:

Startup: C:\Users\lucia_wdwpmk6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyCashBar.appref-ms [2018-01-06] ()

If you did not install it, all should be well.

Edited by Jo*, 08 January 2018 - 07:10 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Rotar

Rotar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 08 January 2018 - 07:38 AM

Thanks Jo, I did installed it once, then uninstalled it with Windows Uninstall. 



#6 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:50 PM

Posted 08 January 2018 - 07:54 AM

Ok we scan with MBAM now:

Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Rotar

Rotar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 08 January 2018 - 08:39 AM

Hi Jo. Couldn't find:

 

The history Tab. 

 

But I'm attaching another log from the malwares found.

Attached Files


Edited by Rotar, 08 January 2018 - 08:40 AM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:50 PM

Posted 08 January 2018 - 08:45 AM

ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.

Enable all your antivirus and antimalware software.

Edited by Jo*, 08 January 2018 - 08:46 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:50 PM

Posted 12 January 2018 - 04:32 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users