Malicious KittCat

Hello @Actarus49 StatusMember.

If it's on Google Chrome, either manually remove the extension or reset Google Chrome.

If it's still the same:

Download FRST.

Once downloaded, save it to the desktop, then right-click on FRST and select Run as administrator. You will see this:

Wait until the message the tool is ready to work appears, then click Scan.

Warning, wait for the messages stating that the scan is complete to appear.

At the end of the scan, you will have two text files on the desktop: FRST and Addition.

Then send the FRST and ADDITION reports to https://www.cjoint.com/ or to https://pixeldrain.com/.

Then provide the two links generated by https://www.cjoint.com/ or https://pixeldrain.com/ in your reply.

bazfile
Moderator/Security Contributor.
a hello, a response, a thank you are always appreciated.

@Actarus49 StatusMember .

Procedure to follow in the order indicated:

1- Open FRST as an administrator, to do this, right-click on FRST and choose run as administrator
2 - Copy the entire script that is in the box below:

Start:: CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction HKLM\SOFTWARE\Policies\Google: Restriction HKU\S-1-5-21-319466736-469076199-1758534213-1001\...\Run: [Taskbarify] => C:\Users\corri\AppData\Local\Programs\Taskbarify\Taskbarify.exe (File not found) Task: {E99150E6-8EB0-46D4-AE58-F47340A10D81} - System32\Tasks\Opera scheduled Autoupdate 1717161661 => C:\Users\corri\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (File not found) Task: {02024405-C5EC-4FB7-9782-E9D31331AD7A} - System32\Tasks\onliser13 => "C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\onlinesr_mul.exe" -> C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\\/rpop Edge StartupUrls: Default -> "hxxps://fr.yahoo.com/?fr=hp-avast&type=avastbcl","hxxp://www.msn.com/?pc=AV01" Edge HomePage: Default -> hxxp://settings/homePageOverlay CHR StartupUrls: Default -> "hxxps://fr.yahoo.com?fr=hp-avast&type=avastbcl","hxxp://www.msn.com/?pc=AV01" CHR DefaultSearchURL: Default -> hxxps://finditfasts.com/search?q={searchTerms} CHR DefaultSearchKeyword: Default -> bs CHR DefaultSuggestURL: Default -> hxxps://finditfasts.com/search?q={searchTerms} S3 Imf8HpRegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpRegFilter.sys [X] S3 ImfHpFileFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpFileFilter.sys [X] S2 TCI2XX; \SystemRoot\System32\drivers\TCI2XX.sys [X] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Notepad++\NppShell_06.dll -> File not found AlternateDataStreams: C:\Users\corri:Heroes & Generals [38] AlternateDataStreams: C:\Users\corri\AppData\Local\Microsoft:ISBD [32] AlternateDataStreams: C:\Users\corri\AppData\Local\Temp:$DATA​ [16] cmd: netsh advfirewall reset EmptyTemp: End::

3- Once the script is copied, click on Fix, FRST will automatically take the script that is in the clipboard.
 

Let the correction take place, once it is finished you will be asked to restart your PC, do it as soon as you are prompted, see below.

Then once your computer has restarted:
4- You will have a Fixlog file on your desktop, then send this fixlog report to https://www.cjoint.com/ or https://pixeldrain.com/ 
 

Then give the generated link from https://www.cjoint.com/ or https://pixeldrain.com/ in your response.

5- CHECK AND TELL ME IF YOUR ISSUE IS STILL PRESENT.

bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated.

@Actarus49 StatusMember .

The fixlog is OK.

Uninstall FRST, rename the downloaded FRST file to uninstall, then once the file is renamed, open it; the uninstallation will occur automatically via a restart of the PC.

bazfile
Moderator/Security Contributor.
A hello, a reply, a thank you are always appreciated.