Download issue Opera Solved

Question

Hello

It has been over a month that I can no longer download files from any browser; for example with Opera the download starts and then, at the end, it shows the icon of my hard drive with the note: Virus scan failed

Thank you for your help

Anonymous user · Accepted Answer

Re  This is not finished!!!  -- --------Security Contributor--------- We have all been beginners at something at some point. But knowledge is the reward of diligence.

Anonymous user · Answer

Good evening

How does the download go with another browser?

See you later

--

--------Security Contributor---------
We have all been beginners at something one day.
But knowledge is the reward of diligence.

lolomo1110 · Answer

Good evening   It's exactly the same thing on Firefox Chrome and Safari

Anonymous user · Answer

Good evening  And in Safe Mode with network support?  See you  -- --------Security Contributor--------- We have all been beginners at something once. But knowledge is the reward of diligence.

lolomo1110 · Answer

Good evening  Even in safe mode with networking enabled it's the same problem, and even if I create another user it doesn't work

Anonymous user · Answer

Re

But you still have access to Internet;only downloads are getting stuck?

@+

--
--------Security Contributor---------
We have all been beginners at some point.
But knowledge is the reward of diligence.

lolomo1110 · Answer

Yes, really everything works except the downloads

Anonymous user · Answer

Good evening

From another PC and with a USB drive do this:

[*] Download on the desktop RogueKiller (by tigzy)

put it on the PC with the issue and:

[*] Quit all programs
[*] Run RogueKiller.exe.
[*] Wait for the Prescan to finish ...
[*] Click Scan. Click Report and copy/paste the contents of the report using this same key

See you later

--
--------Security Contributor---------
We have all been beginners at something one day.
But knowledge is the reward of diligence.

lolomo1110 · Answer

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600) 32-bit version
Startup : Normal mode
User : admin [Admin rights]
Mode : Deletion -- Date : 08/08/2013 00:50:34
| ARK || FAK || MBR |

¤¤¤ Malicious processes : 2 ¤¤¤
[SUSP PATH] ContinueToSave.exe -- C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe [-] -> KILLED [TermProc]
[SUSP PATH] EasylifeGadget Updater.exe -- C:\ProgramData\BetterSoft\EasylifeGadget Updater\EasylifeGadget Updater.exe [-] -> KILLED [TermProc]

¤¤¤ Registry entries : 15 ¤¤¤
[RUN][HJNAME] HKCU\[...]\Run : 08f4dc96bbb7af09d1a37fe35c75a42f ("C:\Users\admin\AppData\Local\Temp\explorer.exe" .. [x][-]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Live Messenger.exe (C:\Users\admin\AppData\Local\Temp\tmp5EA4.tmp.exe [-]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Xabjzrdlmfscdkwz.exe ("C:\Users\admin\AppData\Roaming\Xabjzrdlmfscdkwz.exe" [x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Mhsmdxcnvzsnzrwq.exe ("C:\Users\admin\AppData\Roaming\Mhsmdxcnvzsnzrwq.exe" [x]) -> DELETED
[RUN][HJNAME] HKLM\[...]\Run : 08f4dc96bbb7af09d1a37fe35c75a42f ("C:\Users\admin\AppData\Local\Temp\explorer.exe" .. [x][-]) -> DELETED
[RUN][HJNAME] HKUS\S-1-5-21-3465505239-247864883-2392500668-1000\[...]\Run : 08f4dc96bbb7af09d1a37fe35c75a42f ("C:\Users\admin\AppData\Local\Temp\explorer.exe" .. [x][-]) -> [0x2] The specified file was not found.
[RUN][SUSP PATH] HKUS\S-1-5-21-3465505239-247864883-2392500668-1000\[...]\Run : Windows Live Messenger.exe (C:\Users\admin\AppData\Local\Temp\tmp5EA4.tmp.exe [-]) -> [0x2] The specified file was not found.
[RUN][SUSP PATH] HKUS\S-1-5-21-3465505239-247864883-2392500668-1000\[...]\Run : Xabjzrdlmfscdkwz.exe ("C:\Users\admin\AppData\Roaming\Xabjzrdlmfscdkwz.exe" [x]) -> [0x2] The specified file was not found.
[RUN][SUSP PATH] HKUS\S-1-5-21-3465505239-247864883-2392500668-1000\[...]\Run : Mhsmdxcnvzsnzrwq.exe ("C:\Users\admin\AppData\Roaming\Mhsmdxcnvzsnzrwq.exe" [x]) -> [0x2] The specified file was not found.
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$917d6a61a198bb81df06df30128c7fb4\n. [x]) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$917d6a61a198bb81df06df30128c7fb4\n. [x]) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][ROGUE ST] schedule!3425674635.job : C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe - /schedule /profile "c:\programdata\premium\continuetosave\3425674635.ini" [-][-] -> DELETED
[V1][ROGUE ST] schedule!2844174011.job : C:\ProgramData\BetterSoft\EasylifeGadget Updater\EasylifeGadget Updater.exe - /schedule /profile "c:\programdata\bettersoft\easylifegadget updater\2844174011.ini" [-][-] -> DELETED
[V2][SUSP PATH] Updater21810.exe : C:\Users\admin\AppData\Local\Updater21810\Updater21810.exe - /extensionid=21810 /extensionname="Giant Savings Extension" /chromeid=halffneccaebicfdfajnbfgpglahfgoe [-][x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤

¤¤¤ Folders / specific files: ¤¤¤
[ZeroAccess][Jonction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MsMpRes.dll : C:\Program Files\Windows Defender\M sMpRes.dll >> \systemroot\system32\config [-] --> Junction DELETED

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ External Drives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Hosts file: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST3160318AS +++++
--- User ---
[MBR] 9c230d5ff3c92bd4077babfd692941e3
[BSP] b24a1f2095d0da4eb17141a3688a2513 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76212 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 156289024 | Size: 76313 MB
User = LL1 ... OK!
User = LL2 ... OK!

End : << RKreport[0]_D_08082013_005034.txt >>
RKreport[0]_S_08072013_172002.txt;RKreport[0]_S_08082013_004945.txt

here is the report

lolomo1110 · Answer

Here is the report they gave me.

Anonymous user · Answer

Re

You follow up with Roguekiller and proceed to the deletion

Then you post his report; thank you

See you

--
--------Security Contributor---------
We all were beginners at something one day.
But knowledge is the reward of diligence.

lolomo1110 · Answer

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600) 32-bit version
Startup : Normal mode
User : admin [Admin rights]
Mode : Deletion -- Date : 08/08/2013 00:50:34
| ARK || FAK || MBR |

¤¤¤ Malicious processes : 2 ¤¤¤
[SUSP PATH] ContinueToSave.exe -- C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe [-] -> KILLED [TermProc]
[SUSP PATH] EasylifeGadget Updater.exe -- C:\ProgramData\BetterSoft\EasylifeGadget Updater\EasylifeGadget Updater.exe [-] -> KILLED [TermProc]

¤¤¤ Registry entries : 15 ¤¤¤
[RUN][HJNAME] HKCU\[...]\Run : 08f4dc96bbb7af09d1a37fe35c75a42f ("C:\Users\admin\AppData\Local\Temp\explorer.exe" .. [x][-]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Live Messenger.exe (C:\Users\admin\AppData\Local\Temp\tmp5EA4.tmp.exe [-]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Xabjzrdlmfscdkwz.exe ("C:\Users\admin\AppData\Roaming\Xabjzrdlmfscdkwz.exe" [x]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Mhsmdxcnvzsnzrwq.exe ("C:\Users\admin\AppData\Roaming\Mhsmdxcnvzsnzrwq.exe" [x]) -> DELETED
[RUN][HJNAME] HKLM\[...]\Run : 08f4dc96bbb7af09d1a37fe35c75a42f ("C:\Users\admin\AppData\Local\Temp\explorer.exe" .. [x][-]) -> DELETED
[RUN][HJNAME] HKUS\S-1-5-21-3465505239-247864883-2392500668-1000\[...]\Run : 08f4dc96bbb7af09d1a37fe35c75a42f ("C:\Users\admin\AppData\Local\Temp\explorer.exe" .. [x][-]) -> [0x2] The specified file was not found.
[RUN][SUSP PATH] HKUS\S-1-5-21-3465505239-247864883-2392500668-1000\[...]\Run : Windows Live Messenger.exe (C:\Users\admin\AppData\Local\Temp\tmp5EA4.tmp.exe [-]) -> [0x2] The specified file was not found.
[RUN][SUSP PATH] HKUS\S-1-5-21-3465505239-247864883-2392500668-1000\[...]\Run : Xabjzrdlmfscdkwz.exe ("C:\Users\admin\AppData\Roaming\Xabjzrdlmfscdkwz.exe" [x]) -> [0x2] The specified file was not found.
[RUN][SUSP PATH] HKUS\S-1-5-21-3465505239-247864883-2392500668-1000\[...]\Run : Mhsmdxcnvzsnzrwq.exe ("C:\Users\admin\AppData\Roaming\Mhsmdxcnvzsnzrwq.exe" [x]) -> [0x2] The specified file was not found.
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$917d6a61a198bb81df06df30128c7fb4\n. [x]) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$917d6a61a198bb81df06df30128c7fb4\n. [x]) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][ROGUE ST] schedule!3425674635.job : C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe - /schedule /profile "c:\programdata\premium\continuetosave\3425674635.ini" [-][-] -> DELETED
[V1][ROGUE ST] schedule!2844174011.job : C:\ProgramData\BetterSoft\EasylifeGadget Updater\EasylifeGadget Updater.exe - /schedule /profile "c:\programdata\bettersoft\easylifegadget updater\2844174011.ini" [-][-] -> DELETED
[V2][SUSP PATH] Updater21810.exe : C:\Users\admin\AppData\Local\Updater21810\Updater21810.exe - /extensionid=21810 /extensionname="Giant Savings Extension" /chromeid=halffneccaebicfdfajnbfgpglahfgoe [-][x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤

¤¤¤ Folders / specific files: ¤¤¤
[ZeroAccess][Jonction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Jonction] MsMpRes.dll : C:\Program Files\Windows Defender\M sMpRes.dll >> \systemroot\system32\config [-] --> Junction DELETED

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ External Drives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Hosts file: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST3160318AS +++++
--- User ---
[MBR] 9c230d5ff3c92bd4077babfd692941e3
[BSP] b24a1f2095d0da4eb17141a3688a2513 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76212 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 156289024 | Size: 76313 MB
User = LL1 ... OK!
User = LL2 ... OK!

End : << RKreport[0]_D_08082013_005034.txt >>
RKreport[0]_S_08072013_172002.txt;RKreport[0]_S_08082013_004945.txt

here is the report

Anonymous user · Answer

Good evening

Download Malwaresbytes Anti-Malware here
https://www.malwarebytes.com/

- Install it (choose "French" ; do not modify the installation settings) and update it.
- Review the tutorial to familiarize yourself with the program:
https://forum.pcastuces.com/sujet.asp?f=31&s=3

(it is very simple to use).

Relaunch Malwarebytes following these instructions precisely:

- Disconnect yourself and close all running applications!
- Run Malwarebytes. Under Vista, Seven or Windows 8 (right-click on the mouse "Run as administrator")
- Perform an update
- Do a so-called "Complete" scan
- Let the program work and do nothing else with the PC during the scan.
- At the end click on "Show results"
- Verify that all infected objects are validated, then click on "Delete the selected"

Note: if you need to restart your PC to finish the cleaning, do it!

Post the saved report after deleting the infected objects (in the "Reports/Log" tab of Malwarebytes, the most recent one)

@+

-- Security Contributor
We’ve all been beginners at some point.
But knowledge is the reward of diligence.

lolomo1110 · Answer

Since the deletion on Rogue Killer, downloads are working again thank you very much!!!!

lolomo1110 · Answer

I prefer not to do anything since it works, but if it stops working I will do what you told me.

Anonymous user · Answer

Hello  I’m marking this topic as resolved  @+  --  --------Security Contributor--------- We’ve all been beginners at something at some point. But knowledge is the reward of diligence.

Download issue Opera

16 answers

Find the cloud

Avast antivirus message

Problem importing contacts

Connecting a sony handycam video 8 ccd f555e to an hd tv

Copy the formatting of one cell to another cell

Old but effective office versions for windows 10/11

Delete account

I keep receiving messages from 62244—is it chargeable?

5g broadcast: free mobile tv without data or wi-fi costs

Orange wins legislative battle against telemarketing ban?