|
Post by oraclemetro on Sept 1, 2017 11:51:49 GMT -8
I ran Malwarebytes on my brother's computer. The following 12 threats were detected. I did not quarantine or take other action. I have attached wikisend links to the Farbar log files. Are these threats that need to be removed? Thank you! Folder: 3 PUP.Optional.FileFinder, C:\PROGRAMDATA\FILEFINDER, No Action By User, [1681], [341882],1.0.2704 PUP.Optional.FileFinder, C:\ProgramData\FFinder LTD\products, No Action By User, [1681], [347652],1.0.2704 PUP.Optional.FileFinder, C:\PROGRAMDATA\FFINDER LTD, No Action By User, [1681], [347652],1.0.2704 File: 9 PUP.Optional.FileFinder, C:\ProgramData\FileFinder\dm_settings.dat, No Action By User, [1681], [341882],1.0.2704 PUP.Optional.FileFinder, C:\ProgramData\FileFinder\gui.zip, No Action By User, [1681], [341882],1.0.2704 PUP.Optional.FileFinder, C:\ProgramData\FileFinder\sn_settings.dat, No Action By User, [1681], [341882],1.0.2704 PUP.Optional.FullTab, C:\USERS\MICHAEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage-journal, No Action By User, [2047], [376101],1.0.2704 Adware.FileFinder, C:\USERS\MICHAEL\APPDATA\LOCAL\TEMP\0ADA-D085-8AD8-D9A0\UNINSTALL.EXE, No Action By User, [594], [377714],1.0.2704 Adware.FileFinder, C:\USERS\MICHAEL\APPDATA\LOCAL\TEMP\7998-F61C-1AA7-A6B3, No Action By User, [594], [384020],1.0.2704 Adware.FileFinder, C:\USERS\MICHAEL\APPDATA\LOCAL\TEMP\4337-0375-CDAD-65E9, No Action By User, [594], [377714],1.0.2704 Adware.FileFinder, C:\USERS\MICHAEL\APPDATA\LOCAL\TEMP\1426314667.EXE, No Action By User, [594], [377714],1.0.2704 PUP.Optional.SpyHunter, C:\USERS\MICHAEL\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, No Action By User, [927], [331753],1.0.2704 wikisend.com/download/434456/FRST.txtwikisend.com/download/846022/Addition.txt
|
|
|
Post by oraclemetro on Sept 1, 2017 19:02:50 GMT -8
Or should I just let malwarebytes quarantine those files as it wants?
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Sept 1, 2017 19:38:37 GMT -8
Use Malwarebytes to fix what it finds.
After that, please run a fresh scan of FRST:
Read Slowly and all of it.
If you still have a Addition.txt log file on your desktop, please delete it now.
Start FRST64 that is on your Desktop by double clicking and allowing the software to run when the User Access Control asks (if it does).
When the tool opens click Yes to disclaimer. (if it does)
The tool will start to run and check for an update; please allow it to update and it will inform you when it is ready to run.
Select Additional.txt in the Optional Scans section of FRST64.
Press Scan button.
It will make two logs (FRST.txt and addition.txt) on your Desktop. Please post the logs to wikisend.com and post the links in your reply back.
Notes: If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file.
|
|
|
Post by oraclemetro on Sept 2, 2017 6:08:55 GMT -8
Thank you very much for your reply! I'll do as you say and report back.
|
|
|
Post by oraclemetro on Sept 2, 2017 9:56:59 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Sept 2, 2017 10:22:39 GMT -8
The system looks fairly clean but there is some bits that need cleaning. FIRST >>>>1- Please double-click on FRST/FRST64 2- Press Ctrl+y (Ctrl and y keys at the same time) 3- A fixlist.txt file opens up in notepad.exe. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. 4- Press Ctrl+s to save. Close the fixlist.txt file. 5- Press Fix button. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemIf for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. SECOND >>>>Junkware Removal ToolPlease download JRT from here to your desktop. Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.Double click the JRT.exe file to run the application. The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed). When it is asked, press any key to allow the program to continue / run. This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post. Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.LAST >>>>AdwCleaner by XplodeDownload AdwCleaner from here. Save the file to the desktop. NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete. Close all open windows and browsers.[/b][/color] Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner. You will see the following console: Click the Scan button and wait for the scan to finish. After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.Click the Clean button. Everything checked will be deleted. When the program has finished cleaning a report appears. Once done it will ask to reboot, allow this On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt[/ul] Optional: NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
|
|
|
Post by oraclemetro on Sept 2, 2017 14:24:17 GMT -8
One question before I run the fix: It seems that Windows 10 Founders is ready to install. When I shut down the computer now, I'm given the option to restart, or update first then restart. If Farbar restarts the computer, will it automatically do the update? If so, should I run the update first? Should I be concerned that your script created with Windows 10 Home would need to be changed with a windows update?
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Sept 2, 2017 20:25:03 GMT -8
Do the Windows Update and, if all goes well, then do the Fixlist script.
|
|
|
Post by oraclemetro on Sept 7, 2017 8:26:27 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Sept 7, 2017 20:19:21 GMT -8
How is your system running now? Any more warnings / findings by Malwarebytes?
|
|