Post by suemoz on Oct 25, 2016 9:10:15 GMT -8
Here is the copy of the log from Delfix. Just a note that Norton would not allow the download from the website, but did from bleeping computer site.
Also, once I restarted my computer I received a pop up, Script Error/ Line 1 Char 70 Error: invalid root in registry key "HKCU\software\glqanjohg\cbkbel" Code 0 ( I replied NO, do not continue running script on this page.) I have not had this before today's reboot.
How do I proceed and I noticed that Adobe Acrobat Reader just requested I click for update in my system tray ( and I think that's when my trouble started originally) Could this be a false request from a virus?)
ALSO, HELP, Twice my Chrome Browser was hijacked and jumped to redirect me to update my browser and in the address it read TROJAN.Kotver so I immediately closed out the browser. My Norton full scan and quick scan does not show any Trojan detected, so It appears it is trying to get in my system? or is it hiding?
EDIT UPDATE: I found the script page in the startup folder and deleted it. It has not resurfaced on startup now. So far no additional redirection on Chrome's part, and the Adobe Reader update is no longer coming up in the icon tray. ( although I am still running Reader XI and there is an update noted in the Adobe manager ) Not sure if this is the answers to the above.
# DelFix v1.010 - Logfile created 25/10/2016 at 12:11:01
# Updated 26/04/2015 by Xplode
# Username : steve office - STEVEOFFICE-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\steve office\Desktop\Addition (1).txt
Deleted : C:\Users\steve office\Desktop\Addition.txt
Deleted : C:\Users\steve office\Desktop\AdwCleaner[C0].txt
Deleted : C:\Users\steve office\Desktop\adwcleaner_6.030.exe
Deleted : C:\Users\steve office\Desktop\Fixlog.txt
Deleted : C:\Users\steve office\Desktop\FRST (1).txt
Deleted : C:\Users\steve office\Desktop\FRST.txt
Deleted : C:\Users\steve office\Desktop\FRST64.exe
Deleted : C:\Users\steve office\Desktop\JRT.exe
Deleted : C:\Users\steve office\Desktop\JRT.txt
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #1020 [Removed Adobe Acrobat Reader DC. | 10/21/2016 23:21:27]
Deleted : RP #1021 [Installed Adobe Reader XI MUI. | 10/22/2016 15:53:44]
Deleted : RP #1022 [Removed QuickTime | 10/24/2016 12:10:52]
Deleted : RP #1024 [Restore Point Created by FRST | 10/24/2016 12:33:22]
Deleted : RP #1025 [JRT Pre-Junkware Removal | 10/24/2016 12:49:09]
New restore point created !
########## - EOF - ##########
Also, once I restarted my computer I received a pop up, Script Error/ Line 1 Char 70 Error: invalid root in registry key "HKCU\software\glqanjohg\cbkbel" Code 0 ( I replied NO, do not continue running script on this page.) I have not had this before today's reboot.
How do I proceed and I noticed that Adobe Acrobat Reader just requested I click for update in my system tray ( and I think that's when my trouble started originally) Could this be a false request from a virus?)
ALSO, HELP, Twice my Chrome Browser was hijacked and jumped to redirect me to update my browser and in the address it read TROJAN.Kotver so I immediately closed out the browser. My Norton full scan and quick scan does not show any Trojan detected, so It appears it is trying to get in my system? or is it hiding?
EDIT UPDATE: I found the script page in the startup folder and deleted it. It has not resurfaced on startup now. So far no additional redirection on Chrome's part, and the Adobe Reader update is no longer coming up in the icon tray. ( although I am still running Reader XI and there is an update noted in the Adobe manager ) Not sure if this is the answers to the above.
# DelFix v1.010 - Logfile created 25/10/2016 at 12:11:01
# Updated 26/04/2015 by Xplode
# Username : steve office - STEVEOFFICE-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\steve office\Desktop\Addition (1).txt
Deleted : C:\Users\steve office\Desktop\Addition.txt
Deleted : C:\Users\steve office\Desktop\AdwCleaner[C0].txt
Deleted : C:\Users\steve office\Desktop\adwcleaner_6.030.exe
Deleted : C:\Users\steve office\Desktop\Fixlog.txt
Deleted : C:\Users\steve office\Desktop\FRST (1).txt
Deleted : C:\Users\steve office\Desktop\FRST.txt
Deleted : C:\Users\steve office\Desktop\FRST64.exe
Deleted : C:\Users\steve office\Desktop\JRT.exe
Deleted : C:\Users\steve office\Desktop\JRT.txt
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #1020 [Removed Adobe Acrobat Reader DC. | 10/21/2016 23:21:27]
Deleted : RP #1021 [Installed Adobe Reader XI MUI. | 10/22/2016 15:53:44]
Deleted : RP #1022 [Removed QuickTime | 10/24/2016 12:10:52]
Deleted : RP #1024 [Restore Point Created by FRST | 10/24/2016 12:33:22]
Deleted : RP #1025 [JRT Pre-Junkware Removal | 10/24/2016 12:49:09]
New restore point created !
########## - EOF - ##########