Double Check for Clean PC

I got Lumma Stealer a little while ago, Infection disguised as a Liar's Bar Mod, and as a result had to spend a week recovering lost accounts; also ended up wiping my pc.

 

It's been smooth sailing so far, but starting earlier this week my right click menu has started to take 5-10 seconds longer to open.

While it's probably nothing the paranoia crept in so now I'm here.

 

The PC is shared by myself and my buddy Alex, I think he still downloads shady stuff after my Lumma fiasco without telling me, so I'd like to double check that the pc

is actually clean and he told me this was the site to ask, so what should I do next?

Edited by Shiba-INK, 30 April 2025 - 02:14 AM.

Finally found the log files from FRST: 

 

Addition: 

 

DMDE, Disk Editor and Recovery Software, was software I used to restore a partition that ended up being deleted on my "UberFast M.2" drive during Win11 reinstall not too long ago btw.

Edited by Shiba-INK, 30 April 2025 - 02:19 AM.

Deleting Magix Vegas Pro 22, I knew he downloaded something.

 

Update: The install file no longer exists in C: Downloads

 

Update 2: It was in Defender Quarantine

 

Vegas Pro 22 Deleted, same with a couple pirated movies, we have a Pro 19 key from Humble Bundle so IDK why he downloaded 22 from who knows where.

 

Most of the audio-pugins have visible keys and are signed in with his Email so I'm going to leave them, they all passed a virus-total scan as well.

 

Update 3: I think I removed all the sketchy files I can find, I'll leave the rest up to whoever takes up helping me. Sidenote: I'm getting my good friend Alex his very own laptop.

Edited by Shiba-INK, 30 April 2025 - 02:35 AM.

Hello..! BleepingComputer Forums..!  My name is icotonev and I'm here to help you remove malware ..!
Please give me some time to examine your logs and I will get back to you as soon as possible.
 

Run CKScanner

• Download CKScanner from here and save it to your desktop.
• Doubleclick CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

 

Check the operating system

• Press Windows icon on your Desktop, together with the letter R.
• Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
• Copy and paste the following command and press Enter:

slmgr /dli

• After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.

 

 

Scan with SecurityCheck by glax24

• Temporarily disable Microsoft SmartScreen only if it blocks the download of the software. The program is safe
• Download SecurityCheck by glax24 from here
• If SmartScreen blocks the file from running click on More info and Run anyway
• This tool is safe.   Smartscreen is overly sensitive. You can check the VirusTotal scan of the tool from here
• Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow it to run
• Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
• You can find this file in a folder called SecurityCheck,  C:\SecurityCheck\SecurityCheck.txt

I get a cloudflare host error for the CKScanner link

 

"Invalid SSL certificate"

Edited by Shiba-INK, 30 April 2025 - 07:22 AM.

Here's Security Check and a screenshot from the CMD

Edited by icotonev, 30 April 2025 - 07:57 AM.

I get a cloudflare host error for the CKScanner link

 

"Invalid SSL certificate"

 

 

Yes it really is ..! Please continue with the next steps ..! 

Sent both other steps just before you replied.

Here's Security Check and a screenshot from the CMD

Right here

Just in case it only sent on my end, it's happened before 

Edited by icotonev, 01 May 2025 - 10:50 AM.

 

 

• Download the Revo Uninstaller (Free Download) and save it on your Desktop.
• Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
• Double click the program's icon to open it.
• Write in the search area, on the top left, the following program:

Avast Secure Browser v.134.0.29548.179 

Avast Update Helper v.1.8.1993.6 

• Choose the Uninstall tab from the menu and let the program to create a Restore point.
• Choose Scan, and then the Advanced mode scan.
• Select all the Online Services items found, Delete and Next.
• Let the procedure be completed and click on Finish.
• Restart the computer.

 

Edited by icotonev, 30 April 2025 - 08:04 AM.

Quick side note: I deleted both my licensed Vegas Pro 19 and the likely pirated Vegas Pro 22 folders with the Avast Shredder, but 22 still shows up in Revo and fails to uninstall.

 

NVM, Revo helped me find the registry key left behind and 22 left the uninstall list once removed. I also updated Edge, Avast, and Visual C++ while I had the time.

Edited by Shiba-INK, 30 April 2025 - 08:37 AM.