ADWARE/Zdengo.xor zz
Solved
Tony.T7685
Posted messages
13
Status
Member
-
Tony.T7685 Posted messages 13 Status Member -
Tony.T7685 Posted messages 13 Status Member -
Hello everyone,
I'm on my son's PC, and he reported that the AVIRA antivirus keeps indicating the same positive result: ADWARE/Zdengo.xor zz. I ran the antivirus and indeed, every time the PC starts, AVIRA detects a positive result. I launched adwcleaner, which found 55 issues that it fixed, I restarted the PC, but the problem is still there. I've looked up information online about this adware, and it doesn't seem good at all, but I can't seem to get rid of it. Can someone help me?
Best regards
I'm on my son's PC, and he reported that the AVIRA antivirus keeps indicating the same positive result: ADWARE/Zdengo.xor zz. I ran the antivirus and indeed, every time the PC starts, AVIRA detects a positive result. I launched adwcleaner, which found 55 issues that it fixed, I restarted the PC, but the problem is still there. I've looked up information online about this adware, and it doesn't seem good at all, but I can't seem to get rid of it. Can someone help me?
Best regards
8 answers
-
Hello,
Give the Antivir scan report to start with,
then:
To check the computer, I invite you to perform this FRST analysis and return the reports:
Follow the FRST tutorial. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:- FRST.txt
- Shortcut.txt
- Additional.txt
Send these 3 reports to the site https://pjjoint.malekal.com/ to share them.
In return, provide the 3 pjjoint links that lead to the reports here in a new response so that we can consult them.
--
Please press a key to continue the disinfection... -
Hello Malekal,
Attached are the 3 links for the requested reports:
FRST.txt:
https://pjjoint.malekal.com/files.php?id=FRST_20181016_c10t10k6l5h10
SHORTCUT.txt:
https://pjjoint.malekal.com/files.php?id=20181016_x5m66u14h9
ADDITIONNAL.txt:
https://pjjoint.malekal.com/files.php?id=20181016_z15b128m5o13
Best regards -
Here is the correction to perform with FRST. You can refer to this explanatory note with screenshots.
Restart FRST, then press the CTRL + Y keys on your keyboard.
The notepad will open, copy/paste this.
CreateRestorePoint:
CloseProcesses:
S2 YWI5OWNjNDA4ZDh; C:\Program Files\YWI5OWNjNDA4ZDh\YWJhZjJhNDM0YTY.exe [2938512 2018-10-16] ()
R2 MzM0Zjlk; rundll32.exe C:\WINDOWS\vykdzfnx.rykd gcplm [X]
2018-10-16 14:43 - 2018-10-16 14:43 - 000899072 _____ C:\WINDOWS\nocutxyqn.docu
2018-10-16 12:04 - 2018-10-16 12:04 - 000102952 _____ C:\WINDOWS\system32\Drivers\MjYzNzZ
2018-10-16 12:04 - 2018-10-16 12:04 - 000096519 _____ C:\WINDOWS\uninstaller.dat
2018-10-15 10:28 - 2018-10-15 10:28 - 001911296 _____ C:\WINDOWS\ZmJjZjg2NDI3ZTU2MmQ2.exe
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
C:\Windows\system32\mfevtps.exe
C:\WINDOWS\System32\drivers\cfwids.sys
C:\WINDOWS\System32\drivers\mfeapfk.sys
C:\WINDOWS\System32\drivers\mfeavfk.sys
C:\WINDOWS\System32\drivers\mfeelamk.sys
C:\WINDOWS\System32\drivers\mfefirek.sys
C:\WINDOWS\System32\drivers\mfehidk.sys
C:\WINDOWS\System32\drivers\mfewfpk.sys
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
C:\Program Files\Common Files\McAfee
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Save the content from the file menu then save.
Close the notepad, go back to FRST and click on the "Fix" button.
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.
Restart the computer.
--
Please press a key to continue the disinfection... -
Results of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Executed by Tony (17-10-2018 09:59:40) Run:1
Executed from C:\Users\Tony\Desktop
Loaded profiles: UpdatusUser & Tony (Available profiles: UpdatusUser & Tony & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
S2 YWI5OWNjNDA4ZDh; C:\Program Files\YWI5OWNjNDA4ZDh\YWJhZjJhNDM0YTY.exe [2938512 2018-10-16] ()
R2 MzM0Zjlk; rundll32.exe C:\WINDOWS\vykdzfnx.rykd gcplm [X]
2018-10-16 14:43 - 2018-10-16 14:43 - 000899072 _____ C:\WINDOWS\nocutxyqn.docu
2018-10-16 12:04 - 2018-10-16 12:04 - 000102952 _____ C:\WINDOWS\system32\Drivers\MjYzNzZ
2018-10-16 12:04 - 2018-10-16 12:04 - 000096519 _____ C:\WINDOWS\uninstaller.dat
2018-10-15 10:28 - 2018-10-15 10:28 - 001911296 _____ C:\WINDOWS\ZmJjZjg2NDI3ZTU2MmQ2.exe
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
C:\Windows\system32\mfevtps.exe
C:\WINDOWS\System32\drivers\cfwids.sys
C:\WINDOWS\System32\drivers\mfeapfk.sys
C:\WINDOWS\System32\drivers\mfeavfk.sys
C:\WINDOWS\System32\drivers\mfeelamk.sys
C:\WINDOWS\System32\drivers\mfefirek.sys
C:\WINDOWS\System32\drivers\mfehidk.sys
C:\WINDOWS\System32\drivers\mfewfpk.sys
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
C:\Program Files\Common Files\McAfee
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
The restore point was created successfully. -
It should be good.
You have specific things to see.
--
Please press any key to continue the disinfection... -
Uh no, since I don't use this old PC :) Thank you for your help and the patience you show towards losers like me ;)
Thank you -
You're welcome :)
--
Please press any key to continue the disinfection... -
Hello Malekal,
I don't know if the current problem is related to the previous messages, but since yesterday, whenever my son turns on his VPN (IPVANISH), he has network issues. He disables it, then reactivates it. It works perfectly, then the network cuts reappear gradually.
I have no answer to provide him regarding his problem.
Best regards.-
-
-
-
Yes, and we are lacking information as well :)
Delete the folder C:\FRST
Finish with a cleanup Malwarebytes - Malwarebytes Anti-Malware Free Version Tutorial
Avoid regular scans and cleanings with ZHPCleaner, AdwCleaner, unnecessary.
A few tips:
To avoid being scammed again.
To read - PUPs / potentially unwanted programs: Adwares/PUPs file: unwanted and parasitic programs
(Especially enable LPI detections to detect parasitic and adware programs) -
Adwcleaner? not useful? I thought it was effective :) especially since it's part of the Malwarebytes group now :)
-