Assume an infection
Solved
Shiva_0119
Posted messages
4
Status
Member
-
bazfile Posted messages 58491 Registration date Status Moderator Last intervention -
bazfile Posted messages 58491 Registration date Status Moderator Last intervention -
Hello, hello everyone. I have the PC of an elderly person that has already been seen by several people and is getting slower and slower. I asked them to lend it to me so I could try to find a solution, so I’m turning to you.
It’s an Asus F751 L.
I’ve just looked at what seemed wrong.
First, there were 3 antivirus programs: Defender, Avast, and Panda Home. I uninstalled Avast and Panda, but I don't know if it was done properly.
The PC is moderately slow, and there are a lot of ads.
I wanted to install Malwarebytes, but it’s impossible; it crashes every time halfway through.
Thanks in advance.
It’s an Asus F751 L.
I’ve just looked at what seemed wrong.
First, there were 3 antivirus programs: Defender, Avast, and Panda Home. I uninstalled Avast and Panda, but I don't know if it was done properly.
The PC is moderately slow, and there are a lot of ads.
I wanted to install Malwarebytes, but it’s impossible; it crashes every time halfway through.
Thanks in advance.
5 answers
-
-
Hello.
Download FRST and once downloaded save it to the desktop then right-click on FRST and select Run as administrator you will see this:
Click on AnalyzeAttention, wait for the messages saying the analysis is complete to appear
At the end of the analysis you will have two text files on the desktop FRST and Addition
Then send the FRST and ADDITION reports to CJOINT see THIS TUTORIAL then provide the two links generated by Cjoint in your response.
bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated. -
-
Some remains of Panda, Norton, AVG, and Avast, orphaned or obsolete processes, a few restrictions to correct, and some parasite search engines are all there is on this PC.
Procedure to follow in the order indicated:
1- Open FRST as an administrator by right-clicking on FRST and selecting run as administrator
2 - Copy the entire script from the box below:Start::
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Panda Security
C:\ProgramData\Panda Security
C:\ProgramData\AVAST Software
C:\Users\Huriez\AppData\Roaming\Panda Security
C:\Users\Huriez\AppData\Local\AVAST Software
C:\Program Files\Common Files\Avast Software
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
CHR NewTab: Default -> "active": true,
"entry": "chrome-extension://gfoabcdjalmeenbjjngidappmppchblc/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
Edge Extension: (No name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
HKU\S-1-5-21-1671411557-2292297772-1213417590-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36976728 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1B9EFD86-315F-4B34-BCF8-7D6A8D1EBFBD} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2287472 2022-05-29] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {1E0BFD09-C872-4FFC-9179-479C15E0AF74} - \Microsoft\Windows\UNP\RunCampaignManager -> No file
GroupPolicyScripts: Restriction
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction
HKLM\SOFTWARE\Policies\Google: Restriction
Task: {625F8391-C748-4377-8E18-A5ECBFAF74A4} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.12.0.104\SymErr.exe /analyze (No file)
Task: {1E0BFD09-C872-4FFC-9179-479C15E0AF74} - \Microsoft\Windows\UNP\RunCampaignManager -> No file
Task: {C1A7734F-DED8-4938-900B-B2597EDED4B6} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files (x86)\Norton Security\Engine\22.12.0.104\SymErr.exe /ui
:\Program Files (x86)\Norton Security
SearchScopes: HKU\S-1-5-21-1671411557-2292297772-1213417590-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1671411557-2292297772-1213417590-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1671411557-2292297772-1213417590-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0374E98A-8005-45F9-8790-843D1F40723F}&mid=d425f61bed9847ccb86f51eccfc19ef1-f4eec3b36740acbdf2cb90ec6338c4b7b59158b8&lang=fr&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2016-01-15 14:42:40&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No file
AV: Panda Dome (Enabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}
AS: Panda Dome (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No file
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No file
FirewallRules: [{961DA113-3246-473A-8115-5A63FEAA506C}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe => No file
FirewallRules: [{EB936C99-C21D-449C-B767-A3313CCE2663}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe => No file
EmptyTemp:
End::
3- Once the script is copied, click on Fix, FRST will automatically take the script from the clipboard.
Let the correction complete, once finished, you will be asked to restart your PC, do it as soon as prompted, see below.
Then once your computer is restarted:
4- You will have a Fixlog file on your desktop, then send these reports to https://www.cjoint.com/ see this tutorial then provide the link generated by Cjoint in your next message.
--
bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated. -
