View original (French)

Removal of d2buh1bf1g584w.cloudfront.net

Solved
mireio Posted messages 15 Status Membre -  
mireio Posted messages 15 Status Membre -
Hello,

Hello,

I can't delete the file d2buh1bf1g584w.cloudfront.net.

I've used ADWCleaner and Malwarebytes Premium without results.

Furthermore, could it be the reason why I can't access Edge, Windows Store, and Radio?

Thank you in advance.

7 réponses

Réponse 1 / 7
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
Hello,

Reset/Repair the web browsers concerned by the issues:

Then:

Follow the FRST tutorial. ( take your time to read carefully - everything is well explained ).

Download and run the FRST scan, 3 FRST reports will be generated:
  • FRST.txt
  • Shortcut.txt
  • Additionnal.txt


Send these 3 reports to the website http://pjjoint.malekal.com/ and in return provide the 3 pjjoint links that lead to the reports here in a new response so that we can consult them.

--
Please press any key to continue the disinfection...
0
Réponse 2 / 7
restanco
 
Here are 2 files Additionel.txt and FRST.txt
However, I do not have a shotucut.txt.

http://pjjoint.malekal.com/files.php?id=FRST_20170409_q11x12p5d10o14

http://pjjoint.malekal.com/files.php?id=20170409_x8u15k15y7z15
0
Réponse 3 / 7
restanco
 
Et here is the shortcut.txt file: http://pjjoint.malekal.com/files.php?id=20170409_f15b15k8q7i10

See you!
0
Réponse 4 / 7
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
Uninstall these unnecessary programs:
AVG PC TuneUp
Spybot - Search & Destroy

Here is the fix to be carried out with FRST. You can refer to this explanatory note with screenshots.

Open Notepad: Windows key + R,
In the "Run" field, type notepad and OK.
Copy/Paste the following inside: 

CreateRestorePoint:
CloseProcesses:
 HKU\S-1-5-21-4140145555-2342484209-1620211677-1000\...\Run: [Chromium] => c:\users\j.p meusureux\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session 
c:\users\j.p meusureux\appdata\local\chromium
 CHR Extension: (Radioline) - C:\Users\J.P Meusureux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmbbahpghbjncifhcfpilnoojlgpklhj [2017-04-06] 
 2017-03-20 15:34 - 2017-03-20 15:34 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 
 2017-03-20 15:34 - 2017-03-20 15:34 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 
 2017-03-20 15:31 - 2017-03-20 15:31 - 00021614 _____ C:\WINDOWS\System32\Tasks\LgdYvI2xQhsT 
 2017-03-20 15:29 - 2017-03-20 15:29 - 00000000 ____D C:\WINDOWS\system32\SSL 
 2017-03-17 21:29 - 2017-03-17 21:29 - 03056321 _____ C:\WINDOWS\abec3d0a08af68cf9bc1f8a7a08fa127.exe 
Task: {98AE1E97-3F6A-461B-8EFC-3C191EA56865} - System32\Tasks\LgdYvI2xQhsT => lgdyvi2xqhst.exe 
Task: {4DB9FB8E-12E6-4B5E-B0C7-D4FDFAC67EFF} - \94iWj89zJz -> No file <==== ATTENTION
 2017-03-17 21:29 - 2017-03-17 21:29 - 03056321 _____ C:\WINDOWS\abec3d0a08af68cf9bc1f8a7a08fa127.exe 
 2017-03-17 10:06 - 2017-03-17 10:06 - 00000000 ____D C:\Program Files (x86)\Yahtzee Deluxe 
 2017-03-17 10:03 - 2012-06-18 16:28 - 00093704 _____ (GameHouse) C:\WINDOWS\system32\yahtzeeres.dll 
Task: {1A3B28EB-76A2-4E78-8E37-72D3596522D5} - \Sthiwardnerzodom -> No file <==== ATTENTION
EmptyTemp:
RemoveProxy:
Reboot:


Once the text is pasted into Notepad,
File menu then "Save as",
On the left, go to the Desktop,
In the bottom field, for the file name enter: fixlist.txt
Click "Save", this will create fixlist.txt on the Desktop.

Restart FRST and click on the "Fix" button
A restart may be necessary (not mandatory)
A text file will appear, copy/paste its content here in a new message.

Restart the computer.

2°)
Reset/Repair the affected WEB browsers having issues:

3°)
Perform a scan with Malwarebytes - Malwarebytes Anti-Malware Free Version Tutorial

--
Please press any key to continue the disinfection...
0
Réponse 5 / 7
mireio Posted messages 15 Status Membre
 
Hello

I saved fixlist.txt, restarted FRST and clicked on fix, but not on fix/correct, and a window opened saying: you don't know what to do and to avoid damaging your system the software will close.

On another note, last night I received a message saying I could install the latest version of Windows 10, which I did (it took all night) and now I have Edge, Windows Store, Radios, etc. back...

See you later, restanco
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
What do you have in your fixlist.txt file?
0
mireio Posted messages 15 Status Membre > Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention  
 
Results of the Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Executed by J.P Meusureux (10-04-2017 10:00:14) Run:1
Executed from C:\Users\J.P Meusureux\Downloads
Loaded profiles: J.P Meusureux (Available profiles: J.P Meusureux)
Boot Mode: Normal
==============================================

fixlist content:

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4140145555-2342484209-1620211677-1000\...\Run: [Chromium] => c:\users\j.p meusureux\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
c:\users\j.p meusureux\appdata\local\chromium
CHR Extension: (Radioline) - C:\Users\J.P Meusureux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmbbahpghbjncifhcfpilnoojlgpklhj [2017-04-06]
2017-03-20 15:34 - 2017-03-20 15:34 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-20 15:34 - 2017-03-20 15:34 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-20 15:31 - 2017-03-20 15:31 - 00021614 _____ C:\WINDOWS\System32\Tasks\LgdYvI2xQhsT
2017-03-20 15:29 - 2017-03-20 15:29 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-03-17 21:29 - 2017-03-17 21:29 - 03056321 _____ C:\WINDOWS\abec3d0a08af68cf9bc1f8a7a08fa127.exe
Task: {98AE1E97-3F6A-461B-8EFC-3C191EA56865} - System32\Tasks\LgdYvI2xQhsT => lgdyvi2xqhst.exe
Task: {4DB9FB8E-12E6-4B5E-B0C7-D4FDFAC67EFF} - \94iWj89zJz -> No file <==== ATTENTION
2017-03-17 21:29 - 2017-03-17 21:29 - 03056321 _____ C:\WINDOWS\abec3d0a08af68cf9bc1f8a7a08fa127.exe
2017-03-17 10:06 - 2017-03-17 10:06 - 00000000 ____D C:\Program Files (x86)\Yahtzee Deluxe
2017-03-17 10:03 - 2012-06-18 16:28 - 00093704 _____ (GameHouse) C:\WINDOWS\system32\yahtzeeres.dll
Task: {1A3B28EB-76A2-4E78-8E37-72D3596522D5} - \Sthiwardnerzodom -> No file <==== ATTENTION
EmptyTemp:
RemoveProxy:
Reboot:


I uninstalled AVG and Spybot using Revo Uninstaller.

Thank you for your patience.
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711 > mireio Posted messages 15 Status Membre
 
Okay, so what problems are left?
0
mireio Posted messages 15 Status Membre > Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention  
 
The MalwareBytes alert regarding the file d2buh1bf1g584w-cloudfront-net doesn't seem to be appearing anymore, so I think everything is resolved.

Thank you again for your help.
Have a great rest of the day.
0
Réponse 6 / 7
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
super =)

Delete the folder C:\FRST

Finish with a cleanup using Malwarebytes - Malwarebytes Anti-Malware Free Version Tutorial

Some advice:

To avoid getting caught again.
Read - Potentially Unwanted Programs / PUPs: Adware/PUPs: Unwanted and Invasive Programs Folder
(Especially enable LPI detections to identify invasive and adware programs)

--
Please press any key to continue the disinfection...
0
Réponse 7 / 7
mireio Posted messages 15 Status Membre
 
Thank you again.
0