Uninstall WinThruster
Solved
Chris67550
Posted messages
15
Status
Membre
-
Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention -
Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention -
Hello,
The WinThruster program installed itself without my knowledge during a download. It is known to be malicious. I cannot uninstall it because it does not appear in any uninstallation list, either in Windows or in any of the uninstallers I have used. What should I do? Thank you in advance
Configuration: Windows / Chrome 61.0.3163.100
The WinThruster program installed itself without my knowledge during a download. It is known to be malicious. I cannot uninstall it because it does not appear in any uninstallation list, either in Windows or in any of the uninstallers I have used. What should I do? Thank you in advance
Configuration: Windows / Chrome 61.0.3163.100
2 réponses
Hi,
This is a useless cleaning software, for more info read: https://www.malekal.com/logiciels-nettoyage-windows/
Start with this:
Follow the FRST tutorial. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:
Send these 3 reports to the website https://pjjoint.malekal.com/ to share them.
In return, provide the 3 pjjoint links that lead to the reports here in a new reply so that we can consult them.
--
Please press a key to continue the disinfection...
This is a useless cleaning software, for more info read: https://www.malekal.com/logiciels-nettoyage-windows/
Start with this:
Follow the FRST tutorial. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:
- FRST.txt
- Shortcut.txt
- Additionnal.txt
Send these 3 reports to the website https://pjjoint.malekal.com/ to share them.
In return, provide the 3 pjjoint links that lead to the reports here in a new reply so that we can consult them.
--
Please press a key to continue the disinfection...
Go to the Control Panel
then Programs and Features.
Uninstall all NTI programs (unless you are using them)
Try uninstalling WinThruster
Here is the fix to perform with FRST. You can refer to this explanatory note with screenshots.
Restart FRST, then on your keyboard press the CTRL + Y keys.
The notepad will open, copy/paste this.
Save the content from the file menu and then save.
Close the notepad, return to FRST, and click the "Fix" button
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.
Restart the computer.
--
Please press any key to continue the disinfection...
then Programs and Features.
Uninstall all NTI programs (unless you are using them)
Try uninstalling WinThruster
Here is the fix to perform with FRST. You can refer to this explanatory note with screenshots.
Restart FRST, then on your keyboard press the CTRL + Y keys.
The notepad will open, copy/paste this.
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [CommonToolkitTray_Solvusoft] => C:\Program Files\Solvusoft\Tray\SolvusoftTray.exe [1685144 2017-11-09] (Solvusoft Corporation)
HKLM\...\Policies\Explorer\Run: [] => 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [] => [X]
2017-11-12 21:56 - 2017-12-08 22:03 - 000000150 _____ C:\WINDOWS\Reimage.ini
2017-12-08 22:13 - 2017-12-08 22:13 - 000000376 _____ C:\WINDOWS\Tasks\WinThruster-User-Startup.job
2017-12-08 22:12 - 2017-12-08 22:12 - 000001780 _____ C:\Documents and Settings\All Users\Desktop\WinThruster.lnk
2017-12-08 22:12 - 2017-12-08 22:12 - 000000388 _____ C:\WINDOWS\Tasks\WinThruster-User-Notification.job
2017-12-08 22:12 - 2017-12-08 22:12 - 000000000 ____D C:\Program Files\Solvusoft
2017-12-08 22:12 - 2017-12-08 22:12 - 000000000 ____D C:\Documents and Settings\User\Application Data\Solvusoft
2017-12-08 22:12 - 2017-12-08 22:12 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Solvusoft
2017-12-08 22:11 - 2017-12-08 22:12 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Solvusoft
Task: C:\WINDOWS\Tasks\WinThruster-User-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WinThruster-User-Startup.job => C:\Program Files\Solvusoft\WinThruster\WinThruster.exe <==== ATTENTION
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Save the content from the file menu and then save.
Close the notepad, return to FRST, and click the "Fix" button
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.
Restart the computer.
--
Please press any key to continue the disinfection...
Farbar Recovery Scan Tool (x86) Version: 08-12-2017 Results
Executed by User (09-12-2017 09:57:10) Run:2
Executed from C:\Documents and Settings\User\Desktop
Loaded Profiles: User & Administrator (Available Profiles: User & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [CommonToolkitTray_Solvusoft] => C:\Program Files\Solvusoft\Tray\SolvusoftTray.exe [1685144 2017-11-09] (Solvusoft Corporation)
HKLM\...\Policies\Explorer\Run: [] => 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== WARNING
HKU\S-1-5-19\...\RunOnce: [] => [X]
2017-11-12 21:56 - 2017-12-08 22:03 - 000000150 _____ C:\WINDOWS\Reimage.ini
2017-12-08 22:13 - 2017-12-08 22:13 - 000000376 _____ C:\WINDOWS\Tasks\WinThruster-User-Startup.job
2017-12-08 22:12 - 2017-12-08 22:12 - 000001780 _____ C:\Documents and Settings\All Users\Desktop\WinThruster.lnk
2017-12-08 22:12 - 2017-12-08 22:12 - 000000388 _____ C:\WINDOWS\Tasks\WinThruster-User-Notification.job
2017-12-08 22:12 - 2017-12-08 22:12 - 000000000 ____D C:\Program Files\Solvusoft
2017-12-08 22:12 - 2017-12-08 22:12 - 000000000 ____D C:\Documents and Settings\User\Application Data\Solvusoft
2017-12-08 22:12 - 2017-12-08 22:12 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Solvusoft
2017-12-08 22:11 - 2017-12-08 22:12 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Solvusoft
Task: C:\WINDOWS\Tasks\WinThruster-User-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== WARNING
Task: C:\WINDOWS\Tasks\WinThruster-User-Startup.job => C:\Program Files\Solvusoft\WinThruster\WinThruster.exe <==== WARNING
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Restore Point created successfully.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CommonToolkitTray_Solvusoft => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ => value deleted successfully
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => deleted successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => value deleted successfully
C:\WINDOWS\Reimage.ini => moved successfully
"C:\WINDOWS\Tasks\WinThruster-User-Startup.job" => not found.
"C:\Documents and Settings\All Users\Desktop\WinThruster.lnk" => not found.
"C:\WINDOWS\Tasks\WinThruster-User-Notification.job" => not found.
"C:\Program Files\Solvusoft" => not found.
"C:\Documents and Settings\User\Application Data\Solvusoft" => not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\Solvusoft" => not found.
"C:\Documents and Settings\All Users\Application Data\Solvusoft" => not found.
C:\WINDOWS\Tasks\WinThruster-User-Notification.job => not found.
C:\WINDOWS\Tasks\WinThruster-User-Startup.job => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\S-1-5-21-776026035-4259753719-1848693177-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\S-1-5-21-776026035-4259753719-1848693177-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 13381 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache => 172449 B
Java, Flash, Steam htmlcache => 49134 B
Windows/system/dllcache/drivers => 150090132 B
Edge => 0 B
Chrome => 398104858 B
Firefox => 52281221 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 82564 B
All Users => 0 B
systemprofile => 575652537 B
LocalService => 6181427 B
NetworkService => 82674 B
User => 216748907 B
Administrator => 49528 B
RecycleBin => 1238596 B
EmptyTemp: => 1.3 GB temporary data deleted.
================================
The system had to be restarted.
Executed by User (09-12-2017 09:57:10) Run:2
Executed from C:\Documents and Settings\User\Desktop
Loaded Profiles: User & Administrator (Available Profiles: User & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [CommonToolkitTray_Solvusoft] => C:\Program Files\Solvusoft\Tray\SolvusoftTray.exe [1685144 2017-11-09] (Solvusoft Corporation)
HKLM\...\Policies\Explorer\Run: [] => 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <==== WARNING
HKU\S-1-5-19\...\RunOnce: [] => [X]
2017-11-12 21:56 - 2017-12-08 22:03 - 000000150 _____ C:\WINDOWS\Reimage.ini
2017-12-08 22:13 - 2017-12-08 22:13 - 000000376 _____ C:\WINDOWS\Tasks\WinThruster-User-Startup.job
2017-12-08 22:12 - 2017-12-08 22:12 - 000001780 _____ C:\Documents and Settings\All Users\Desktop\WinThruster.lnk
2017-12-08 22:12 - 2017-12-08 22:12 - 000000388 _____ C:\WINDOWS\Tasks\WinThruster-User-Notification.job
2017-12-08 22:12 - 2017-12-08 22:12 - 000000000 ____D C:\Program Files\Solvusoft
2017-12-08 22:12 - 2017-12-08 22:12 - 000000000 ____D C:\Documents and Settings\User\Application Data\Solvusoft
2017-12-08 22:12 - 2017-12-08 22:12 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Solvusoft
2017-12-08 22:11 - 2017-12-08 22:12 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Solvusoft
Task: C:\WINDOWS\Tasks\WinThruster-User-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== WARNING
Task: C:\WINDOWS\Tasks\WinThruster-User-Startup.job => C:\Program Files\Solvusoft\WinThruster\WinThruster.exe <==== WARNING
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Restore Point created successfully.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CommonToolkitTray_Solvusoft => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ => value deleted successfully
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => deleted successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => value deleted successfully
C:\WINDOWS\Reimage.ini => moved successfully
"C:\WINDOWS\Tasks\WinThruster-User-Startup.job" => not found.
"C:\Documents and Settings\All Users\Desktop\WinThruster.lnk" => not found.
"C:\WINDOWS\Tasks\WinThruster-User-Notification.job" => not found.
"C:\Program Files\Solvusoft" => not found.
"C:\Documents and Settings\User\Application Data\Solvusoft" => not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\Solvusoft" => not found.
"C:\Documents and Settings\All Users\Application Data\Solvusoft" => not found.
C:\WINDOWS\Tasks\WinThruster-User-Notification.job => not found.
C:\WINDOWS\Tasks\WinThruster-User-Startup.job => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\S-1-5-21-776026035-4259753719-1848693177-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully
HKU\S-1-5-21-776026035-4259753719-1848693177-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 13381 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache => 172449 B
Java, Flash, Steam htmlcache => 49134 B
Windows/system/dllcache/drivers => 150090132 B
Edge => 0 B
Chrome => 398104858 B
Firefox => 52281221 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 82564 B
All Users => 0 B
systemprofile => 575652537 B
LocalService => 6181427 B
NetworkService => 82674 B
User => 216748907 B
Administrator => 49528 B
RecycleBin => 1238596 B
EmptyTemp: => 1.3 GB temporary data deleted.
================================
The system had to be restarted.
End of Fixlog 09:59:42
Reset/Repair the web browsers concerned by the issues:
- Repair Google Chrome (only the first paragraph).
Thanks again.
I recover old computers at work and I feel like a lot of things are outdated; that's why while trying to find an update for Vista, I ended up downloading Winthruster which is described as THE miracle solution. Nonsense..!
So here it is, I'm interested in the FRST scan; it's not the first time I've heard about it and I would like to know if you allow me to copy the reports here, in order to get your help?
Thank you in advance for your understanding :)
yes of course, give the attached links and I will give you the corrections made.
FRST https://pjjoint.malekal.com/files.php?id=FRST_20171209_y12x9k12k11f8
ADDITION https://pjjoint.malekal.com/files.php?id=20171209_j5d515o12z13
SHORTCUT https://pjjoint.malekal.com/files.php?id=20171209_n5t13i15r11s12
I look forward to hearing from you :)