ADWARE/Zdengo.xor zz

Solved
Tony.T7685 Posted messages 13 Status Member -  
Tony.T7685 Posted messages 13 Status Member -
Hello everyone,

I'm on my son's PC, and he reported that the AVIRA antivirus keeps indicating the same positive result: ADWARE/Zdengo.xor zz. I ran the antivirus and indeed, every time the PC starts, AVIRA detects a positive result. I launched adwcleaner, which found 55 issues that it fixed, I restarted the PC, but the problem is still there. I've looked up information online about this adware, and it doesn't seem good at all, but I can't seem to get rid of it. Can someone help me?

Best regards

8 answers

  1. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    Hello,

    Give the Antivir scan report to start with,

    then:

    To check the computer, I invite you to perform this FRST analysis and return the reports:

    Follow the FRST tutorial. ( take the time to read carefully - everything is well explained ).

    Download and run the FRST scan,
    Wait for the scan to finish, a message will indicate that the analysis is complete.

    Three FRST reports will be generated:
    • FRST.txt
    • Shortcut.txt
    • Additional.txt


    Send these 3 reports to the site https://pjjoint.malekal.com/ to share them.
    In return, provide the 3 pjjoint links that lead to the reports here in a new response so that we can consult them.

    --
    Please press a key to continue the disinfection...
    0
  2. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    Here is the correction to perform with FRST. You can refer to this explanatory note with screenshots.
    Restart FRST, then press the CTRL + Y keys on your keyboard.
    The notepad will open, copy/paste this.

    CreateRestorePoint:
    CloseProcesses:
    S2 YWI5OWNjNDA4ZDh; C:\Program Files\YWI5OWNjNDA4ZDh\YWJhZjJhNDM0YTY.exe [2938512 2018-10-16] ()
    R2 MzM0Zjlk; rundll32.exe C:\WINDOWS\vykdzfnx.rykd gcplm [X]
    2018-10-16 14:43 - 2018-10-16 14:43 - 000899072 _____ C:\WINDOWS\nocutxyqn.docu
    2018-10-16 12:04 - 2018-10-16 12:04 - 000102952 _____ C:\WINDOWS\system32\Drivers\MjYzNzZ
    2018-10-16 12:04 - 2018-10-16 12:04 - 000096519 _____ C:\WINDOWS\uninstaller.dat
    2018-10-15 10:28 - 2018-10-15 10:28 - 001911296 _____ C:\WINDOWS\ZmJjZjg2NDI3ZTU2MmQ2.exe
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
    S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
    S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
    C:\Windows\system32\mfevtps.exe
    C:\WINDOWS\System32\drivers\cfwids.sys
    C:\WINDOWS\System32\drivers\mfeapfk.sys
    C:\WINDOWS\System32\drivers\mfeavfk.sys
    C:\WINDOWS\System32\drivers\mfeelamk.sys
    C:\WINDOWS\System32\drivers\mfefirek.sys
    C:\WINDOWS\System32\drivers\mfehidk.sys
    C:\WINDOWS\System32\drivers\mfewfpk.sys
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
    C:\Program Files\Common Files\McAfee
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
    Hosts:
    EmptyTemp:
    RemoveProxy:
    Reboot:


    Save the content from the file menu then save.

    Close the notepad, go back to FRST and click on the "Fix" button.
    A restart may be necessary and automatic.
    A text file will appear, copy/paste the content here in a new message.

    Restart the computer.

    --
    Please press a key to continue the disinfection...
    0
  3. Tony.T7685 Posted messages 13 Status Member
     
    Results of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
    Executed by Tony (17-10-2018 09:59:40) Run:1
    Executed from C:\Users\Tony\Desktop
    Loaded profiles: UpdatusUser & Tony (Available profiles: UpdatusUser & Tony & Administrator)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    CreateRestorePoint:
    CloseProcesses:
    S2 YWI5OWNjNDA4ZDh; C:\Program Files\YWI5OWNjNDA4ZDh\YWJhZjJhNDM0YTY.exe [2938512 2018-10-16] ()
    R2 MzM0Zjlk; rundll32.exe C:\WINDOWS\vykdzfnx.rykd gcplm [X]
    2018-10-16 14:43 - 2018-10-16 14:43 - 000899072 _____ C:\WINDOWS\nocutxyqn.docu
    2018-10-16 12:04 - 2018-10-16 12:04 - 000102952 _____ C:\WINDOWS\system32\Drivers\MjYzNzZ
    2018-10-16 12:04 - 2018-10-16 12:04 - 000096519 _____ C:\WINDOWS\uninstaller.dat
    2018-10-15 10:28 - 2018-10-15 10:28 - 001911296 _____ C:\WINDOWS\ZmJjZjg2NDI3ZTU2MmQ2.exe
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
    S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
    S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
    C:\Windows\system32\mfevtps.exe
    C:\WINDOWS\System32\drivers\cfwids.sys
    C:\WINDOWS\System32\drivers\mfeapfk.sys
    C:\WINDOWS\System32\drivers\mfeavfk.sys
    C:\WINDOWS\System32\drivers\mfeelamk.sys
    C:\WINDOWS\System32\drivers\mfefirek.sys
    C:\WINDOWS\System32\drivers\mfehidk.sys
    C:\WINDOWS\System32\drivers\mfewfpk.sys
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
    C:\Program Files\Common Files\McAfee
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
    Hosts:
    EmptyTemp:
    RemoveProxy:
    Reboot:

    The restore point was created successfully.
    0
  4. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    It should be good.
    You have specific things to see.

    --
    Please press any key to continue the disinfection...
    0
  5. Tony.T7685 Posted messages 13 Status Member
     
    Uh no, since I don't use this old PC :) Thank you for your help and the patience you show towards losers like me ;)
    Thank you
    0
  6. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    You're welcome :)

    --
    Please press any key to continue the disinfection...
    0
  7. Tony.T7685 Posted messages 13 Status Member
     
    Hello Malekal,

    I don't know if the current problem is related to the previous messages, but since yesterday, whenever my son turns on his VPN (IPVANISH), he has network issues. He disables it, then reactivates it. It works perfectly, then the network cuts reappear gradually.

    I have no answer to provide him regarding his problem.

    Best regards.
    0
    1. Tony.T7685 Posted messages 13 Status Member
       
      In additional data, he told me that several times his firewall had been disabled. He reactivated it, but nothing changed regarding his problem. Regards.
      0
    2. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
       
      You just need not to use a VPN for what it's worth.
      0
    3. Tony.T7685 Posted messages 13 Status Member
       
      That's his problem, not mine ;)
      0
    4. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712 > Tony.T7685 Posted messages 13 Status Member
       
      Yes, and we are lacking information as well :)

      Delete the folder C:\FRST


      Finish with a cleanup Malwarebytes - Malwarebytes Anti-Malware Free Version Tutorial
      Avoid regular scans and cleanings with ZHPCleaner, AdwCleaner, unnecessary.

      A few tips:

      To avoid being scammed again.
      To read - PUPs / potentially unwanted programs: Adwares/PUPs file: unwanted and parasitic programs
      (Especially enable LPI detections to detect parasitic and adware programs)
      0
    5. Tony.T7685 Posted messages 13 Status Member
       
      Adwcleaner? not useful? I thought it was effective :) especially since it's part of the Malwarebytes group now :)
      0