dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Feb 18, 2017 22:09:11 GMT -8
If you go to START > All Programs > 7-Zip > 7-Zip File Manager and right click on it , select "Run as Administrator..." does this let you extract Emsisoft?
|
|
|
Post by sashabella on Feb 19, 2017 17:45:02 GMT -8
Emsisoft Emergency Kit - Version 12.0 Last update: 2/19/2017 7:22:43 PM User account: DESKTOP-NF20HT4\Queen Bee Computer name: DESKTOP-NF20HT4 OS version: Windows 10x64
Scan settings:
Scan type: Malware Scan Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On Scan archives: Off ADS Scan: On File extension filter: Off Direct disk access: Off
Scan start: 2/19/2017 8:40:01 PM Key: HKEY_USERS\S-1-5-21-1238042821-2718205052-1285772492-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} detected: Application.Win32.WSearch (A) []
Scanned 75538 Found 1
Scan end: 2/19/2017 8:43:57 PM Scan time: 0:03:56
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Feb 19, 2017 23:24:02 GMT -8
Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txtNOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemStart FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. How is the system running now?
|
|
|
Post by sashabella on Feb 20, 2017 13:46:58 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Feb 21, 2017 8:01:00 GMT -8
Can you post or upload a picture / screenshot of the norton alert please?
|
|
|
Post by sashabella on Feb 21, 2017 10:22:25 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Feb 22, 2017 7:48:21 GMT -8
The next time you get the warning from Norton, please run a fresh set of logs. DO NOT HAVE NORTON FIX ANYTHING BEFORE THE LOGS ARE RUN.
Read Slowly and all of it.
If you still have a Addition.txt log file on your desktop, please delete it now.
Start FRST64 that is on your Desktop by double clicking and allowing the software to run when the User Access Control asks (if it does).
The tool will start to run. When the tool opens click Yes to disclaimer. (if it does)
Select Additional.txt and 90 Days Files in the Optional Scans section of FRST64.
Press Scan button.
It will make two logs (FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. (Ask if you don't know how to do either of these).
Notes:
If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file.
|
|
|
Post by sashabella on Feb 22, 2017 18:13:04 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Feb 22, 2017 23:34:13 GMT -8
I think Norton is "stuck" on one of the detections of Kotver in the past. I have seen this before and the easiest way to fix the issue is to remove and reinstall Norton. Please run their tool available from here to help you remove and reinstall the program. Let me know how this progresses for you and if Norton gives any warnings after the re-installation.
|
|
|
Post by sashabella on Feb 23, 2017 5:55:12 GMT -8
|
|