Adware.pokki
Solved
SuperFun
Posted messages
850
Registration date
Status
Membre
Last intervention
-
SuperFun Posted messages 850 Registration date Status Membre Last intervention -
SuperFun Posted messages 850 Registration date Status Membre Last intervention -
Hello, good evening,
I need your help, when running AdwCleaner it finds adware.pokki but cannot remove it.
What should I do and is there anything else to remove like viruses or otherwise?
P.S. I have the AdwCleaner report available.
--
I am capable of the best as well as the worst, but in the worst, I am the best!
I need your help, when running AdwCleaner it finds adware.pokki but cannot remove it.
What should I do and is there anything else to remove like viruses or otherwise?
P.S. I have the AdwCleaner report available.
--
I am capable of the best as well as the worst, but in the worst, I am the best!
4 réponses
To check your computer for possible infections and get a general status of the system:
Follow the FRST tutorial by clicking on this blue link. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:
Send these 3 reports to the site https://pjjoint.malekal.com/ and in return provide the 3 pjjoint links that lead to the reports here in a new response so that they can be consulted.
(The blue links lead to step-by-step explanatory tutorials, click on them to get more precise instructions to follow).
--
Please press any key to continue the disinfection...
Follow the FRST tutorial by clicking on this blue link. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:
- FRST.txt
- Shortcut.
- Additionnal.txt
Send these 3 reports to the site https://pjjoint.malekal.com/ and in return provide the 3 pjjoint links that lead to the reports here in a new response so that they can be consulted.
(The blue links lead to step-by-step explanatory tutorials, click on them to get more precise instructions to follow).
--
Please press any key to continue the disinfection...
It's supposed to bring up a start menu
The editor is known for creating adwares.
~~
To uninstall:
CCleaner
McAfee WebAdvisor
Spybot - Search & Destroy (useless)
CCleaner is not really useful, even though it is recommended everywhere.
If you want to keep it, disable CCleaner monitoring, which is unnecessary, as it starts up with Windows and slows it down with its constant cleanings, see: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/
~~
I feel like AdwCleaner has removed it.
In any case, these are remnants.
Here’s the correction to be made with FRST. You can refer to this explanatory note with screenshots.
Restart FRST, then on your keyboard press the CTRL + Y keys.
The notepad will open, copy/paste this.
Save the content from the file menu then save.
Close the notepad, go back to FRST and click on the "Fix" button
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.
Restart the computer
--
Please press a key to continue the disinfection...
The editor is known for creating adwares.
~~
To uninstall:
CCleaner
McAfee WebAdvisor
Spybot - Search & Destroy (useless)
CCleaner is not really useful, even though it is recommended everywhere.
If you want to keep it, disable CCleaner monitoring, which is unnecessary, as it starts up with Windows and slows it down with its constant cleanings, see: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/
~~
I feel like AdwCleaner has removed it.
In any case, these are remnants.
Here’s the correction to be made with FRST. You can refer to this explanatory note with screenshots.
Restart FRST, then on your keyboard press the CTRL + Y keys.
The notepad will open, copy/paste this.
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\Tasks\App Explorer
C:\Users\Francisco Funes\AppData\Local\Host App Service
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Save the content from the file menu then save.
Close the notepad, go back to FRST and click on the "Fix" button
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.
Restart the computer
--
Please press a key to continue the disinfection...
Hello,
Here is the text file:
Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01 Correction Results
Executed by Firstname Lastname (01-18-2019 13:44:00) Run:1
Executed from C:\Users\Francisco Funes\Desktop
Loaded profiles: Firstname Lastname (Available profiles: Firstname Lastname)
Boot mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\Tasks\App Explorer
C:\Users\Francisco Funes\AppData\Local\Host App Service
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
The restore point was created successfully.
Processes closed successfully.
"C:\Windows\System32\Tasks\App Explorer" => not found
"C:\Users\Francisco Funes\AppData\Local\Host App Service" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-438148618-3482028848-9984531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-438148618-3482028848-9984531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 9723904 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 262850982 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => -1411325 B
Edge => 280058836 B
Chrome => 12433928 B
Firefox => 18866188 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3648 B
LocalService => 0 B
NetworkService => 8372 B
NetworkService => 0 B
Francisco Funes => 136182344 B
RecycleBin => 74258771 B
EmptyTemp: => 756.2 MB temporary data deleted.
================================
The system had to restart.
Here is the text file:
Farbar Recovery Scan Tool (x64) Version: 16.01.2019 01 Correction Results
Executed by Firstname Lastname (01-18-2019 13:44:00) Run:1
Executed from C:\Users\Francisco Funes\Desktop
Loaded profiles: Firstname Lastname (Available profiles: Firstname Lastname)
Boot mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\Tasks\App Explorer
C:\Users\Francisco Funes\AppData\Local\Host App Service
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
The restore point was created successfully.
Processes closed successfully.
"C:\Windows\System32\Tasks\App Explorer" => not found
"C:\Users\Francisco Funes\AppData\Local\Host App Service" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-438148618-3482028848-9984531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-438148618-3482028848-9984531-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 9723904 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 262850982 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => -1411325 B
Edge => 280058836 B
Chrome => 12433928 B
Firefox => 18866188 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3648 B
LocalService => 0 B
NetworkService => 8372 B
NetworkService => 0 B
Francisco Funes => 136182344 B
RecycleBin => 74258771 B
EmptyTemp: => 756.2 MB temporary data deleted.
================================
The system had to restart.
Here is the report:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support/
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-18-2019
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 7
# Failed: 1
No malicious services cleaned.
Deleted C:\ProgramData\Host App Service
Not Deleted C:\Users\XXXXXXXXXXXXXXXXX\AppData\Local\Host App Service
Deleted C:\Windows\System32\Tasks_Migrated\App Explorer
No malicious DLLs cleaned.
No malicious WMI cleaned.
No malicious shortcuts cleaned.
Deleted C:\Windows\System32\Tasks\App Explorer
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKCU\Software\Host App Service
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79B31B11-A797-4C45-908A-355ABD388A23}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
No malicious Chromium entries cleaned.
No malicious Chromium URLs cleaned.
No malicious Firefox entries cleaned.
No malicious Firefox URLs cleaned.
[+] Delete Tracing Keys
[+] Reset Winsock
AdwCleaner[S00].txt - [1874 bytes] - [01/18/2019 00:09:24]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########