WinThruster: Potentially Infected PC
Emmaki
Posted messages
44
Status
Membre
-
Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention -
Malekal_morte- Posted messages 178136 Registration date Status Modérateur, Contributeur sécurité Last intervention -
Hello everyone,
I'm reaching out for your help because my computer is dying...
A few weeks ago, my computer started acting up, wouldn't boot, black screens, etc...
So I decided to try resetting it to factory settings, or at least I thought so, because when my computer "resurrected," the memory was completely full and I had to delete files before adding any.
For a few days now, it seems infected, very slow, black screen at times,...
I ran an Avast scan: nothing alarming
I downloaded WinThruster: detected more than 200 errors including a Trojan but only 25 were fixed because the software isn't free.
This morning, when I turned on my computer, I noticed it's lagging, so I decided to consult Google once more and downloaded RogueKiller but I couldn't launch the setup.
Moreover, I can no longer launch Avast, CCleaner, or any other applications on my computer. At startup, several error messages appear regarding .exe files.
Additionally, I manage to access the control panel but there's no response when I click on uninstall a program.
Could someone kindly give me some leads?
Thank you
Emma
Configuration: Windows / Chrome 63.0.3239.84
I'm reaching out for your help because my computer is dying...
A few weeks ago, my computer started acting up, wouldn't boot, black screens, etc...
So I decided to try resetting it to factory settings, or at least I thought so, because when my computer "resurrected," the memory was completely full and I had to delete files before adding any.
For a few days now, it seems infected, very slow, black screen at times,...
I ran an Avast scan: nothing alarming
I downloaded WinThruster: detected more than 200 errors including a Trojan but only 25 were fixed because the software isn't free.
This morning, when I turned on my computer, I noticed it's lagging, so I decided to consult Google once more and downloaded RogueKiller but I couldn't launch the setup.
Moreover, I can no longer launch Avast, CCleaner, or any other applications on my computer. At startup, several error messages appear regarding .exe files.
Additionally, I manage to access the control panel but there's no response when I click on uninstall a program.
Could someone kindly give me some leads?
Thank you
Emma
Configuration: Windows / Chrome 63.0.3239.84
5 réponses
Hello,
By the way... I want to mention that the new versions of Avast frequently cause the error 0xc0000005.
Wishing you an excellent evening,
-Kragenskul
By the way... I want to mention that the new versions of Avast frequently cause the error 0xc0000005.
Wishing you an excellent evening,
-Kragenskul
Emmaki
Posted messages
44
Status
Membre
Ok thanks, got it!
Anonymous user
You're welcome.
Hi,
WinThruster is useless, read: https://www.malekal.com/logiciels-nettoyage-windows/
Uninstall it.
Perform a cleanup with Malwarebytes - Malwarebytes Anti-Malware free version tutorial
then:
Follow the FRST tutorial. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:
Send these 3 reports to the site https://pjjoint.malekal.com/ to share them.
In return, provide the 3 pjjoint links leading to the reports here in a new response so that we can review them.
--
Please press any key to continue the disinfection...
WinThruster is useless, read: https://www.malekal.com/logiciels-nettoyage-windows/
Uninstall it.
Perform a cleanup with Malwarebytes - Malwarebytes Anti-Malware free version tutorial
then:
Follow the FRST tutorial. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:
- FRST.txt
- Shortcut.txt
- Additionnal.txt
Send these 3 reports to the site https://pjjoint.malekal.com/ to share them.
In return, provide the 3 pjjoint links leading to the reports here in a new response so that we can review them.
--
Please press any key to continue the disinfection...
Thank you for your quick response!
I'm already stuck at step 1. I'm unable to click on uninstall a program, so I can't temporarily uninstall WinThruster.
On the other hand, when I try to launch the Malwarebytes setup, the following error message appears (in a new small window titled mbam.exe - Application Error): The application failed to start correctly (0xc0000005).
Click OK to close the application.
I'm already stuck at step 1. I'm unable to click on uninstall a program, so I can't temporarily uninstall WinThruster.
On the other hand, when I try to launch the Malwarebytes setup, the following error message appears (in a new small window titled mbam.exe - Application Error): The application failed to start correctly (0xc0000005).
Click OK to close the application.
https://pjjoint.malekal.com/files.php?id=FRST_20171219_r10g15z14y13w9
https://pjjoint.malekal.com/files.php?id=20171219_o11u5u8v13x11
https://pjjoint.malekal.com/files.php?id=20171219_k5j8n14i12d10
Thank you very much for your help!
It should be noted that this analysis was launched in safe mode because the PC shut down and the screen went black after attempting to turn it on three times.
Just for your information, I forgot to mention in my first post that the USB devices are no longer recognized by my PC at all.
https://pjjoint.malekal.com/files.php?id=20171219_o11u5u8v13x11
https://pjjoint.malekal.com/files.php?id=20171219_k5j8n14i12d10
Thank you very much for your help!
It should be noted that this analysis was launched in safe mode because the PC shut down and the screen went black after attempting to turn it on three times.
Just for your information, I forgot to mention in my first post that the USB devices are no longer recognized by my PC at all.
Not infected
You have programs that were installed at the time of purchase or installed later that are not necessarily useful.
They clutter Windows and can slow it down.
You can therefore uninstall them.
Go to Control Panel
then Programs and Features.
Uninstall:
CCleaner
Dropbox
Emsisoft Anti-Malware
WildTangent Games App
WinThruster
PS: CCleaner is not really useful, even though it is recommended everywhere.
Disable CCleaner's monitoring, unnecessary, it starts up with Windows and slows it down with its incessant cleanings, see: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/
Here is the correction to be made with FRST. You can use this explanatory note with screenshots.
Restart FRST then on your keyboard press the CTRL + Y key.
Notepad will open, copy/paste this.
Save the content from the file menu then save.
Close Notepad, go back to FRST and click the "Fix" button.
A restart may be necessary and automatic.
A text file appears, copy/paste the content here in a new message.
Restart the computer.
--
Please press any key to continue the disinfection...
You have programs that were installed at the time of purchase or installed later that are not necessarily useful.
They clutter Windows and can slow it down.
You can therefore uninstall them.
Go to Control Panel
then Programs and Features.
Uninstall:
CCleaner
Dropbox
Emsisoft Anti-Malware
WildTangent Games App
WinThruster
PS: CCleaner is not really useful, even though it is recommended everywhere.
Disable CCleaner's monitoring, unnecessary, it starts up with Windows and slows it down with its incessant cleanings, see: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/
Here is the correction to be made with FRST. You can use this explanatory note with screenshots.
Restart FRST then on your keyboard press the CTRL + Y key.
Notepad will open, copy/paste this.
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [CommonToolkitTray_Solvusoft] => C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe [1685144 2017-11-09] (Solvusoft Corporation)
2017-12-18 14:46 - 2017-12-19 10:49 - 000000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2017-12-18 14:46 - 2017-12-18 14:46 - 000001095 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-12-18 14:46 - 2017-12-18 14:46 - 000000000 ____D C:\Users\Emma\Documents\Anti-Malware
2017-12-18 14:46 - 2017-12-18 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-12-18 14:44 - 2017-12-18 14:45 - 232169488 _____ (Emsisoft GmbH ) C:\Users\Emma\Downloads\EmsisoftAntiMalwareSetup_solvusoft.exe
2017-12-18 14:44 - 2017-12-18 14:44 - 023195976 _____ (Solvusoft Corporation) C:\Users\Emma\Downloads\Setup_WinThruster_2017 (3).exe
2017-12-18 14:44 - 2017-12-18 14:44 - 023195976 _____ (Solvusoft Corporation) C:\Users\Emma\Downloads\Setup_WinThruster_2017 (2).exe
2017-12-18 14:40 - 2017-12-19 10:49 - 000000366 _____ C:\Windows\Tasks\WinThruster64-Emma-Startup.job
2017-12-18 14:40 - 2017-12-18 14:40 - 000002742 _____ C:\Windows\System32\Tasks\WinThruster64-Emma-Startup
2017-12-18 14:37 - 2017-12-19 10:49 - 000000374 _____ C:\Windows\Tasks\WinThruster64-Emma-Notification.job
2017-12-18 14:37 - 2017-12-18 14:37 - 000003434 _____ C:\Windows\System32\Tasks\WinThruster64-Emma-Notification
2017-12-18 14:36 - 2017-12-18 14:36 - 000002019 _____ C:\Users\Public\Desktop\WinThruster.lnk
2017-12-18 14:36 - 2017-12-18 14:36 - 000000000 ____D C:\Users\Emma\AppData\Roaming\Solvusoft
2017-12-18 14:36 - 2017-12-18 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
2017-12-18 14:36 - 2017-12-18 14:36 - 000000000 ____D C:\Program Files\Solvusoft
2017-12-18 14:36 - 2017-12-18 14:36 - 000000000 ____D C:\Program Files (x86)\Solvusoft
2017-12-18 14:35 - 2017-12-18 14:36 - 000000000 ____D C:\ProgramData\Solvusoft
2017-12-18 14:35 - 2017-12-18 14:35 - 023195976 _____ (Solvusoft Corporation) C:\Users\Emma\Downloads\Setup_WinThruster_2017.exe
2017-12-18 14:35 - 2017-12-18 14:35 - 023195976 _____ (Solvusoft Corporation) C:\Users\Emma\Downloads\Setup_WinThruster_2017 (1).exe
2017-12-18 14:24 - 2017-12-18 14:24 - 000000000 ____D C:\Users\Emma\AppData\Local\{8A6975DC-466A-400A-919B-1D63085D8F53}
2017-12-18 14:24 - 2017-12-18 14:24 - 000000000 ____D C:\Users\Emma\AppData\Local\{5B3C45DE-9716-46D9-863E-7EAB29096025}
2017-12-18 14:15 - 2017-12-18 14:15 - 000000000 ____D C:\Users\Emma\Downloads\ophcrack-3.7.0-bin
2017-12-18 14:14 - 2017-12-18 14:14 - 013053668 _____ C:\Users\Emma\Downloads\ophcrack-3.7.0-bin.zip
Task: C:\Windows\Tasks\WinThruster64-Emma-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== ATTENTION
Task: C:\Windows\Tasks\WinThruster64-Emma-Startup.job => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== ATTENTION
C:\Program Files\Solvusoft\
EmptyTemp:
RemoveProxy:
Reboot:
Save the content from the file menu then save.
Close Notepad, go back to FRST and click the "Fix" button.
A restart may be necessary and automatic.
A text file appears, copy/paste the content here in a new message.
Restart the computer.
--
Please press any key to continue the disinfection...
Results of the correction from Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Executed by Emma (19-12-2017 11:50:28) Run:1
Executed from C:\Users\Emma\Downloads
Loaded profiles: Emma (Available profiles: Emma)
Boot mode: Safe Mode (with Networking)
==============================================
fixlist contents:
I will restart the PC and check its effectiveness.
I will also try to uninstall unnecessary programs after the restart as it is currently impossible.
Thank you!
Emma
Executed by Emma (19-12-2017 11:50:28) Run:1
Executed from C:\Users\Emma\Downloads
Loaded profiles: Emma (Available profiles: Emma)
Boot mode: Safe Mode (with Networking)
==============================================
fixlist contents:
End of Fixlog 11:50:28
Thank you!I will restart the PC and check its effectiveness.
I will also try to uninstall unnecessary programs after the restart as it is currently impossible.
Thank you!
Emma
After restarting, you have to wait, wait, wait some more...
When the session finally opens, the slightest action leads to a new small window titled Microsoft Windows that informs you that the application is taking an incredibly long time to respond but that you can still wait.
I decide to restart the PC, and since then, I can no longer open the Windows session after entering my password. The welcome message is there, but nothing happens.
I have access to Windows in safe mode. Still unable to uninstall programs.
USB devices are still not detected.
When the session finally opens, the slightest action leads to a new small window titled Microsoft Windows that informs you that the application is taking an incredibly long time to respond but that you can still wait.
I decide to restart the PC, and since then, I can no longer open the Windows session after entering my password. The welcome message is there, but nothing happens.
I have access to Windows in safe mode. Still unable to uninstall programs.
USB devices are still not detected.
ok test by uninstalling Avast! to see.
Install "Real Temp" or "Coretemp" to monitor the temperature of the computer.
See how high the temperature rises during use. It should not exceed 60 degrees Celsius. If possible, attach a screenshot of the software to the message.
First, check the hard drive: How to check the health of the hard drive
For example with CrystalDiskInfo.
Open the task manager
In the bottom left, click on show all processes/details, if present.
Click on the Processes tab.
(If you are on Windows 7: Click at the bottom on "show all processes of all users").
Click on the CPU/Processor column to sort processes by CPU usage.
Provide screenshots of the task manager.
--
Please press a key to continue the disinfection...
Install "Real Temp" or "Coretemp" to monitor the temperature of the computer.
See how high the temperature rises during use. It should not exceed 60 degrees Celsius. If possible, attach a screenshot of the software to the message.
First, check the hard drive: How to check the health of the hard drive
For example with CrystalDiskInfo.
Open the task manager
In the bottom left, click on show all processes/details, if present.
Click on the Processes tab.
(If you are on Windows 7: Click at the bottom on "show all processes of all users").
Click on the CPU/Processor column to sort processes by CPU usage.
Provide screenshots of the task manager.
--
Please press a key to continue the disinfection...
The PC crashes again when I try to uninstall a program, launch a program (e.g. Avast to uninstall it), or when I want to type Task Manager in the start menu.
Ctrl+Alt+Delete doesn't do anything either.
I managed to run CrystalDiskInfo in safe mode, everything seems fine. The temperature is also good. I also ordered a disk check at startup by typing the command in CMD, the disk is clean.
Ctrl+Alt+Delete doesn't do anything either.
I managed to run CrystalDiskInfo in safe mode, everything seems fine. The temperature is also good. I also ordered a disk check at startup by typing the command in CMD, the disk is clean.
Perform a checkdisk via the command line.
You need to enter the following command in an elevated command prompt:
This will prompt you to perform the analysis on Windows restart, accept.
And if it continues to crash, reinstall Windows 7 and see how it behaves.
You need to enter the following command in an elevated command prompt:
chkdsk c: /R /F
This will prompt you to perform the analysis on Windows restart, accept.
And if it continues to crash, reinstall Windows 7 and see how it behaves.
Hello, this is what I meant by "I ordered a disk check at startup. So that's done too.
The response was:
checking the file system on c:
The file system type is NTFS.
The volume is clean.
I have photos of the results from Crystaldisk and the execution of chkdsk but I don't know how to attach them to my message here.
Thanks again and again for your help!
On another note, I entered the task manager in safe mode and found a bunch of things ending with .exe, here is the list:
AppleChromedav
Apsdaemon
(lots of) chrome
cmd
conhost
(two) csrss
ctfmon
explorer
icloudservices
Isass
Ism
System idle process
secd
services
smss
(lots of) svchost
system
taskmgr
wininit
winlogon
All of this with:
Show processes from all users checked.
The response was:
checking the file system on c:
The file system type is NTFS.
The volume is clean.
I have photos of the results from Crystaldisk and the execution of chkdsk but I don't know how to attach them to my message here.
Thanks again and again for your help!
On another note, I entered the task manager in safe mode and found a bunch of things ending with .exe, here is the list:
AppleChromedav
Apsdaemon
(lots of) chrome
cmd
conhost
(two) csrss
ctfmon
explorer
icloudservices
Isass
Ism
System idle process
secd
services
smss
(lots of) svchost
system
taskmgr
wininit
winlogon
All of this with:
Show processes from all users checked.