Surabaya
Solved
pinkpathart
Posted messages
20
Registration date
Status
Member
Last intervention
-
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Good evening,
there may already be a thread on this subject, but I haven't been able to get rid of the message Surabaya in my birthday that appears before the actual opening of my Windows 7. I have used AdwCleaner and PC Cleaner but the "thing" is still there.
Thank you
there may already be a thread on this subject, but I haven't been able to get rid of the message Surabaya in my birthday that appears before the actual opening of my Windows 7. I have used AdwCleaner and PC Cleaner but the "thing" is still there.
Thank you
17 answers
Hello,
it took me a while to come back because the process is long, I was always having to postpone.
But actually the scan gets stuck systematically at 212 infected files while the progress bar "scan in progress" is at about 60% and the fields are black.
While browsing a bit on the PC, I also see some scr files.
it took me a while to come back because the process is long, I was always having to postpone.
But actually the scan gets stuck systematically at 212 infected files while the progress bar "scan in progress" is at about 60% and the fields are black.
While browsing a bit on the PC, I also see some scr files.
Run the Kaspersky Removal tool in this case.
--
Please press any key to continue the disinfection...
--
Please press any key to continue the disinfection...
Here it is done, it found a Heuristic Trojan...
When I did that, I need to start over, at Nod 32? Restart: I went too fast, it found other dangerous beasts. I rushed because I felt, on one hand, that it was rebooting in a loop and on the other hand, the Surabaya was still there on the Windows restart.
When I did that, I need to start over, at Nod 32? Restart: I went too fast, it found other dangerous beasts. I rushed because I felt, on one hand, that it was rebooting in a loop and on the other hand, the Surabaya was still there on the Windows restart.
Formatting does not worry me more than that, I would just like you to confirm whether Kaspersky should have also removed Surabaya or not. You know I understand quickly, but it takes me a long time to explain. I am not necessarily familiar with these antiviruses and others.
In parallel, I opened a topic for an external hard drive; I would like to know if Kaspersky can clean it. It doesn't seem to take it into account.
Sorry if I mix the two; I saw that you recommended a FRST for him.
In parallel, I opened a topic for an external hard drive; I would like to know if Kaspersky can clean it. It doesn't seem to take it into account.
Sorry if I mix the two; I saw that you recommended a FRST for him.
I can already tell you that he has caught a multitude of those kinds of elements, and my PC is faster, but Surabaya awaits me at every startup.
I can go over it again, it seems much more efficient than a piece of junk that I paid for out of despair.
I can go over it again, it seems much more efficient than a piece of junk that I paid for out of despair.
Spyhunter ?
Go through it and:
Follow the FRST tutorial. ( take your time to read carefully - everything is well explained ).
Download and run the FRST scan, 3 FRST reports will be generated:
Send these 3 reports to the website http://pjjoint.malekal.com/ and in return provide the 3 pjjoint links that lead to the reports here in a new response so we can review them.
--
Please press a key to continue the disinfection...
Go through it and:
Follow the FRST tutorial. ( take your time to read carefully - everything is well explained ).
Download and run the FRST scan, 3 FRST reports will be generated:
- FRST.txt
- Shortcut.txt
- Additionnal.txt
Send these 3 reports to the website http://pjjoint.malekal.com/ and in return provide the 3 pjjoint links that lead to the reports here in a new response so we can review them.
--
Please press a key to continue the disinfection...
Hello, here I finally bring the reports:
https://pjjoint.malekal.com/files.php?id=20161204_i13x15k10x7q11 (Add)
https://pjjoint.malekal.com/files.php?id=20161204_h13v14i7b7t14 (short)
https://pjjoint.malekal.com/files.php?id=FRST_20161204_j8y5j11d13s7 (FRST)
Thank you
https://pjjoint.malekal.com/files.php?id=20161204_i13x15k10x7q11 (Add)
https://pjjoint.malekal.com/files.php?id=20161204_h13v14i7b7t14 (short)
https://pjjoint.malekal.com/files.php?id=FRST_20161204_j8y5j11d13s7 (FRST)
Thank you
Good evening, thank you and thanks again, I may be going a bit fast but Sura was no longer there... on restart.
Here is my message:
Farbar Recovery Scan Tool (x86) Version: 07-12-2016 results
Executed by bereval (13-12-2016 21:20:08) Run:1
Executed from C:\Users\bereval\Desktop
Loaded profiles: bereval (Available profiles: bereval)
Boot mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
HKLM\...\Winlogon: [LegalNoticeCaption] 81u3f4nt45y - 24.01.2007 - Surabaya
HKLM\...\Winlogon: [LegalNoticeText] Surabaya in my birthday
Don't kill me, I'm just sending a message from your computer
Thank you for accompanying me even if it was only for a moment, but it means a lot to me
Forgive me if the happiness I ask for is a friend for life
I should have understood that my presence is not by your side, just a daydream in regret
For the lover I will never have 3r1k1m0
Task: C:\Windows\Tasks\Yahoo! Powered nerid.job => Wscript.exe C:\ProgramData\{5F759A16-D537-10D0-53F1-8E92C9B3055C}\tema.txt <==== ATTENTION
C:\ProgramData\{5F759A16-D537-10D0-53F1-8E92C9B3055C}
Hosts:
EmptyTemp:
RemoveProxy:
CreateRestorePoint:
Reboot:
The restore point was created successfully.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\LegalNoticeCaption => value restored successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\LegalNoticeText => value restored successfully
Don't kill me, I'm just sending a message from your computer => Error: No automatic fix found for this item.
Thank you for accompanying me even if it was only for a moment, but it means a lot to me => Error: No automatic fix found for this item.
Forgive me if the happiness I ask for is a friend for life => Error: No automatic fix found for this item.
I should have understood that my presence is not by your side, just a daydream in regret => Error: No automatic fix found for this item.
For the lover I will never have 3r1k1m0 => Error: No automatic fix found for this item.
C:\Windows\Tasks\Yahoo! Powered nerid.job => not found.
C:\ProgramData\{5F759A16-D537-10D0-53F1-8E92C9B3055C} => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully
HKU\S-1-5-21-2427045892-3272651333-2906743465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\S-1-5-21-2427045892-3272651333-2906743465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully
========= End of RemoveProxy: =========
The restore point was created successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 175926527 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 45401800 B
Edge => 0 B
Chrome => 482988903 B
Firefox => 5942754 B
Opera => 644096 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 29588036 B
LocalService => 66228 B
NetworkService => 66868 B
bereval => 968607178 B
RecycleBin => 0 B
EmptyTemp: => 1.6 GB of temporary data deleted.
================================
The system had to restart.
Here is my message:
Farbar Recovery Scan Tool (x86) Version: 07-12-2016 results
Executed by bereval (13-12-2016 21:20:08) Run:1
Executed from C:\Users\bereval\Desktop
Loaded profiles: bereval (Available profiles: bereval)
Boot mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
HKLM\...\Winlogon: [LegalNoticeCaption] 81u3f4nt45y - 24.01.2007 - Surabaya
HKLM\...\Winlogon: [LegalNoticeText] Surabaya in my birthday
Don't kill me, I'm just sending a message from your computer
Thank you for accompanying me even if it was only for a moment, but it means a lot to me
Forgive me if the happiness I ask for is a friend for life
I should have understood that my presence is not by your side, just a daydream in regret
For the lover I will never have 3r1k1m0
Task: C:\Windows\Tasks\Yahoo! Powered nerid.job => Wscript.exe C:\ProgramData\{5F759A16-D537-10D0-53F1-8E92C9B3055C}\tema.txt <==== ATTENTION
C:\ProgramData\{5F759A16-D537-10D0-53F1-8E92C9B3055C}
Hosts:
EmptyTemp:
RemoveProxy:
CreateRestorePoint:
Reboot:
The restore point was created successfully.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\LegalNoticeCaption => value restored successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\LegalNoticeText => value restored successfully
Don't kill me, I'm just sending a message from your computer => Error: No automatic fix found for this item.
Thank you for accompanying me even if it was only for a moment, but it means a lot to me => Error: No automatic fix found for this item.
Forgive me if the happiness I ask for is a friend for life => Error: No automatic fix found for this item.
I should have understood that my presence is not by your side, just a daydream in regret => Error: No automatic fix found for this item.
For the lover I will never have 3r1k1m0 => Error: No automatic fix found for this item.
C:\Windows\Tasks\Yahoo! Powered nerid.job => not found.
C:\ProgramData\{5F759A16-D537-10D0-53F1-8E92C9B3055C} => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully
HKU\S-1-5-21-2427045892-3272651333-2906743465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\S-1-5-21-2427045892-3272651333-2906743465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully
========= End of RemoveProxy: =========
The restore point was created successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 175926527 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 45401800 B
Edge => 0 B
Chrome => 482988903 B
Firefox => 5942754 B
Opera => 644096 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 29588036 B
LocalService => 66228 B
NetworkService => 66868 B
bereval => 968607178 B
RecycleBin => 0 B
EmptyTemp: => 1.6 GB of temporary data deleted.
================================
The system had to restart.
End of Fixlog 21:23:08
Here you go, finish the rest.
It seems tedious to disinfect that one :)
--
Please press any key to continue the disinfection...
It seems tedious to disinfect that one :)
--
Please press any key to continue the disinfection...
Apparently, I had forgotten to say a big thank you in the end. Everything has finally worked out and got rid of the problems.
No worries :)
Well, it's a bit late, but for security reasons, you should have changed your passwords.
--
Please press a key to continue the disinfection...
Well, it's a bit late, but for security reasons, you should have changed your passwords.
--
Please press a key to continue the disinfection...
Alright, but passwords for what, for everything? In any case, having appreciated this life-saving help, I'm trying to run a Kaspersky scan on a laptop of someone I know because it looks particularly attacked, but nothing seems to launch, the downloads aren't working. Well, there's no Surabamachin here, but it clearly needs a major clean-up.
All web passwords, especially those stored in your web browser.
=> https://www.malekal.com/navigateurs-web-vol-mots-de-passe/
=> https://www.malekal.com/navigateurs-web-vol-mots-de-passe/