Delete Qo-pro.com
Solved
JordanVELARD
Posted messages
125
Status
Member
-
bazfile Posted messages 58489 Registration date Status Moderator Last intervention -
bazfile Posted messages 58489 Registration date Status Moderator Last intervention -
Hello,
When I search with Google Chrome, before the search results appear, the URL qo-pro.com shows up in the search bar...
After several searches and scans with ZHP Cleaner, the problem persists...
I have also uninstalled Chrome and reinstalled it...
I am not sure what to do.
Thank you in advance for your help.
Configuration: Windows / Chrome 81.0.4044.138
When I search with Google Chrome, before the search results appear, the URL qo-pro.com shows up in the search bar...
After several searches and scans with ZHP Cleaner, the problem persists...
I have also uninstalled Chrome and reinstalled it...
I am not sure what to do.
Thank you in advance for your help.
Configuration: Windows / Chrome 81.0.4044.138
16 answers
-
Hello,
Download FRST and once downloaded save it on the desktop then open it and you will see this:
Then check the shortcut box like this:
Click on Analyze and at the end of the analysis you will have three text files on the desktop FRST, Addition and Shortcut, make sure to wait for the messages saying that the analysis is complete, then send these reports to https://pjjoint.malekal.com/ see this tutorial paragraph Send analysis reports to pjjoint then provide the three links generated by Pjoint in your next message.
--
bazfile..
Moderator/Security Contributor.
a hello, a response, a thank you are always appreciated. -
-
Procedure to follow in the indicated order:
1- Open FRST
2 - Copy the entire script that is in the box that follows:Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction ?
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
Edge HomeButtonPage: HKU\S-1-5-21-3961947222-2854571345-2454660537-1001 -> hxxp://www.qo-pro.com/
CHR DefaultSearchURL: Default -> hxxp://www.qo-pro.com/search?q={searchTerms}
HKU\.DEFAULT\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Legass\Application\chrome.exe
HKU\S-1-5-21-3961947222-2854571345-2454660537-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Footper\Application\chrome.exe
HKU\S-1-5-18\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Legass\Application\chrome.exe
Task: {EE277C40-023A-4945-A5E7-4D868B7473AD} - \Microsoft\Windows\UNP\RunCampaignManager -> No file
SearchScopes: HKU\S-1-5-21-3961947222-2854571345-2454660537-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
C:\Program Files (x86)\Legass
C:\Program Files (x86)\Footper
EmptyTemp:
End::
3- Once the script is copied click on Fix.
Allow the fix to complete and once it is finished you will be asked to restart your pc, do so as soon as you are prompted, see below.
Then once your computer has restarted:
4- You will have a Fixlog file on your desktop send it via https://pjjoint.malekal.com/ then put the link generated by Pjoint in your next message.
5- Reset Google Chrome with THIS SOFTWARE6- CHECK AND TELL ME IF YOUR PROBLEM IS STILL PRESENT
-
-
-
-
-
Good evening,
No, definitely not, the scripts are custom-made and are therefore only intended for the computers for which they were written. Perform a FRST analysis and provide the reports as indicated in the procedure https://forums.commentcamarche.net/forum/affich-36664297-supprimer-qo-pro-com#1
-
-
Good evening,
Here it is:
FRST: https://pjjoint.malekal.com/files.php?id=FRST_20200713_w8n10j912m10
Addition: https://pjjoint.malekal.com/files.php?id=20200713_o13z7i7g15x10
Shortcut: https://pjjoint.malekal.com/files.php?id=20200713_y7u9z15z8o8
Thank you again.-
Procedure to follow in the indicated order:
1- Open FRST
2 - Copy the entire script that is in the box below:Start::
CreateRestorePoint:
CloseProcesses:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction
CHR HKLM\SOFTWARE\Policies\Google: Restriction
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2020-07-13]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
HKU\S-1-5-21-3806746808-4152399581-3084288339-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qo-pro.com/
SearchScopes: HKU\S-1-5-21-3806746808-4152399581-3084288339-1001 -> DefaultScope {D9243B22-1605-4FF6-8805-0DE0B50C51D4} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3806746808-4152399581-3084288339-1001 -> {D9243B22-1605-4FF6-8805-0DE0B50C51D4} URL = hxxp://www.qo-pro.com/search?q={searchTerms}
Edge HomeButtonPage: HKU\S-1-5-21-3806746808-4152399581-3084288339-1001 -> hxxp://www.qo-pro.com/
CHR HomePage: Default -> hxxp://www.qo-pro.com/
CHR StartupUrls: Default -> "hxxp://www.qo-pro.com/"
CHR DefaultSearchURL: Default -> hxxp://www.qo-pro.com/search?q={searchTerms}
Task: {99504D62-36A1-4552-9527-B2817C749A51} - \Microsoft\Windows\UpdateOrchestrator\AC Power Install -> No File
EmptyTemp:
End::
3- Once the script is copied click on Fix.
Let the fixing process complete, once it is finished you will be asked to restart your PC, do it as soon as you are prompted, see below.
Then once your computer has restarted:
4- You will have a Fixlog file on your desktop send it via https://pjjoint.malekal.com/ then put the link generated by Pjoint in your next message.
5- Reset Google Chrome https://support.google.com/chrome/answer/3296214?hl=fr6- CHECK AND TELL ME IF YOUR PROBLEM IS STILL PRESENT
-
-
Good evening again,
Thank you very much, it worked!
Here’s the link: https://pjjoint.malekal.com/files.php?id=20200713_k7s6e5v12k10
Do you know how to avoid getting this thing again? Maybe my protection isn’t good enough...
Thanks again.-
Nothing to do with your protection, be careful what you install especially if the software is free. For example:
When you install free software, you need to read the various screens carefully during the installation to avoid getting trapped.
You need to uncheck the proposed boxes; they are not always visible at first glance, for example:
FOR INFORMATION:
Your version of Windows 10 is not up to date, check it with THIS MICROSOFT TOOL.
Good night.
-
-
-
Hello,
I have the same issue (on Edge Chromium), could a good Samaritan come to my aid?
Addition: https://pjjoint.malekal.com/files.php?id=20200717_n6h6b12o15m12
FRST: https://pjjoint.malekal.com/files.php?id=FRST_20200717_z15s9e15q15p13
Shortcut: https://pjjoint.malekal.com/files.php?id=20200717_j7b11p12f5s8
Thanks in advance ;-)-
Procedure to follow in the indicated order:
1- Open FRST
2 - Copy the entire script that is in the box below:Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-508807138-4054684981-3814915774-1001\...\Run: [Chromium] => "c:\users\hermeland-27\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
C:\Users\HERMELAND-27\AppData\Local\Chromium
Edge HomePage: Default -> hxxp://www.qo-pro.com/
Edge DefaultSearchURL: Default -> hxxp://www.qo-pro.com/search?q={searchTerms}
Edge DefaultSearchKeyword: Default -> qo-pro.com
EmptyTemp:
End::
3- Once the script is copied, click on Fix.
Let the correction take place, once it is finished you will be asked to restart your PC, do it as soon as you are prompted, see below.
Then, once your computer is restarted:
4- You will have a Fixlog file on your desktop, send it via https://pjjoint.malekal.com/ then put the link generated by Pjoint in your next message.5- CHECK AND TELL ME IF YOUR PROBLEM IS STILL PRESENT
-
-
Wow, thanks for your quick response!
Below is the link to the fixlog: https://pjjoint.malekal.com/files.php?id=20200717_k5t12y7p6n6
Thank you
edit: and the problem doesn't seem to be present anymore! -
-
-
Hello,
I am also infected with qo-pro (and maybe more...)
Could you please help me?
Here are the links:
https://pjjoint.malekal.com/files.php?id=20201223_g118k10v7k5
https://pjjoint.malekal.com/files.php?id=FRST_20201223_m5j6j13v6w12
https://pjjoint.malekal.com/files.php?id=20201223_l8c14n9n7k14
Thank you in advance!-
Hello,
Procedure to follow in the order indicated:
1- Open FRST
2 - Copy the entire script in the box below:Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3817573752-3000552934-4059848185-1000\...\Run: [GalaxyClient] => [X]
Task: {2347FF16-2A7C-4D2F-9E1E-695D128CC354} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No file
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No file
Task: {9F7FFB58-9CC1-47ED-B97B-12EA4A3F8877} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No file
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No file
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No file
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No file
FF Plugin: @microsoft.com/GENUINE -> disabled [No file]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No file]
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No file]
S2 AntiVirMailService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe" [X]
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
U1 aswbdisk; no ImagePath
U3 avgbdisk; no ImagePath
S2 avgntflt; system32\DRIVERS\avgntflt.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction
CHR Notifications: Default -> hxxps://www.fnac.com; hxxps://www.gouvernement.fr; hxxps://www.humorpolitico.com.br; hxxps://www.inspideco.org; hxxps://www.pinterest.fr
FF Homepage: Mozilla\Firefox\Profiles\6pm6bc7f.default -> hxxp://www.qo-pro.com/
CHR StartupUrls: Default -> "hxxp://www.google.fr/","hxxp://www.qo-pro.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://ommbgnllpkjnidkcnginhlacffdcdijc/index.html"
CHR DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/search?fr=mcafee&type=E210FR91082G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://fr.search.yahoo.com/sugg/gossip/gossip-fr-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo]
Avira (HKLM-x32\...\{670F06EC-252B-4791-BE79-8A20635B9707}) (Version: 1.2.134.56164 - Avira Operations GmbH & Co. KG) Hidden
EmptyTemp:
End::
3- Once the script is copied, click on Fix.
Let the fix complete, once done you will be prompted to restart your PC, do so as soon as you are asked, see below.
Then once your computer has restarted:
4- You will have a Fixlog file on your desktop send it via https://pjjoint.malekal.com/ then put the link generated by Pjoint in your next message.
5- Reset Chrome and Firefox with https://www.commentcamarche.net/telecharger/utilitaires/19335-resetbrowser/6- CHECK AND TELL ME IF YOUR PROBLEM IS STILL PRESENT
____________________________________________________________________________________
To finish:7- You uninstalled Avira but it is not completely uninstalled, uninstall it with Revo Uninstaller in Advanced scan mode see below
Here is how to proceed to uninstall a program in advanced scan mode.
Accept the uninstallation of the program you wish to uninstall and if there is an error message saying that uninstallation is impossible close the error message and continue the procedure.
Check "Advanced scan" then click on "Scan".
Click on "Select all" then on "Delete" if a second list appears do the same then once everything is deleted click on "Finish" a restart may be requested.
.
-
-
Thank you for your quick response!
Here is the fixlog:
https://pjjoint.malekal.com/files.php?id=20201223_p10h6k12f11z5
However, Qo-Pro is still present!
(Avira has been completely uninstalled now, thank you!) -
Sorry, I forgot the Reset Browser step!
So I reinstalled Chrome, and Qo-Pro seems to be gone!
Thank you so much for your efficiency and availability! -
Hello,
Here are the 3 links from pjjoint.malekal.com
https://pjjoint.malekal.com/files.php?id=FRST_20201229_e6n9t8x14q10
https://pjjoint.malekal.com/files.php?id=20201229_k10y10n6j12v14
https://pjjoint.malekal.com/files.php?id=20201229_e7m119n15n8
Wouldn't it be easier for you to show how to obtain the script? Because if you have to reply to everyone, you will lose a lot of time, anyway thanks in advance!-
Isn't it easier for you to show how to obtain the script?
Creating a script requires certain knowledge, each script is different because qo-pro is visible but there may be other infections on the PC which was not your case, only qo-pro was present.
Procedure to follow in the order indicated:
1- Open FRST
2 - Copy the entire script in the box below:Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction
CHR StartupUrls: Default -> "hxxp://www.qo-pro.com/"
EmptyTemp:
End::
3- Once the script is copied, click on Fix.
Let the fix complete, once it is finished you will be asked to restart your PC, do so as soon as it is requested, see below.
Then once your computer is restarted:
4- You will have a Fixlog file on your desktop, send it via https://pjjoint.malekal.com/ then put the link generated by Pjoint in your next message.5- CHECK AND TELL ME IF YOUR PROBLEM IS STILL PRESENT
===If the problem is still present after the FRST fix, reset Google Chrome with THIS SOFTWARE.===- Perfect, everything works. Thank you! Happy end of year celebrations.
https://pjjoint.malekal.com/files.php?id=20201229_q7u11m9h7q11
-