View original (French)

"Altruistic" detected

Solved
Camus2309 Posted messages 4 Status Member -  
bazfile Posted messages 58482 Registration date   Status Moderator Last intervention   -

Hello,

I've been having some issues with my PC for a few years now (it's from 2019), particularly with Photoshop, which I use a lot (Creative Cloud license). While browsing the UserBenchmark site, I discovered that I have a significant problem with applications running in the background. When I checked the task manager, I found at the top of the list "Altruistic," a virus that I tried to eliminate by locating its location and deleting it as an administrator. No luck. I also downloaded MalwareBytes, which found 4 files, all quarantined, including 2 named "Altruistic," but nothing works: the initially detected file is still there.

What should I do?

5 answers

Answer 1 / 5
bazfile Posted messages 58482 Registration date   Status Moderator Last intervention   20 264
 

Hello.

Download FRST once downloaded save it on the desktop then right-click on FRST and choose Run as administrator you will see this:

Click on Analyze

Warning, wait for the messages indicating that the analysis is complete to appear.

At the end of the analysis, you will have two text files on the desktop FRST and Addition.

Then send the FRST and ADDITION reports to PJJOINT then provide the two links generated by PJJOINT in your response.

bazfile
Moderator/Security Contributor.
a hello, a response, a thank you are always appreciated.
0
Answer 2 / 5
Camus2309 Posted messages 4 Status Member
 

FRST : https://pjjoint.malekal.com/files.php?id=FRST_20230607_n5b5m7h14p13 

Addition : https://pjjoint.malekal.com/files.php?id=20230607_8v12f9j8x9 
0
Answer 3 / 5
bazfile Posted messages 58482 Registration date   Status Moderator Last intervention   20 264
 

Uninstall Wondershare Helper Compact as it is adware.

Procedure to follow in the order indicated:

1- Open FRST as an administrator by right-clicking on FRST and selecting run as administrator
2 - Copy the entire script found in the box below:

  Start:: CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction HKLM\...\Run: [] => [X] HKU\S-1-5-21-3060491411-798300719-3482504143-1001\...\Run: [EPSDNMON] => "" (No file) HKU\S-1-5-21-3060491411-798300719-3482504143-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3060491411-798300719-3482504143-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (No file) Task: {94F23A49-F49D-45AA-8919-6C37D5DAC219} - System32\Tasks\Opera scheduled Autoupdate 1681340735 => C:\Users\AnaBen MirAlhéGan\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No file) S2 AMDRyzenMasterDriverV19; \??\C:\Windows\system32\AMDRyzenMasterDriver.sys [X] S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X] S2 AltruisticsService; C:\Program Files (x86)\Altruist\Altruistic.exe -s [X] HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare) FirewallRules: [{7E2D6647-19E0-43C6-A2C9-0A59BD5D8CF1}] => (Allow) C:\Users\AnaBen MirAlhéGan\AppData\Roaming\Zoom\bin\airhost.exe => No file FirewallRules: [{E7837E52-F319-4E4E-B4FF-AA4E6A8DB118}] => (Allow) C:\Users\AnaBen MirAlhéGan\AppData\Roaming\Zoom\bin\airhost.exe => No file FirewallRules: [{817e16c7-3781-4b84-af9c-8c6ef74df42a}] => (Allow) C:\Program Files\ldplayerbox\LdVBoxHeadless.exe => No file FirewallRules: [TCP Query User{13B92CCE-7BE3-4F91-8DBA-2DFF0A18436D}C:\program files (x86)\samsung\samsung dex\samsungdex.exe] => (Allow) C:\program files (x86)\samsung\samsung dex\samsungdex.exe => No file FirewallRules: [UDP Query User{464B3264-DBD5-42BC-BE10-ABA78BCE7D13}C:\program files (x86)\samsung\samsung dex\samsungdex.exe] => (Allow) C:\program files (x86)\samsung\samsung dex\samsungdex.exe => No file FirewallRules: [{140A26DF-C41E-4161-A7B9-51E0751C0B7E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No file FirewallRules: [{BA3A6914-8443-4F6F-8BEF-114B216A4154}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No file FirewallRules: [{2C9F7F47-9356-4A50-8773-FDC58AF40589}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No file FirewallRules: [{B82F2AD3-856D-4C5B-BF3C-BED2FB99ECEE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No file FirewallRules: [TCP Query User{C4E1D56B-C45A-4A56-9DDE-F5050BDF47E2}C:\program files (x86)\hogwarts legacy\empress\phoenix\binaries\win64\hogwartslegacy.exe] => (Allow) C:\program files (x86)\hogwarts legacy\empress\phoenix\binaries\win64\hogwartslegacy.exe => No file FirewallRules: [UDP Query User{27FA8A2B-582C-462A-AC2F-F21405F6F14C}C:\program files (x86)\hogwarts legacy\empress\phoenix\binaries\win64\hogwartslegacy.exe] => (Allow) C:\program files (x86)\hogwarts legacy\empress\phoenix\binaries\win64\hogwartslegacy.exe => No file FirewallRules: [{366A291C-90D3-4965-A0A3-CA551F0A2051}] => (Block) C:\program files (x86)\hogwarts legacy\empress\phoenix\binaries\win64\hogwartslegacy.exe => No file FirewallRules: [{CEB2E179-865D-403B-AEBC-0C682CB3D1F8}] => (Block) C:\program files (x86)\hogwarts legacy\empress\phoenix\binaries\win64\hogwartslegacy.exe => No file FirewallRules: [TCP Query User{4F394436-BD4A-43B7-8979-E5922E25614F}C:\program files\musescore 4\bin\musescore4.exe] => (Allow) C:\program files\musescore 4\bin\musescore4.exe => No file FirewallRules: [UDP Query User{C367A936-1DE9-43B8-9AEA-97DBE4ACCBE9}C:\program files\musescore 4\bin\musescore4.exe] => (Allow) C:\program files\musescore 4\bin\musescore4.exe => No file FirewallRules: [{068AFF4D-CCAF-4FB5-97E6-688489A4B405}] => (Block) C:\program files\musescore 4\bin\musescore4.exe => No file FirewallRules: [{5D515C1D-1BE9-44B5-B120-B284B0C3ED38}] => (Block) C:\program files\musescore 4\bin\musescore4.exe => No file FirewallRules: [{4D27AD0E-E4A9-4402-86A7-BAA9A9B4B6C0}]=> (Allow) C:\Users\AnaBen MirAlhéGan\AppData\Local\Programs\Opera\97.0.4719.63\opera.exe => No file C:\Program Files (x86)\Altruist C:\Users\AnaBen MirAlhéGan\AppData\Local\AltruisticApp EmptyTemp: End::

3- Once the script is copied, click on Fix, FRST will automatically take the script from the clipboard.


Let the fix proceed; once completed, you will be asked to restart your PC. Do it as soon as you are prompted, see below.

Then once your computer is restarted:
4- You will have a Fixlog file on your desktop; then send this fixlog report to PJJOINT and provide the generated link by PJJOINT in your response.

5- CHECK AND TELL ME IF YOUR ISSUE IS STILL PRESENT

bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated.
0
Answer 4 / 5
Camus2309 Posted messages 4 Status Member
 

Thanks a lot!

By the way, I missed the first line: I deleted the adware during the correction on FRST, so I hope that's not a problem.

Fixlog: https://pjjoint.malekal.com/files.php?id=20230607_n13d9j12y6n5

As far as I can tell, I no longer have the virus. Thanks! :)
0
Answer 5 / 5
bazfile Posted messages 58482 Registration date   Status Moderator Last intervention   20 264
 

The fixlog is OK.


Uninstall FRST, rename the FRST file you downloaded to uninstall, and once the file is renamed, open it; the uninstallation will happen automatically via a computer restart.

bazfile
Moderator/Security Contributor.
A hello, a reply, a thank you are always appreciated.
0
Camus2309 Posted messages 4 Status Member
 

It's done, thank you very much!

0
bazfile Posted messages 58482 Registration date   Status Moderator Last intervention   20 264
 

You're welcome.

See you on CCM.

bazfile
Moderator/Security contributor.
A hello, a response, a thank you is always appreciated.

1