Formulaire fictif

Solved
Elimie -  
Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   -
Hello everyone

Here's my problem: when I shut down my computer, a window appears telling me that Dummy is open, and that I need to close the application by clicking "end now" or "cancel." I would like to know what Dummy is and especially how to uninstall it (I don't see it in the uninstall programs).

Additionally, upon startup, I get a window without a title that opens after a few minutes (during which my PC is really slow) asking me to choose a program to open.

I think my PC is infected, but I need help! :)

Thanks in advance

6 answers

  1. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    Hello,

    It's hard to say like that,

    To check your computer for any infections and get a general status of the system:

    Follow the FRST tutorial by clicking on this blue link. ( take the time to read carefully - everything is well explained ).

    Download and run the FRST scan,
    Wait for the scan to finish, a message will indicate that the analysis is complete.

    Three FRST reports will be generated:
    • FRST.txt
    • Shortcut.
    • Additionnal.txt


    Send these 3 reports to the site https://pjjoint.malekal.com/ and then provide the 3 pjjoint links that lead to the reports here in a new response so that we can consult them.

    (The blue links lead to step-by-step explanatory tutorials, click on them for more precise instructions to follow).

    --
    Please press any key to continue the disinfection...
    1
  2. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    perfect, see how it goes.

    --
    Please press a key to continue the disinfection...
    1
    1. Elimie
       
      OK, thanks for your help! But I still have a window at startup asking me to choose a program, and as long as it hasn't appeared, my PC is lagging a lot.
      It disappears with a click so that it doesn't reappear afterwards... do you know what it is related to?

      Thanks!
      0
    2. Elimie
       
      Ok thanks, I will follow your tutorial. However, it's impossible to download Process Explorer… file not found.
      0
    3. Elimie
       
      Hello, after a few struggles (managing to capture the window that disappears with the slightest click... then managing to take a screenshot that I could send you...) here is the result:

      https://www.cjoint.com/c/IHbigUPWMaO

      Thanks for your help ;)
      0
  3. Elimie
     
    Good evening,

    thank you for your help and feedback
    Below are the 3 links to the 3 reports

    https://pjjoint.malekal.com/files.php?id=20190730_e12x6y14e14g15
    https://pjjoint.malekal.com/files.php?id=FRST_20190730_z15i13n9m15t15
    https://pjjoint.malekal.com/files.php?id=20190730_m10f10t715j11

    Does it look bad, do you think? ;)

    Thanks in advance!
    0
  4. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
     
    A lot of useless programs.
    First, clean up and see if it changes anything.

    You have programs that were pre-installed when you bought the computer or installed later that aren't necessarily useful.
    They clutter Windows and can slow it down.
    You can therefore uninstall them.
    Go to the Control Panel
    then Programs and Features.
    Uninstall:

    Avast Cleanup Premium (useless)
    CCleaner
    CyberLink
    Java
    my Livebox
    MyWinLocker
    Nero (unless you really use it)
    NTI Media Maker
    WinPcap


    PS: CCleaner is not really useful, even though it's recommended everywhere.
    If you want to keep it, disable CCleaner's monitoring, which is unnecessary, as it starts up with Windows and slows it down with its incessant cleaning tasks. See: https://www.malekal.com/supprimer-ccleaner-demarrage-windows/

    Here is the correction to make with FRST. You can use this explanatory note with screenshots.
    Restart FRST then press CTRL + Y on your keyboard.
    The notepad will open, copy/paste this.

    Start:
    CloseProcesses:
    CreateRestorePoint:
    Task: {0C8F9451-A7CC-402F-A213-733BEA72380A} - System32\Tasks\BrickReliever-S-2025682459 => c:\programdata\trusted publisher\softwareprolonger\BrickReliever.exe <==== WARNING
    Task: {7AFD6ABD-76E3-406A-8CD4-531E3E5599EF} - System32\Tasks\BrickReliever-S-2886512139 => c:\programdata\trusted publisher\premiumprovider\BrickReliever.exe <==== WARNING
    Task: C:\WINDOWS\Tasks\BrickReliever-S-2025682459.job => c:\programdata\trusted publisher\softwareprolonger\BrickReliever.exeW/schedule /profile c:\programdata\trusted publisher\softwareprolonger\2025682459.ini <==== WARNING
    Task: C:\WINDOWS\Tasks\BrickReliever-S-2886512139.job => c:\programdata\trusted publisher\premiumprovider\BrickReliever.exeU/schedule /profile c:\programdata\trusted publisher\premiumprovider\2886512139.ini <==== WARNING
    c:\programdata\trusted publisher
    RemoveProxy:
    Reboot:
    End:


    Save the content from the file menu then save.

    Close the notepad, go back to FRST and click the "Fix" button.
    A restart may be necessary and automatic.
    A text file will appear, copy/paste the content here in a new message.

    Restart the computer.

    --
    Please press a key to continue the disinfection...
    0
  5. Elimie
     
    Hello,

    thank you for your help, here is the text file that appeared after correction:

    Results of the Farbar Recovery Scan Tool (x64) Version: 30-07-2019 01
    Executed by Etienne (31-07-2019 10:26:35) Run:1
    Executed from C:\Users\Etienne\Desktop
    Loaded profiles: UpdatusUser & Etienne (Available profiles: UpdatusUser & Etienne)
    Boot mode: Normal
    ==============================================

    fixlist content:

    End of Fixlog 10:26:35

    Thank you for the links to your blog, which is well done and helps to understand what is happening!

    To be continued!
    0
    1. Malekal_morte- Posted messages 178136 Registration date   Status Moderator, Security Contributor Last intervention   24 712
       
      The correction is empty.
      So it's not good,

      try again like this:

      Place the FRST program on the desktop
      open Notepad
      paste the script given above
      save the file on the desktop as fixlist.txt
      Restart FRST then Click Fix.
      0
  6. Elimie
     
    Indeed...
    2nd attempt results in:

    Results of Farbar Recovery Scan Tool (x64) Version: 30-07-2019 01
    Executed by Etienne (31-07-2019 10:39:55) Run:2
    Executed from C:\Users\Etienne\Desktop
    Loaded profiles: UpdatusUser & Etienne (Available profiles: UpdatusUser & Etienne)
    Boot mode: Normal
    ==============================================

    fixlist content:
    Start:
    CloseProcesses:
    CreateRestorePoint:
    Task: {0C8F9451-A7CC-402F-A213-733BEA72380A} - System32\Tasks\BrickReliever-S-2025682459 => c:\programdata\trusted publisher\softwareprolonger\BrickReliever.exe <==== WARNING
    Task: {7AFD6ABD-76E3-406A-8CD4-531E3E5599EF} - System32\Tasks\BrickReliever-S-2886512139 => c:\programdata\trusted publisher\premiumprovider\BrickReliever.exe <==== WARNING
    Task: C:\WINDOWS\Tasks\BrickReliever-S-2025682459.job => c:\programdata\trusted publisher\softwareprolonger\BrickReliever.exeW/schedule /profile c:\programdata\trusted publisher\softwareprolonger\2025682459.ini <==== WARNING
    Task: C:\WINDOWS\Tasks\BrickReliever-S-2886512139.job => c:\programdata\trusted publisher\premiumprovider\BrickReliever.exeU/schedule /profile c:\programdata\trusted publisher\premiumprovider\2886512139.ini <==== WARNING
    c:\programdata\trusted publisher
    RemoveProxy:
    Reboot:
    End:

    Processes closed successfully.
    The restore point was created successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C8F9451-A7CC-402F-A213-733BEA72380A}" => deleted successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C8F9451-A7CC-402F-A213-733BEA72380A}" => deleted successfully
    C:\WINDOWS\System32\Tasks\BrickReliever-S-2025682459 => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrickReliever-S-2025682459" => deleted successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AFD6ABD-76E3-406A-8CD4-531E3E5599EF}" => deleted successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFD6ABD-76E3-406A-8CD4-531E3E5599EF}" => deleted successfully
    C:\WINDOWS\System32\Tasks\BrickReliever-S-2886512139 => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrickReliever-S-2886512139" => deleted successfully
    C:\WINDOWS\Tasks\BrickReliever-S-2025682459.job => moved successfully
    C:\WINDOWS\Tasks\BrickReliever-S-2886512139.job => moved successfully
    "c:\programdata\trusted publisher" => not found

    ========= RemoveProxy: =========

    "HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => deleted successfully
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => deleted successfully
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => deleted successfully
    "HKU\S-1-5-21-3442228110-1367899183-136614925-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => deleted successfully
    "HKU\S-1-5-21-3442228110-1367899183-136614925-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => deleted successfully
    "HKU\S-1-5-21-3442228110-1367899183-136614925-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => deleted successfully

    ========= End of RemoveProxy: =========

    The system had to restart.

    End of Fixlog 10:40:46

    0