Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Sons PC infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Sons PC infected

Unread postby BarkFast » May 17th, 2020, 5:23 pm

Addition.txt
Addition.txt


Hi - My sons laptop seems to be infected. Here is what I've seen/done
- His Mincraft App wouldn't load
- He has a tool running called "One Updater" running
- A screen that I couldnt' close called "PC Accelerate Express" was running
- I ran some removal tools (EmiSoft and AdwCleaner, Rkill) before posting, apologies I didn't know about this group. I have run FRST64 After both of these ran so FRST64 scan results are up to date.
- My sons PC uses a monitoring tool called Qustidio. I will be remove that after posting.
Thanks in advance
You do not have the required permissions to view the files attached to this post.
BarkFast
Active Member
 
Posts: 11
Joined: May 13th, 2020, 11:33 pm
Advertisement
Register to Remove

Re: Sons PC infected

Unread postby mAL_rEm018 » May 17th, 2020, 5:34 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello BarkFast,

Welcome to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing your logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2412
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Sons PC infected

Unread postby mAL_rEm018 » May 18th, 2020, 4:53 pm

Hi BarkFast,

Please do the following...

Backup your registry using TCRB

  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Barkfast wrote:Here is what I've seen/done


Please locate the following logs and post them here:

C:\Users\adamv\Desktop\Rkill.txt
C:\AdwCleaner\Logs\AdwCleanerS*.txt


-----------------------------------------
In your next reply, I would like to see..
  • Did you have any problem following my instructions?
  • Rkill log
  • AdwCleaner log
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2412
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Sons PC infected

Unread postby BarkFast » May 18th, 2020, 10:38 pm

mAL

Thanks for the help.
I had no problems running your instructions.
Attached are the Rkill Log from 5.13 and the AdwClear Log from 5.13 (There were two files here with 2 different timestamps) I've uploaded both

Thanks again
BarkFast
You do not have the required permissions to view the files attached to this post.
BarkFast
Active Member
 
Posts: 11
Joined: May 13th, 2020, 11:33 pm

Re: Sons PC infected

Unread postby mAL_rEm018 » May 19th, 2020, 5:13 pm

Hi BarkFast,

BarkFast wrote:Thanks for the help.

It's my pleasure. :)

Please do the following..

  • Please open the Start menu.
  • Click on Settings and then System.
  • Select Apps & Features.
  • Locate and click on the following programs:
    • OneUpdater
    • PlazyPCAP
    • SSOption
  • Select uninstall.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
    Note: you can only remove one program at a time.

Next...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.
babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer;OneUpdater;PlazyPCAP;SSOption

  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... SearchReg.txt
  • Please post it in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • Did you have any difficulties following my instructions?
  • How is the computer behaving?
  • SearchReg.txt
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2412
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Sons PC infected

Unread postby BarkFast » May 19th, 2020, 10:06 pm

Hi mAL - thanks again.

I was able to follow all instructions.
The PC seems to be working better (faster, the PCacceerate/OneUpdate windows gone)
McAfee is still installed but expired, I assume I can remove it ?

Attached is the result of the registry search
You do not have the required permissions to view the files attached to this post.
BarkFast
Active Member
 
Posts: 11
Joined: May 13th, 2020, 11:33 pm

Re: Sons PC infected

Unread postby mAL_rEm018 » May 21st, 2020, 7:01 am

Hi BarkFast,

My apologies for the delay. Things are quite hectic over here, but I will have an answer for you tonight. In the meantime, yes, you can feel free to remove McAfee.

Regards,
mAL
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2412
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Sons PC infected

Unread postby BarkFast » May 21st, 2020, 11:04 am

Hi mAL

Thanks for the update. There is no rush, I’m just grateful for the help. Thanks

Bill
BarkFast
Active Member
 
Posts: 11
Joined: May 13th, 2020, 11:33 pm

Re: Sons PC infected

Unread postby mAL_rEm018 » May 22nd, 2020, 6:31 am

Hi Bill,

Before I send you a fix, I've just noticed something that I need to ask:

The PC seems to be working better (faster, the PCacceerate/OneUpdate windows gone)

You made no mention of "PlazyPCAP". Did you remove the program or were you unable to do so?
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2412
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Sons PC infected

Unread postby BarkFast » May 22nd, 2020, 1:37 pm

hi mAL

Apologies for the confusion. I was able to uninstall all 3 programs you listed successfully: OneUpdater, PlazyPCAP, SSOption

Bill
BarkFast
Active Member
 
Posts: 11
Joined: May 13th, 2020, 11:33 pm

Re: Sons PC infected

Unread postby BarkFast » May 22nd, 2020, 1:45 pm

hi mAL

I saw this unusual pop-up when using the edge broswer just now. Not sure if its Malware related. I thought I'd share with you in case it was.

Bill
You do not have the required permissions to view the files attached to this post.
BarkFast
Active Member
 
Posts: 11
Joined: May 13th, 2020, 11:33 pm

Re: Sons PC infected

Unread postby mAL_rEm018 » May 23rd, 2020, 8:30 am

Hi Bill,

BarkFast wrote:I saw this unusual pop-up when using the edge broswer just now. Not sure if its Malware related. I thought I'd share with you in case it was.

Don't worry about the popup for now.

Please do the following...

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank notepad file named fixlog.txt will open.
  • Copy and paste the following into it ....
Code: Select all
CreateRestorePoint:

HKU\S-1-5-21-3971547430-1501294538-298062416-1001\...\Run: [One Updater] => C:\Program Files (x86)\OneMellifluousUpdater\OneUpdater.exe [8461152 2020-05-08] (OneMellifluousUpdaterCode -> Mellifluous Company) [File not signed]
2020-05-08 23:13 - 2020-05-13 21:35 - 000000000 ____D C:\Program Files (x86)\PlazyPCAP
2020-05-08 23:13 - 2020-05-08 23:15 - 000000000 ____D C:\ProgramData\PlazyPCAP
2020-05-08 23:13 - 2020-05-08 23:13 - 000000000 ____D C:\Users\adamv\AppData\Local\PlazyPCAP
2020-05-08 23:13 - 2020-05-08 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlazyPCAP
2020-05-08 23:12 - 2020-05-08 23:15 - 000000000 ____D C:\Program Files (x86)\PCAP_Tool
2020-05-08 23:12 - 2020-05-08 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneUpdater
2020-05-08 23:12 - 2020-05-08 23:12 - 000000000 ____D C:\Program Files (x86)\OneMellifluousUpdater

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\PlazyPCAP]
Reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION" /v "PlazyPCAP.exe" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3971547430-1501294538-298062416-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION" /v "PlazyPCAP.exe" /f
Reg: reg.exe delete "HKEY_USERS\S-1-5-21-3971547430-1501294538-298062416-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /v "C:\Program Files (x86)\PlazyPCAP\uninstall.exe" /f

VirusTotal: C:\Program Files (x86)\NameGarobe\NameGarobe.exe;C:\Users\adamv\Downloads\Setup.msi

Hosts:
CMD: ipconfig /flushdns
EmptyTemp:

  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST
  • Please post me the log

I need to see a fresh FRST log..

  • Right-click on FRST64.exe and select Run as administrator.
  • The tool might update. Please allow it to do so.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.

-----------------------------------------
In your next reply, I would like to see..
  • How is your computer behaving?
  • fixlog.txt
  • FRST.txt
  • Addition.txt
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2412
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Sons PC infected

Unread postby BarkFast » May 23rd, 2020, 11:20 pm

hi mAL

I was able to follow everything. The only note is that when I hit Ctrl - Y, it did not create a file names fixlog, it created a notepad file with what looked like a random name. The 'Fix' step seemed to work ok.

PC is working well. Attached are the files.

Thanks mAL

B
You do not have the required permissions to view the files attached to this post.
BarkFast
Active Member
 
Posts: 11
Joined: May 13th, 2020, 11:33 pm

Re: Sons PC infected

Unread postby mAL_rEm018 » May 26th, 2020, 4:43 pm

Hi Bill,

I want to apologize again for my delay. You will have my instructions tomorrow at the latest.

mAL
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2412
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Sons PC infected

Unread postby mAL_rEm018 » May 28th, 2020, 6:23 am

Hi Bill,

Let's run a general scan, and then we will run a quick fix with FRST. If all goes well, then I will give you the all clear. There won't be anymore delays in between my replies.

  • Please download Malwarebytes Anti-Malware from Here
  • Save it to your Desktop.
  • Right-Click on MBSetup.exe and select Run as Administrator.
  • Follow the instructions on the screen to install the program.
  • Once the installation process is over Malwarebytes should automatically open.
  • Click on Check for Updates
  • Once the updates have been installed, select the Scan tab.
  • Ensure that Threat Scan is selected and click on Start Scan.
  • Once the scan is completed, if there has been any detections, select Apply Actions.
  • You will most likely be prompted to restart your computer, if so please allow the reboot.

Once your computer is restarted, please do the following..

  • Open Malwarebytes Anti-Malware and click on Reports.
  • Double-click on the Scan Report by looking at the timestamp (it should be in the following order: Day/Month/Year Time)
  • Click Export and select Text file (*.txt).
  • In the File name: box, please write MBAM Log and save it to your desktop.
  • Once the process is over, a message will appear stating that the file has been successfully exported. Click OK.
  • Please post the contents of MBAM Log.txt in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • How is your computer behaving?
  • MBAM Log.txt
User avatar
mAL_rEm018
MRU Teacher
MRU Teacher
 
Posts: 2412
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 67 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware