View original (French)

Remove iServ Antivirus Virus.

Solved/Closed
SEB77210 Posted messages 5 Status Membre -  
bazfile Posted messages 58442 Registration date   Status Modérateur Last intervention   -

Hello community,

My laptop is very, very slow!

I just found out that a Virus iServ is taking up all the memory on my laptop.

I’ve heard that using FRST is the best way to get rid of the virus, but I don’t know how to use it.

Thank you for your help.

Sébastien

2 réponses

Réponse 1 / 2
bazfile Posted messages 58442 Registration date   Status Modérateur Last intervention   20 246
 

Hello.

Download FRST, once downloaded save it to the desktop then right-click on FRST and choose Run as administrator you will see this:

Wait for the message the tool is ready to work to appear then click on Scan

Attention, wait for the messages saying that the scan is complete to appear.

At the end of the scan, you will have two text files on the desktop FRST and Addition.

Then send the FRST and ADDITION reports to https://security-x.fr/up/ then provide the two links generated by https://security-x.fr/up/ in your response.

bazfile
Moderator/Contributor security.
a hello, a response, a thank you are always welcome.
1
SEB77210 Posted messages 5 Status Membre
 

Hello,

Thank you for the procedure to follow.

The 2 links below.

Addition.txt

The file has been sent! Here is the link to access it: https://up.security-x.fr/file.php?h=R1efe52ddbc124e30f187de67212aaaa8  

FRST.txt

The file has been sent! Here is the link to access it: https://up.security-x.fr/file.php?h=R5dcc81671b848379247305193fae1091 

Regards,

Sébastien

0
bazfile Posted messages 58442 Registration date   Status Modérateur Last intervention   20 246
 

To start, uninstall WebDiscover Browser, it is adware.

Then for disinfecting the PC, do the following:

Procedure to follow in the indicated order:

1- Open FRST as an administrator, to do this right-click on FRST and choose run as administrator
2 - Copy the entire script that is in the box below:

  Start:: CreateRestorePoint: CloseProcesses: Edge Extension: (No name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] CHR HomePage: Profile 1 -> hxxps://homesearchdesign.com/tab?session=y6bdVFVIsvuYsgEClQfz8Cz4Udwwl5sOoXk4wZarERETb8a3tj3f3p38hSwD9pYKPXfDQCLB8vAa9%2B6wTl5Xn3KxamYyal3wEwoEkbvRH%2Fl9s3KU4q7ffEWjZQA92gKdy3tghakNsDQB81tj0dmNYev0XmHCDqRpPP7SGumvnuWop2HJp%2Bx15PaJwxVVVK76yjoW0BbKTlIlFt0aPrclP6X9j%2Ba2ke7gZk%2FjXxQx3%2BQ6Tl5eSd2BCexFSoGBDgZOrasU7qdhg8ktlIscyAZ5eYW9tET2r3wxgQQrm0EskALbLrYUFv4ipCoXC88eYvFl7PboiMokprzlQ8zf3VyndNc%2B9ztMFGeXKD%2BxLCS%2BcwQWQoJUu0rz7q%2Fm2dN%2BLVqrdMCxM37575iqFOyCvNVqPg%3D%3D CHR StartupUrls: Profile 1 -> "hxxps://homesearchdesign.com/tab?session=y6bdVFVIsvuYsgEClQfz8Cz4Udwwl5sOoXk4wZarERETb8a3tj3f3p38hSwD9pYKPXfDQCLB8vAa9%2B6wTl5Xnx%2F6wcHmgnkGjyDtcAK0bJh3NBFbplQ4F4GidX8nHo1OjByOWbSBS8bpAfA3CtQzgEyIXmrrvpXk%2Fm6YmYjLpNwNuXvMvJLjj3lE%2Flf2cKGzu%2FXvHKlDmSGv8TGAL5fiuji6eJ6bmUqJrbtC6s4KP4t0BU31vrdONn212fHB9EyJkca6ddXZkROv8vL6HhTfIF9zg6Jt6zh41T0DEAEzOz%2Fwg0SGnQQuB13x8c5qe3DhH0nO2dDysApeqgwG5REanbGIo5FqBWCYp%2BYSzaugrnp%2Ft%2FRWXHPCrduDtVPx79eln%2FYZwdRgE%2FipaDEzRsq4pg%3D%3D" CHR DefaultSearchURL: Profile 1 -> hxxps://homesearchdesign.com/search?session=y6bdVFVIsvuYsgEClQfz8Cz4Udwwl5sOoXk4wZarERETb8a3tj3f3p38hSwD9pYKPXfDQCLB8vAa9%2B6wTl5Xn2X4GXKCZ7YLVCdOIuYPmnmLtXfXbd6e2mBol3TBD1logydFcLvWmS3VWaGJb%2FWP7DpdUOgY%2BEsdiNEmfBrUNsc0ypbucT1oC4QOGSpQoJGyBftGIw2Z13vTzyd3LaOMQgSyUOZkGfyd%2BptFe9MPgeqmuIKDCCXsjjFb3jCfcXhkjpdKtppW%2BK3BK26IbADf%2FYR1mBxmvdWoSt2r5rk1RRJ8TGk78KzeMaiECDKtYC8SAgsHd0bWoUTL45CVfXk2Hb9AVPvUHA%2BvF%2BqqU57QGDrp9raGOVoNuYdWgm79JikcMAVAAXD8%2BGUPdFeAqElXJA%3D%3D&p={searchTerms} CHR DefaultSearchKeyword: Profile 1 -> homesearchdesign.com CHR DefaultNewTabURL: Profile 1 -> hxxps://homesearchdesign.com/tab?session=y6bdVFVIsvuYsgEClQfz8Cz4Udwwl5sOoXk4wZarERETb8a3tj3f3p38hSwD9pYKPXfDQCLB8vAa9%2B6wTl5XnzCSX09rqJkKFVo3R0NVUEufJMxzrM%2F9d7jy7cK2BJ0Lylglp8QGsPxsl6jS17AzXuI02EjSQR8aLodCsms5PF97kxm8ZRo6%2F%2B%2BdPZSbOfU9%2BRjFVuA9XTjF2XW%2B9DQCXI5McpGY%2FLdkZcLW0at7qru91fm7ezv2jiU3y%2FJ4YgiYI6JN1H0QIAvJxsaO52wNeSkOFvJu1PJo8xMvE7MrYM8GtzCOvNtx6pUUPDcndU70Sf5dgxwNkFIDnG%2BQ9fvp6O0Zh7h1o251vmFfP1N7%2BP5o%2FeKMeXuceRN4DWT418EdjJuk25x1bodRx%2BDfxmTk1A%3D%3D CHR DefaultSuggestURL: Profile 1 -> hxxps://homesearchdesign.com/suggestion?output=fxjson&appid=crmas&command={searchTerms} CHR DefaultSearchURL: Profile 2 -> hxxps://fr.search.yahoo.com/search?fr=mcafee&type=E210FR91212G0&p={searchTerms} CHR DefaultSuggestURL: Profile 2 -> hxxps://fr.search.yahoo.com/sugg/gossip/gossip-fr-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms} CHR DefaultSearchURL: Profile 9 -> hxxps://fr.search.yahoo.com/search?fr=mcafee&type=E210FR91212G91641&p={searchTerms} CHR DefaultSuggestURL: Profile 9 -> hxxps://fr.search.yahoo.com/sugg/gossip/gossip-fr-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms} R2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [628032 2020-10-24] (Digital Communications Inc -> Сorp DCom) R2 SAntivirusWD; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusWD.exe [74753952 2023-04-12] (Segurazo Security -> DlGlTAL COMMUNICATIONS INC) [Unsigned file] R1 TASANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\TASAntivirusKD.sys [85480 2020-10-24] (Digital Communications Inc -> Corp DCom) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-293401121-2728267883-3941642898-1001\...\Run: [Mobile Partner] => C:\Program Files (x86)\Hotspot 4G BTelecom\Hotspot 4G BTelecom (No file) HKU\S-1-5-21-293401121-2728267883-3941642898-1001\...\Run: [] => [X] Task: {08B8CB1E-06FB-4B77-B9ED-E8A232873358} - \Microsoft\Windows\UNP\RunCampaignManager -> No file Task: {48E32153-F7AD-4E10-9280-F676A34B5D5C} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No file) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction GroupPolicy: Restriction ? GroupPolicy\User: Restriction ? Policies: C:\ProgramData\NTUSER.pol: Restriction HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No file ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll -> No file ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll -> No file ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll -> No file AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482] SearchScopes: HKU\S-1-5-21-293401121-2728267883-3941642898-1001 -> DefaultScope {36BBDF21-A349-4578-B8C3-6152E68B8CA7} URL = SearchScopes: HKU\S-1-5-21-293401121-2728267883-3941642898-1001 -> {36BBDF21-A349-4578-B8C3-6152E68B8CA7} URL = CHR DefaultSearchKeyword: Profile 2 -> mcafee CHR DefaultSearchKeyword: Profile 9 -> mcafee C:\Program Files (x86)\Digital Communications C:\Users\Famille KERSUZAN\AppData\Roaming\santivirusclient C:\ProgramData\SAntivirus C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAntivirus C:\Program Files\WebDiscoverBrowser cmd: netsh advfirewall reset EmptyTemp: End::

3- Once the script is copied, click on Fix, FRST automatically takes the script that is in the clipboard.


Let the fix run, once it is finished, you will be asked to restart your PC, do it as soon as requested, see below.

Then once your computer is restarted:
4- You will have a Fixlog file on your desktop, then send this fixlog report to https://security-x.fr/up/ and provide the link generated by https://security-x.fr/up/ in your reply.

5- CHECK AND TELL ME IF YOUR PROBLEM IS STILL PRESENT

bazfile
Moderator/Security Contributor.
A hello, a reply, a thank you are always appreciated.

0
SEB77210 Posted messages 5 Status Membre
 

Hello,

The process is complete with a message indicating the end of processing as 60 minutes have been reached.

Here is the link to the file

FixLog.txt

The file has been sent! Here is the link to access it: https://up.security-x.fr/file.php?h=R827b1b4b408139281f120518c736fa89  

After rebooting, the iServ application is indeed missing from the application manager.

What should I do next?

Thank you

0
bazfile Posted messages 58442 Registration date   Status Modérateur Last intervention   20 246
 

Do a new FRST analysis, provide the links to the two reports to check if everything is OK.

bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated.

0
SEB77210 Posted messages 5 Status Membre
 

Good evening,

The new result is as follows:


FRST.txt

The file has been sent! Here is the link to access it: https://up.security-x.fr/file.php?h=R885af8fc8a2cc3a140df231704f1269a

Addition.txt

The file has been sent! Here is the link to access it: https://up.security-x.fr/file.php?h=Ra53bc86935034b2b1276999ca26094b6

I looked at the difference, but I didn't quite understand what it's about ... ;-)

Thanks again and I look forward to your final diagnosis.

Sébastien

0
Réponse 2 / 2
bazfile Posted messages 58442 Registration date   Status Modérateur Last intervention   20 246
 

The fixlog is OK, the infections have been removed.

There is only one entry left in the installed programs. Uninstall SAntivirus Realtime Protection Lite, you will get a message saying the program is no longer present and you will be asked to remove the entry, respond yes.


If everything is also OK on your end, uninstall FRST, rename the FRST file you downloaded to uninstall, then once the file is renamed, open it; the uninstallation will automatically proceed via a PC restart.

 Advice.

In the future, to avoid being caught, be careful when installing free software. When installing, make sure to read the various screens so you don’t get tricked.
You need to uncheck the suggested boxes; they are not always visible at first glance, for example:

bazfile
Moderator/Security Contributor.
A hello, a response, a thank you is always appreciated.
1
SEB77210 Posted messages 5 Status Membre
 

Good evening,

Last operation completed this evening.

Thank you for the help and advice that I will share with the users of the laptop!

0
bazfile Posted messages 58442 Registration date   Status Modérateur Last intervention   20 246 > SEB77210 Posted messages 5 Status Membre
 

You're welcome.

See you on CCM.

0