We have received an assistance request from Dr Joy.
Greacian Genious Geek, I would like your help! I would like a malware check up for my laptop.
-------------------------------------------------------------
Grecian Geek replies:
Hi, Dr Joy.
Welcome to GGG.
My first comments/instructions:
No sign of active infection in your logs. We are going to remove some needless entries and then make a second scan with another tool, just to ensure that everything is clean.
1. FRST Fix
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy". No need to paste anything to anywhere.
- Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
2. Eset Online Scanner
Download Eset Online Scanner and save it to your desktop.
- Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
- When the tool opens, click Get Started.
- Read and accept the license agreement.
- At the Welcome to ESET Online Scanner window, click Get Started.
- Select whether you would like to send anonymous data to ESET.
- Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
- Click on the Full Scan option.
- Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
- ESET will now begin scanning your computer. This may take some time. Actually, you can have a cup of coffee (or two maybe! ).
- When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
- ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
- On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
- Open the scan log on your desktop (eset.txt) and copy and paste its content into your next reply.
When you finish...
- In a comment below, I would like you to give me a link for the fixlog.txt, created in Step 1 above.
- In a second comment please copy and paste the eset.txt, created in Step 2 above.
- In a third comment please tell me why do you think you are infected? Any remaining issues/questions/concerns?
Good luck!
https://drive.google.com/file/d/1XL7xxX31hOTPweolCBcuHDKLIgXMXOcx/view?usp=sharing
ΑπάντησηΔιαγραφήVery good. Please post the eset.txt when you are ready. :)
Διαγραφήwhat is eset.txt
ΔιαγραφήPlease read Step 2 in my initial post above. :)
Διαγραφήwhat is eset.txt? do I have it?
ΑπάντησηΔιαγραφήRead carefully the instructions in my initial post above (Step 2).
Διαγραφή27/02/2022 22:11:31
ΑπάντησηΔιαγραφήFiles scanned: 543780
Detected files: 0
Cleaned files: 0
Total scan time: 00:57:18
Scan status: Finished
Perfect! The computer is clean.
ΑπάντησηΔιαγραφήThe following tool will remove the tools we used as well as reset system restore points:
> Download KpRm by kernel-panik and save it to your desktop.
> Right-click kprm_(version).exe and select Run as Administrator.
> Read and accept the disclaimer.
> When the tool opens, ensure all boxes under Actions are checked.
> Under Delete Quarantines select Delete Now, then click Run.
> Once complete, click OK.
> A log will open in Notepad titled kprm-(date).txt.
> Please copy and paste its contents in your next reply.
Run at 01/03/2022 22:18:46
ΑπάντησηΔιαγραφή# KpRm (Kernel-panik) version 2.9.3
# Website https://kernel-panik.me/tool/kprm/
# Run by user from C:\Users\user\Desktop
# Computer Name: DESKTOP-ARJR7LS
# OS: Windows 10 X64 (19044)
# Number of passes: 1
- Checked options -
~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines
- Create Registry Backup -
~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\user\NTUSER.dat backed up
[OK] Registry Backup: C:\KPRM\backup\2022-03-01-22-18-46
- Delete Tools -
## ESET Online Scanner
[OK] C:\Users\user\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\user\Desktop\esetonlinescanner.exe deleted
[OK] C:\Users\user\AppData\Local\ESET\ESETOnlineScanner deleted
## FRST
[OK] C:\Users\user\Desktop\FRST-OlderVersion deleted
[OK] C:\Users\user\Desktop\FRST64.exe deleted
[OK] C:\FRST deleted
- Restore System Settings -
[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files
- Restore UAC -
[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value
- Clear Restore Points -
~ [OK] RP named Windows Modules Installer created at 02/23/2022 16:35:23 deleted
[OK] All system restore points have been successfully deleted
- Create Restore Point -
[OK] System Restore Point created
- Display System Restore Point -
~ [I] RP named KpRm created at 03/01/2022 20:19:00
-- KPRM finished in 30.90s --
Very good. The computer is clean. If no other question/issue/concern, you are ready to go. :)
ΑπάντησηΔιαγραφήThank you my dearest Grecian Geek! You are a genious!
ΑπάντησηΔιαγραφήYeah... I am... 😄
ΔιαγραφήYou are very welcome, DR JOY!