View original (French)

Virus PHOTO 018.exe

Solved
Adeline -  
bazfile Posted messages 58430 Registration date   Status Modérateur Last intervention   -

Hello,

I have a virus that I can't get rid of "photo018" from the computer and USB stick. Here are the FRST reports. Could someone help me?

https://pjjoint.malekal.com/files.php?id=FRST_20241013_s10z11k9h10v14 

https://pjjoint.malekal.com/files.php?id=20241013_g10s5i136k13 

Thank you in advance


1 réponse

Réponse 1 / 1
bazfile Posted messages 58430 Registration date   Status Modérateur Last intervention   20 245
 

Hello.

Procedure to follow in the indicated order:

1- Open FRST as an administrator by right-clicking on FRST and selecting run as administrator
2 - Copy the entire script from the box below:

Start:: CreateRestorePoint: CloseProcesses: HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> HKU\S-1-5-21-3593525475-3213649755-207571702-1001\...\Run: [Poisson18] => C:\ProgramData\Systeme\Systeme.exe [742871 2012-08-02] () [Unsigned file] [File in use] Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No file) Task: {BD5CD305-A6A4-4DDD-8759-B5A9FB784179} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No file) Task: {349A2CB9-E245-45C7-B2FE-68CA4BCC7E4E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No file) Task: {B1CD1831-329F-41E6-ADF1-B7BED003B4C5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No file) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No file) Task: {D06CB14A-C639-4354-AF43-89886C4A648E} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.21.10.40\SymErr.exe /ui (No file) Task: {EBEC18CB-CF6A-4F61-B391-416C92D63874} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.10.40\SymErr.exe /analyze (No file) Task: {4CD4801B-8B00-4B30-9564-BDE3D7311098} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.21.10.40\SymErr.exe /submit (No file) S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] CustomCLSID: HKU\S-1-5-21-3593525475-3213649755-207571702-1001_Classes\CLSID\{38626B40-64E1-4F8C-AEDA-CFF32F38602E}\localserver32 -> "D:\LOGICIELS\Program Files (x86)\Druide\Antidote 10\Application\Bin64\AgentAntidote.exe" -activex => No file CustomCLSID: HKU\S-1-5-21-3593525475-3213649755-207571702-1001_Classes\CLSID\{AD630E0F-BF29-4791-AD3B-A289E884E37D}\localserver32 -> "D:\LOGICIELS\Program Files (x86)\Druide\Antidote 10\Application\Bin64\Antidote.exe" -activex => No file BHO-x32: No name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No file FirewallRules: [{204A9287-E5C3-41C3-815F-2A471A12D635}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_4fc38a913e0f2ea5\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No file FirewallRules: [{13DC0DE6-F068-411D-A7A7-53182D4F30D0}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_4fc38a913e0f2ea5\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No file FirewallRules: [{F55E9A54-BE97-41BB-85E5-1DDB25C65210}] => (Allow) C:\Users\adeli\AppData\Roaming\Zoom\bin\Zoom.exe => No file FirewallRules: [{9118E22E-059E-401A-8574-D673695078FD}] => (Allow) C:\Users\adeli\AppData\Roaming\Zoom\bin\airhost.exe => No file FirewallRules: [{D558C7C7-E089-4113-81B5-022E04008025}] => (Allow) C:\Users\adeli\AppData\Roaming\Zoom\bin\airhost.exe => No file C:\ProgramData\Systeme EmptyTemp: End::

3- Once the script is copied, click on Fix, FRST will automatically take the script from the clipboard.


Let the correction happen; once it is finished, you will be asked to restart your PC, do so as soon as requested, see below.

Then once your computer is restarted:
4- You will have a Fixlog file on your desktop, then send this fixlog report to https://www.cjoint.com/ or https://pixeldrain.com/

Then provide the link generated by https://www.cjoint.com/ or https://pixeldrain.com/ in your response.

5- To disinfect the USB device(s).

To disinfect your infected USB device(s) (USB stick or external hard drive), connect them to your PC but do not open them, then download KVRT for instructions on how to use it see this page paragraph Kaspersky Virus Removal Tool (KVRT), make sure to check the letters of the infected USB sticks and external hard drives in all volumes.

6- CHECK AND LET ME KNOW IF YOUR PROBLEM PERSISTS.

bazfile
Moderator/Security Contributor.
A hello, a response, a thank you are always appreciated.
0