Assume an infection

Solved
Shiva_0119 Posted messages 4 Status Member -  
bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   -
Hello, hello everyone. I have the PC of an elderly person that has already been seen by several people and is getting slower and slower. I asked them to lend it to me so I could try to find a solution, so I’m turning to you.
It’s an Asus F751 L.
I’ve just looked at what seemed wrong.
First, there were 3 antivirus programs: Defender, Avast, and Panda Home. I uninstalled Avast and Panda, but I don't know if it was done properly.
The PC is moderately slow, and there are a lot of ads.
I wanted to install Malwarebytes, but it’s impossible; it crashes every time halfway through.

Thanks in advance.

5 answers

  1. Shiva_0119 Posted messages 4 Status Member 1
     
    Je te remercie encore pour tout, bonne journée.
    1
    1. bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   20 266
       
      Have a good day as well.
      0
  2. bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   20 266
     
    Hello.
    Download FRST and once downloaded save it to the desktop then right-click on FRST and select Run as administrator you will see this:

    Click on Analyze

    Attention, wait for the messages saying the analysis is complete to appear



    At the end of the analysis you will have two text files on the desktop FRST and Addition

    Then send the FRST and ADDITION reports to CJOINT see THIS TUTORIAL then provide the two links generated by Cjoint in your response.

    bazfile
    Moderator/Security Contributor.
    A hello, a response, a thank you are always appreciated.
    0
  3. bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   20 266
     
    Some remains of Panda, Norton, AVG, and Avast, orphaned or obsolete processes, a few restrictions to correct, and some parasite search engines are all there is on this PC.

    Procedure to follow in the order indicated:

    1- Open FRST as an administrator by right-clicking on FRST and selecting run as administrator
    2 - Copy the entire script from the box below:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    C:\Program Files (x86)\Panda Security
    C:\ProgramData\Panda Security
    C:\ProgramData\AVAST Software
    C:\Users\Huriez\AppData\Roaming\Panda Security
    C:\Users\Huriez\AppData\Local\AVAST Software
    C:\Program Files\Common Files\Avast Software
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
    CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
    CHR NewTab: Default -> "active": true,
    "entry": "chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html"
    CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
    CHR DefaultSearchKeyword: Default -> NortonSafe
    CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
    Edge Extension: (No name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (No name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    HKU\S-1-5-21-1671411557-2292297772-1213417590-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36976728 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {1B9EFD86-315F-4B34-BCF8-7D6A8D1EBFBD} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2287472 2022-05-29] (AVG Technologies USA, LLC -> AVG Technologies)
    Task: {1E0BFD09-C872-4FFC-9179-479C15E0AF74} - \Microsoft\Windows\UNP\RunCampaignManager -> No file
    GroupPolicyScripts: Restriction
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction
    HKLM\SOFTWARE\Policies\Google: Restriction
    Task: {625F8391-C748-4377-8E18-A5ECBFAF74A4} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.12.0.104\SymErr.exe /analyze (No file)
    Task: {1E0BFD09-C872-4FFC-9179-479C15E0AF74} - \Microsoft\Windows\UNP\RunCampaignManager -> No file
    Task: {C1A7734F-DED8-4938-900B-B2597EDED4B6} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files (x86)\Norton Security\Engine\22.12.0.104\SymErr.exe /ui
    :\Program Files (x86)\Norton Security
    SearchScopes: HKU\S-1-5-21-1671411557-2292297772-1213417590-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1671411557-2292297772-1213417590-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1671411557-2292297772-1213417590-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0374E98A-8005-45F9-8790-843D1F40723F}&mid=d425f61bed9847ccb86f51eccfc19ef1-f4eec3b36740acbdf2cb90ec6338c4b7b59158b8&lang=fr&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2016-01-15 14:42:40&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO: No name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No file
    AV: Panda Dome (Enabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
    AS: Panda Dome (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No file
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No file
    FirewallRules: [{961DA113-3246-473A-8115-5A63FEAA506C}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe => No file
    FirewallRules: [{EB936C99-C21D-449C-B767-A3313CCE2663}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe => No file
    EmptyTemp:
    End::

    3- Once the script is copied, click on Fix, FRST will automatically take the script from the clipboard.



    Let the correction complete, once finished, you will be asked to restart your PC, do it as soon as prompted, see below.
    Then once your computer is restarted:
    4- You will have a Fixlog file on your desktop, then send these reports to https://www.cjoint.com/ see this tutorial then provide the link generated by Cjoint in your next message.

    --
    bazfile
    Moderator/Security Contributor.
    A hello, a response, a thank you are always appreciated.
    0
  4. Shiva_0119 Posted messages 4 Status Member 1
     
    0
    1. bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   20 266
       
      The correction was carried out correctly, there is nothing more to do.

      You can uninstall FRST, rename the FRST file you downloaded, rename it to uninstall, then once the file is renamed, open it, and the uninstallation will happen automatically via a PC restart.
      0