Get rid of Find-it.pro
Solvedbazfile Posted messages 58491 Registration date Status Moderator Last intervention -
My two browsers Firefox and Chrome that I use with Windows 11 are, in my opinion, infected by a certain Find-it.pro that hijacks my searches.
Can I follow the procedure given on February 9, 2022, by bazfile to get rid of it?
Or has the procedure changed?
Thank you for any help.
Sincerely
14 answers
-
Hello @Saintemarie46 StatusMember.
Download FRST.
Once downloaded, save it to the desktop then right-click on FRST and choose Run as administrator, you will see this:
Wait for the message the tool is ready to go to appear, then click on Scan
Be careful, wait for the messages saying that the scan is complete to display.
At the end of the scan, you will have two text files on the desktop: FRST and Addition.
Then send the FRST and ADDITION reports to https://www.cjoint.com/ and provide the two links generated by https://www.cjoint.com/ in your response.
bazfile
Moderator/Security Contributor.
a hello, a response, a thank you always bring joy. -
-
https://www.cjoint.com/c/NEAob4x06Pg
I think that's it..
2 times Addition? Yet the links are different, the first one ...PL6..
The other one ...TYy...
Strange,
Thanks for the help
-
@Saintemarie46 StatusMember.
It's good, I have the FRST report.
2 times Addition? Yet the links are different the first ...PL6..
That the links are different is normal since you uploaded the same file twice on cjoint, click on the links and you will see.
Procedure to follow in the indicated order:
1- Open FRST as an administrator by right-clicking on FRST and choosing run as administrator
2 - Copy the entire script that is in the box below:Start:: CreateRestorePoint: CloseProcesses: File: C:\Program Files (x86)\npNmYjtMU\hQuOXR.dll File: C:\Program Files (x86)\AfaEkywlsxAU2\VhIQauNOzXKRR.dll File: C:\Program Files (x86)\vzBDZHBYsrGDnLSmMyR\xTbIBNZ.dll File: C:\Program Files (x86)\xFfZxkujbxxjC\xGMrxOL.dll HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall: Restriction GroupPolicy: Restriction - Chrome Policies: C:\ProgramData\NTUSER.pol: Restriction HKLM\SOFTWARE\Policies\Google: Restriction HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe (No file) HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\ROG Live Service\vga\AacVga_UserApp_x64.exe /RestartByRestartManager:1AD14EED-F1BA-4f3f-B069-7770A86DED10 (No file) Task: {B9D17ED0-93B1-46FC-973B-3FC763BE6166} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No file) Task: {08AA4513-8F42-407F-9980-BCFE6E7E327A} - System32\Tasks\Opera GX scheduled Autoupdate 1707407781 => C:\Users\Albert\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0) (No file) Task: {ACA2237B-6A5F-4D8E-8A25-CB15FC7A39A2} - System32\Tasks\IeOJvWmSeoRPcCO2 => C:\Windows\system32\rundll32.exe [73728 2022-05-13] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\npNmYjtMU\hQuOXR.dll",#1 Task: {098CA2B5-39C5-4378-9DE0-D6EA1CEBD38C} - System32\Tasks\qFzXfCkYIObIkx => C:\Windows\system32\rundll32.exe [73728 2022-05-13] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\AfaEkywlsxAU2\VhIQauNOzXKRR.dll",#1 Task: {34925776-2467-4EF7-80F8-8C803BD11E1F} - System32\Tasks\yLkCcjvaurQLrvwXY2 => C:\Windows\system32\rundll32.exe [73728 2022-05-13] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\vzBDZHBYsrGDnLSmMyR\xTbIBNZ.dll",#1 Task: {001D80B3-F899-4D64-89AC-A7E70342E219} - System32\Tasks\zzjzbgIdYrIEMHAbruR2 => C:\Windows\system32\rundll32.exe [73728 2022-05-13] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\xFfZxkujbxxjC\xGMrxOL.dll",#1 Task: {C79F484B-4E8D-4DAC-ABB6-2FBC037CDF6A} - System32\Tasks\ZLWyphSYBXIoH2 => C:\Windows\System32\forfiles.exe [69632 2022-05-13] (Microsoft Windows -> Microsoft Corporation) -> /p C:\Windows\system32 /m wscript.exe /c "cmd /C @FNAME ^"C:\ProgramData\ZVyJIAgVzYZVmRVB\qKIJwqQ.wsf^"" Edge HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m Edge StartupUrls: Default -> "hxxps://find-it.pro/?utm_source=distr_m" Edge DefaultSearchURL: Default -> hxxp://search-cdn.net/fip/?q={searchTerms} Edge DefaultSearchKeyword: Default -> cdn Edge DefaultSuggestURL: Default -> hxxps://www.google.ru/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&q={searchTerms} CHR StartupUrls: Default -> "hxxps://mail02.orange.fr/appsuite/#!&app=io.ox/mail&folder=default0//yixl6LWIWZ2Mi%C3%B2i3Voir2Xvy7Od%C3%AFn&id=42","hxxps://find-it.pro/?utm_source=distr_m" CHR HomePage: System Profile -> hxxps://find-it.pro/?utm_source=distr_m CHR StartupUrls: System Profile -> "hxxps://find-it.pro/?utm_source=distr_m" CHR DefaultSearchKeyword: System Profile -> cdn CHR DefaultSuggestURL: System Profile -> hxxps://www.google.ru/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&q={searchTerms} S2 ElevationService; C:\ProgramData\Wondershare\wsServices\ElevationService.exe [X] S2 WirelessBackupService; C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\WirelessBackupService.exe [X] S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [X] S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X] CustomCLSID: HKU\S-1-5-21-3912252802-1353675308-2067236856-1001_Classes\CLSID\{b72e6f5e-f6e0-a9eb-461b-6118363bd15c}\localserver32 -> "C:\Users\Albert\AppData\Local\0install.net\implementations\sha256new_7ATQFYMYISD5LU42STURHNI33TRSMJBHVQPLEAO3EX4R5WPI6GTQ\DeepL.exe" -ToastActivated => No file FirewallRules: [{AE5C2FBD-14E8-4847-8744-B96036541954}] => (Allow) C:\program files (x86)\wondershare\drfone\drfonetoolkit.exe => No file FirewallRules: [{82B84440-191E-4A1C-B3EC-DB3EB2F47A85}] => (Allow) C:\Users\Albert\AppData\Local\Programs\Opera GX\106.0.4998.76\opera.exe => No file FirewallRules: [{3C4EADDA-5881-4005-A2DB-2ED4C3F65A9B}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No file FirewallRules: [{38436208-8BA2-467A-AB0B-04403EA58524}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No file C:\Program Files (x86)\npNmYjtMU C:\Program Files (x86)\AfaEkywlsxAU2 C:\Program Files (x86)\vzBDZHBYsrGDnLSmMyR C:\Program Files (x86)\xFfZxkujbxxjC C:\ProgramData\ZVyJIAgVzYZVmRVB EmptyTemp: End::3- Once the script is copied click on Correct, FRST automatically takes the script that is in the clipboard.
Let the correction take place once it is finished you will be asked to restart your PC, do it as soon as you are asked, see below.Then once your computer has restarted:
4- You will have a Fixlog file on your desktop then send this fixlog report to https://www.cjoint.com/ then provide the generated link from https://www.cjoint.com/ in your response.5- CHECK AND LET ME KNOW IF YOUR ISSUE IS STILL PRESENT
-
I did what was requested and here is the link generated by Fixlog:
https://www.cjoint.com/c/NEAoVHPdw1g
-
@Saintemarie46 StatusMember .
Redo the FRST correction, it was not done correctly, then provide the link to the fixlog.
bazfile
Moderator/Security Contributor.
a hello, a response, a thank you are always appreciated. -
-
Always present; as soon as I open a tab, I get:
https://find-it.pro/?utm_source=distr_m
-
-
-
Thank you for your patience and your help.
Also, if the problem persists, I'll give up.
You probably have other more serious issues to resolve.
So let's see what comes next.
-
@Saintemarie46 StatusMember .
You should never give up.
Nothing too serious, it's still in Firefox to fix it does the following:
Hello.
Procedure to follow in the indicated order:
1- Open FRST as an administrator, to do this right-click on FRST and choose run as administrator
2 - Copy the entire script that is in the box below:Start:: CreateRestorePoint: CloseProcesses: FF SearchPlugin: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\x3eh2x2n.default\searchplugins\cdnsearch.xml [2024-05-26] FF Homepage: Mozilla\Firefox\Profiles\uowr16z6.default-release-1639582109830 -> hxxps://find-it.pro/?utm_source=distr_m FF Notifications: Mozilla\Firefox\Profiles\uowr16z6.default-release-1639582109830 -> hxxps://web.whatsapp.com; hxxps://www.dominicancupid.com; hxxps://www.instagram.com; hxxps://community.lecrabeinfo.net; hxxps://mail-notification.info; hxxps://zarabotok-online.xyz; hxxps://supertopfreegames.com; hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://mnthor.xyz; hxxps://www.instacams.com; hxxps://assiste.com EmptyTemp: End::3- Once the script is copied, click on Fix, FRST will automatically take the script from the clipboard.
Let the fix run, once it is completed you will be asked to restart your PC, do it as soon as prompted, see below.Then, once your computer is restarted:
4- You will have a Fixlog file on your desktop, then send this fixlog report to https://www.cjoint.com/ and then provide the link generated by https://www.cjoint.com/ in your response.5- CHECK AND TELL ME IF YOUR ISSUE IS STILL PRESENT
bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated. -
-
@Saintemarie46 StatusMember .
The fixlog is OK, you should not have any problem with find-it.pro anymore, let me know if your issue is still present or not.
Your PC was also infected by this:
https://virusscan.jotti.org/filescanjob/0ruslhkugr
https://virusscan.jotti.org/filescanjob/cyn067vwlw
Out of caution, change your sensitive and important online passwords.
For your information:
Your version of Windows 11 is not up to date, you should be on version 23H2, go to Windows Update, version 23H2 should be offered to you.
If everything is OK for you.
Uninstall FRST, rename the FRST file you downloaded, rename it to uninstall, then once the file is renamed, open it, the uninstallation will occur automatically via a PC restart.
bazfile
Moderator/Security Contributor.
a hello, a reply, a thank you are always appreciated.








