[SOLVED] Malware + CSI Payload corrupt

[DR M]

By the way, you said that you have Discord installed, but I don't see in the Installed Programs list. However, there are many lines relative to this program. Have you uninstalled it? In case I ask you to remove the remnants, do you have everything needed to install it again?

 

[Soor]

• Write in the search area, on the top left, the following:

McAfee

I tried that, but it doesn't show anything. But there are some files remaining which, I guess, can be manually deleted.

By the way, you said that you have Discord installed, but I don't see in the Installed Programs list. However, there are many lines relative to this program. Have you uninstalled it? In case I ask you to remove the remnants, do you have everything needed to install it again?

Ah yes, I forgot to tell you. Sorry. I have uninstalled Discord.

May I know what do you mean by "do you have everything needed to install it again?"?

I have discord setup file. Even if that is deleted, I can re-download it later.

 

[DR M]

Hi, Soor.

Asking you if you have everything needed to install Discord again, I meant the licence code if you have one.

Let's proceed to a huge cleaning now.

FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Download the attached fixlist and save it on your Desktop, next to the FRST tool.
• Right-click on FRST on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Please attach the log in your next reply.

 

[Soor]

Asking you if you have everything needed to install Discord again, I meant the licence code if you have one.

Ahh, it doesn't require a licence code. It requires an email id and/or a mobile number.

Log:

 

[DR M]

Very good!

Moving on.

1. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now.
  • When the scan has finished, a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Filestab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Scan mode)

• Download Malwarebytes and save it to your Desktop.
• Once downloaded, close all programs and Windows on your computer.
• Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
• Follow the instructions to install the program.
• When finished, double click the program's icon created on your Desktop.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is NOT checked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Threat Scan Summary window open.

If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

In your next reply, please post:

1. The AdwCleaner[S0*].txt
2. The Malwarebytes report

 

[Soor]

2. Run Malwarebytes (Scan mode)

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

The procedure was slightly different. I am not sure whether it was right or not. There was an option called "Save Result". I selected it, and then I selected "Copy to Clipboard", and pasted the contents in a notepad.

Reports:

 

[DR M]

Many things were detected.

1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I don't keep anything I don't use/need. It's your computer, so your decision if you keep some, all or none of these programs.

To proceed, please do the following:

• Double click AdwCleaner.exe on your Desktop, to run it as you did before.
• Click Scan Now.
• When the scan has finished a Scan Results window will open.
• Please check all the boxes and then click Quarantine.
• Click Next.
  • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
  • Check any pre-installed software items you want to remove.
  • Click Quarantine.
• A prompt to save your work will appear.
  • Click Continue when you're ready to proceed.
• A prompt to restart your computer will appear.
  • Click Restart Now.
• Once your computer has restarted:
  • If it doesn't open automatically, please start AdwCleaner.
  • Click the Log Files tab.
  • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.

2. Run Malwarebytes (Clean mode)

• Double click the program's icon on your Desktop, as you did before.
• Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  

  Under the title Scan Options, all the options are checked.
  Under the title Windows Security Center (Premium only) the option is unchecked.
  Under the title Potentially unwanted items all options are set to Always.

• Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
• When finished, you will see the Thread Scan Summary window open.
• If threats are not found, click View Report and proceed to the two last steps below.
• If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
• You may need to restart the computer.
• Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
• Find the report with the most recent date and double click on it.
• Click on Export and then Copy to Clipboard.
• Paste its content here, in your next reply.

3. Eset Online Scanner

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

In your next reply, please post:

1. The AdwCleaner[C0*].txt
2. The Malwarebytes report
3. Eset.txt

 

[Soor]

• Please check all the boxes and then click Quarantine.
• Click Next.
  • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
  • Check any pre-installed software items you want to remove.
  • Click Quarantine.

There is no Quarantine option, instead, there is a Next option. When I clicked it, it said "Preinstalled softwares found", and I was able to see only a list of preinstalled softwares. I guess some softwares like "Dell Support Assist" are important (I'm not sure though) while some other softwares can be removed. What shall I do?

(Preinstalled software elements found: 39)

 

[DR M]

Nothing is important unless you need/use it.

Follow the prompts and when there is a quarantine option for the detected items, select it.

 

[Soor]

Nothing is important unless you need/use it.

I have deselected "DellSupportAssistAgent" and "DellUpdateforWindows10". Other preinstalled softwares are not a problem for me. If I must really quarantine everything, I'll include the deselected ones too, and then after everything becomes alright, I'll restore them.

Edit: I'll select everything and continue :)

 

[DR M]

Good.

You can post the first two logs as soon as you finish, and later, since the online scan takes much longer, the eset.txt.

 

[Soor]

You can post the first two logs as soon as you finish, and later, since the online scan takes much longer, the eset.txt.

Attaching logs for the first two. I'll run the ESET Online Scanner tomorrow in the morning. It requires an internet connection, right?

And Thank You so much for spending your valuable time and efforts in solving my PC's problems :)

 

[DR M]

You are very welcome, Soor.

The two reports look fine.

I will be waiting for the Eset scan. Since it's an online scan, yes, you need internet connection.

After the Eset scan is finished, please make a new scan with FRST and provide fresh logs for me to review (Addition and FRST).

 

[Soor]

I will be waiting for the Eset scan.

The scanning is in progress and it seems the scanning process will take a lot of time for completion (maybe tomorrow). I'll provide the logs when the scan is completed.

 

[DR M]

Yes, Eset scan may take a couple of hours or more. I'll be here.

 

[Soor]

Update: It's been almost 1.5 days and the scan is not over yet. Many junk files have been/are being detected and that's why the scan is taking so long to complete. Will provide the logs when the scan is over.

Thank you.

 

[DR M]

It's not usual for Eset Online Scanner to take 2 days. However, I would like to see the result. Are there signs that the scan stuck or it's running?

 

[Soor]

It's not usual for Eset Online Scanner to take 2 days. However, I would like to see the result. Are there signs that the scan stuck or it's running?

The scan has now been completed. Attaching logs:

 

[DR M]

Hi, Soor.

Thank you for the logs. Just letting you know that I will be back to you tomorrow (here now it it 12:20 p.m.).

 

[Soor]

Thank you for the logs. Just letting you know that I will be back to you tomorrow (here now it it 12:20 p.m.).

It's ok .

And my sincere apologies for posting all the log files as text document, even though the posting rule says to copy and paste the contents of the log.