View original (French)

Formulaire fictif

Solved
Elimie -  
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   -
Hello everyone

Here's my problem: when I shut down my computer, a window appears telling me that Dummy is open, and that I need to close the application by clicking "end now" or "cancel." I would like to know what Dummy is and especially how to uninstall it (I don't see it in the uninstall programs).

Additionally, upon startup, I get a window without a title that opens after a few minutes (during which my PC is really slow) asking me to choose a program to open.

I think my PC is infected, but I need help! :)

Thanks in advance

6 réponses

Réponse 1 / 6
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
Hello,

It's hard to say like that,

To check your computer for any infections and get a general status of the system:

Follow the FRST tutorial by clicking on this blue link. ( take the time to read carefully - everything is well explained ).

Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.

Three FRST reports will be generated:
  • FRST.txt
  • Shortcut.
  • Additionnal.txt


Send these 3 reports to the site https://pjjoint.malekal.com/ and then provide the 3 pjjoint links that lead to the reports here in a new response so that we can consult them.

(The blue links lead to step-by-step explanatory tutorials, click on them for more precise instructions to follow).

--
Please press any key to continue the disinfection...
1
Réponse 2 / 6
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
perfect, see how it goes.

--
Please press a key to continue the disinfection...
1
Elimie
 
OK, thanks for your help! But I still have a window at startup asking me to choose a program, and as long as it hasn't appeared, my PC is lagging a lot.
It disappears with a click so that it doesn't reappear afterwards... do you know what it is related to?

Thanks!
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711 > Elimie
 
Follow this tutorial: https://forum.malekal.com/viewtopic.php?t=55018
Do this on the window in question
and provide a screenshot of Process Explorer
0
Elimie
 
Ok thanks, I will follow your tutorial. However, it's impossible to download Process Explorer… file not found.
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711 > Elimie
 
Take it there: https://www.commentcamarche.net/telecharger/utilitaires/18451-process-explorer/
0
Elimie
 
Hello, after a few struggles (managing to capture the window that disappears with the slightest click... then managing to take a screenshot that I could send you...) here is the result:

https://www.cjoint.com/c/IHbigUPWMaO

Thanks for your help ;)
0
Réponse 3 / 6
Elimie
 
Good evening,

thank you for your help and feedback
Below are the 3 links to the 3 reports

https://pjjoint.malekal.com/files.php?id=20190730_e12x6y14e14g15
https://pjjoint.malekal.com/files.php?id=FRST_20190730_z15i13n9m15t15
https://pjjoint.malekal.com/files.php?id=20190730_m10f10t715j11

Does it look bad, do you think? ;)

Thanks in advance!
0
Réponse 4 / 6
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
A lot of useless programs.
First, clean up and see if it changes anything.

You have programs that were pre-installed when you bought the computer or installed later that aren't necessarily useful.
They clutter Windows and can slow it down.
You can therefore uninstall them.
Go to the Control Panel
then Programs and Features.
Uninstall:

Avast Cleanup Premium (useless)
CCleaner
CyberLink
Java
my Livebox
MyWinLocker
Nero (unless you really use it)
NTI Media Maker
WinPcap


PS: CCleaner is not really useful, even though it's recommended everywhere.
If you want to keep it, disable CCleaner's monitoring, which is unnecessary, as it starts up with Windows and slows it down with its incessant cleaning tasks. See: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/

Here is the correction to make with FRST. You can use this explanatory note with screenshots.
Restart FRST then press CTRL + Y on your keyboard.
The notepad will open, copy/paste this. 

Start:
CloseProcesses:
CreateRestorePoint:
Task: {0C8F9451-A7CC-402F-A213-733BEA72380A} - System32\Tasks\BrickReliever-S-2025682459 => c:\programdata\trusted publisher\softwareprolonger\BrickReliever.exe <==== WARNING
Task: {7AFD6ABD-76E3-406A-8CD4-531E3E5599EF} - System32\Tasks\BrickReliever-S-2886512139 => c:\programdata\trusted publisher\premiumprovider\BrickReliever.exe <==== WARNING
Task: C:\WINDOWS\Tasks\BrickReliever-S-2025682459.job => c:\programdata\trusted publisher\softwareprolonger\BrickReliever.exeW/schedule /profile c:\programdata\trusted publisher\softwareprolonger\2025682459.ini <==== WARNING
Task: C:\WINDOWS\Tasks\BrickReliever-S-2886512139.job => c:\programdata\trusted publisher\premiumprovider\BrickReliever.exeU/schedule /profile c:\programdata\trusted publisher\premiumprovider\2886512139.ini <==== WARNING
c:\programdata\trusted publisher
RemoveProxy:
Reboot:
End:


Save the content from the file menu then save.

Close the notepad, go back to FRST and click the "Fix" button.
A restart may be necessary and automatic.
A text file will appear, copy/paste the content here in a new message.

Restart the computer.

--
Please press a key to continue the disinfection...
0
Réponse 5 / 6
Elimie
 
Hello,

thank you for your help, here is the text file that appeared after correction:

Results of the Farbar Recovery Scan Tool (x64) Version: 30-07-2019 01
Executed by Etienne (31-07-2019 10:26:35) Run:1
Executed from C:\Users\Etienne\Desktop
Loaded profiles: UpdatusUser & Etienne (Available profiles: UpdatusUser & Etienne)
Boot mode: Normal
==============================================

fixlist content:

End of Fixlog 10:26:35

Thank you for the links to your blog, which is well done and helps to understand what is happening!

To be continued!
0
Malekal_morte- Posted messages 178136 Registration date   Status Modérateur, Contributeur sécurité Last intervention   24 711
 
The correction is empty.
So it's not good,

try again like this:

Place the FRST program on the desktop
open Notepad
paste the script given above
save the file on the desktop as fixlist.txt
Restart FRST then Click Fix.
0
Réponse 6 / 6
Elimie
 
Indeed...
2nd attempt results in:

Results of Farbar Recovery Scan Tool (x64) Version: 30-07-2019 01
Executed by Etienne (31-07-2019 10:39:55) Run:2
Executed from C:\Users\Etienne\Desktop
Loaded profiles: UpdatusUser & Etienne (Available profiles: UpdatusUser & Etienne)
Boot mode: Normal
==============================================

fixlist content:
Start:
CloseProcesses:
CreateRestorePoint:
Task: {0C8F9451-A7CC-402F-A213-733BEA72380A} - System32\Tasks\BrickReliever-S-2025682459 => c:\programdata\trusted publisher\softwareprolonger\BrickReliever.exe <==== WARNING
Task: {7AFD6ABD-76E3-406A-8CD4-531E3E5599EF} - System32\Tasks\BrickReliever-S-2886512139 => c:\programdata\trusted publisher\premiumprovider\BrickReliever.exe <==== WARNING
Task: C:\WINDOWS\Tasks\BrickReliever-S-2025682459.job => c:\programdata\trusted publisher\softwareprolonger\BrickReliever.exeW/schedule /profile c:\programdata\trusted publisher\softwareprolonger\2025682459.ini <==== WARNING
Task: C:\WINDOWS\Tasks\BrickReliever-S-2886512139.job => c:\programdata\trusted publisher\premiumprovider\BrickReliever.exeU/schedule /profile c:\programdata\trusted publisher\premiumprovider\2886512139.ini <==== WARNING
c:\programdata\trusted publisher
RemoveProxy:
Reboot:
End:

Processes closed successfully.
The restore point was created successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C8F9451-A7CC-402F-A213-733BEA72380A}" => deleted successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C8F9451-A7CC-402F-A213-733BEA72380A}" => deleted successfully
C:\WINDOWS\System32\Tasks\BrickReliever-S-2025682459 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrickReliever-S-2025682459" => deleted successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AFD6ABD-76E3-406A-8CD4-531E3E5599EF}" => deleted successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFD6ABD-76E3-406A-8CD4-531E3E5599EF}" => deleted successfully
C:\WINDOWS\System32\Tasks\BrickReliever-S-2886512139 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrickReliever-S-2886512139" => deleted successfully
C:\WINDOWS\Tasks\BrickReliever-S-2025682459.job => moved successfully
C:\WINDOWS\Tasks\BrickReliever-S-2886512139.job => moved successfully
"c:\programdata\trusted publisher" => not found

========= RemoveProxy: =========

"HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => deleted successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => deleted successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => deleted successfully
"HKU\S-1-5-21-3442228110-1367899183-136614925-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => deleted successfully
"HKU\S-1-5-21-3442228110-1367899183-136614925-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => deleted successfully
"HKU\S-1-5-21-3442228110-1367899183-136614925-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => deleted successfully

========= End of RemoveProxy: =========

The system had to restart.

End of Fixlog 10:40:46

0