Help remove popup movie
- Thread starter Ghostryan
- Start date
- Status
I will get this done. Its a cyber battle between good and evil . As old as time it's self , 
olice: i will be intouch thanksGood start
Good morning ken , hope ya had a good 4th, I think this is a good start. I am running with no protection, please suggest free/trial, sucurity ... thanks hope to here from ya soon:rockon:
µTorrent {DELETED}
Ashampoo Burning Studio 14 v.14.0.1 {DELETED}
ACID Pro 7.0 {DELETED}
eset.nod32.antivirus.5 {DELETED}
Malwarebytes Anti-Malware version 1.60.0.1800 {Deleted}
Nero Burning ROM 10 {DELETED}
Xilisoft Video Converter Ultimate {DELETED}
DVD Flick 1.3.0.7 {DELETED},,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
I DID SEARCH FOR THESE AND ONLY FOUND THEM ON LOG'S
eset.smart.security.5.
glary utilities pro 2.48.0.1568
acdsee video converter pro
genius v12
..................................................................................................
IncrediMail, My wife likes but i will talk to her and explain things.
Good morning ken , hope ya had a good 4th, I think this is a good start. I am running with no protection, please suggest free/trial, sucurity ... thanks hope to here from ya soon:rockon:
µTorrent {DELETED}
Ashampoo Burning Studio 14 v.14.0.1 {DELETED}
ACID Pro 7.0 {DELETED}
eset.nod32.antivirus.5 {DELETED}
Malwarebytes Anti-Malware version 1.60.0.1800 {Deleted}
Nero Burning ROM 10 {DELETED}
Xilisoft Video Converter Ultimate {DELETED}
DVD Flick 1.3.0.7 {DELETED},,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
I DID SEARCH FOR THESE AND ONLY FOUND THEM ON LOG'S
eset.smart.security.5.
glary utilities pro 2.48.0.1568
acdsee video converter pro
genius v12
..................................................................................................
IncrediMail, My wife likes but i will talk to her and explain things.
ken545
Emeritus-Security Expert
The log is still showing some of those still installed.
Incredimail, not recommended but if your wife likes it you can keep it
You can try this free Antivirus from Microsoft
http://www.microsoft.com/en-us/download/details.aspx?id=5201
Run this program and see if it will find and remove ESET
Run AppRemover
Vista , Win 7 users, right click on the icon and select "run as administrator"
Please download AppRemover and save it to your desktop.
Either way, when your done with the above run a new scan with FRST , make sure when you open it to check the addtion so I can see a new FRST and Addition logs
Incredimail, not recommended but if your wife likes it you can keep it
You can try this free Antivirus from Microsoft
http://www.microsoft.com/en-us/download/details.aspx?id=5201
Run this program and see if it will find and remove ESET
Run AppRemover
Vista , Win 7 users, right click on the icon and select "run as administrator"
Please download AppRemover and save it to your desktop.
- Double click on AppRemover.exe to run it.
- Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
- Click on the Next button.
- Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do.
- Click on the Next button.
- A scan begins, please wait. Once done, click on the Next button.
- Now you should have a list of your installed security programs, choose the one you want to uninstall and click on the Next button.
- Follow the last step and reboot if asked to do so.
Either way, when your done with the above run a new scan with FRST , make sure when you open it to check the addtion so I can see a new FRST and Addition logs
Bummer
OK ran as addmin , never was a box to uncheck Enable anonymous usage statistics.. Found the new AVG 2014 trial that i just got, and found eset "All 5" times said encounter a problem and wanted me to send a report..{ Did Not send}I did stop protection from avg while running Appremover. I also try Revo and there it was in the list, but wile doing the safe scan windows asked for valid key, so i click ok.. ask to restart so to rid rest of files { And Did So }..ESET Still came up and wanted to update . Crappy ..I have a bad feeling about this . Anyway i trust ya that we can do this , i am sure you encounter harder tasks:red: I try to be as detailed as i can . It's late and need to rest catch ya tomorrow. PS: should i do anything with avg such as to scan/ clean etc ? I do nothing unless you say.
OK ran as addmin , never was a box to uncheck Enable anonymous usage statistics.. Found the new AVG 2014 trial that i just got, and found eset "All 5" times said encounter a problem and wanted me to send a report..{ Did Not send}I did stop protection from avg while running Appremover. I also try Revo and there it was in the list, but wile doing the safe scan windows asked for valid key, so i click ok.. ask to restart so to rid rest of files { And Did So }..ESET Still came up and wanted to update . Crappy ..I have a bad feeling about this . Anyway i trust ya that we can do this , i am sure you encounter harder tasks:red: I try to be as detailed as i can . It's late and need to rest catch ya tomorrow. PS: should i do anything with avg such as to scan/ clean etc ? I do nothing unless you say.
ken545
Emeritus-Security Expert
You can run a scan with AVG and see what it comes up with, post the results here for me to see
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Avg
"Whole Computer Scan"
"High severity";"5";"5";"0"
"Medium severity";"4";"4";"0"
"Scanned folders:";"Scan Whole Computer"
"Started:";"7/7/2014, 2:07:31 AM"
"Finished:";"7/7/2014, 3:58:17 AM"
"Scanned items:";"203997"
"Launched by:";"Ghostryan"
"Name";"Description";"Status";"Status";"Priority"
"C:\Users\Ghostryan\AppData\LocalLow\MarchOfWar\game_Data\Managed\Assembly-CSharp.dll";"Corrupted executable file";"Secured";"Healed";"Medium"
"C:\Users\Ghostryan\Desktop\Ghost\Downloadder\EXE\Software\Driver Genius v12 0 0 1211 Incl. Crack [ThumperDC]\Driver Genius v12 0 0 1211 Incl. Crack [ThumperDC].exe";"Virus found Fat-Obfuscated";"Secured";"Healed";"High"
"C:\Users\Ghostryan\AppData\Local\Google\Chrome\User Data\Profile 2\File System\001\t\00\00000000";"Found MalSign.Generic.F7D";"Secured";"Healed";"Medium"
"C:\Users\Ghostryan\AppData\Local\cjouaclt.exe";"Trojan horse Downloader.Generic13.CGYE";"Secured";"Healed";"High"
"C:\Users\Ghostryan\AppData\Local\qnlomufc.exe";"Trojan horse Inject2.ALWL";"Secured";"Healed";"High"
"C:\Users\Ghostryan\Desktop\Ghost\Downloadder\EXE\ACDSee Video Converter Pro 4.1.0.166 Incl. KeyMaker-CORE\CORE\keygen.exe";"Potentially harmful program RemoteAdmin.COZ";"Secured";"Healed";"Medium"
"C:\Users\Ghostryan\Desktop\Ghost\Downloadder\EXE\Software\WinRAR.v4.11.x64.Incl.KEYGEN-FFF\Keygen\WinRAR.v4.11.KEYGEN-FFF.exe";"Trojan horse Generic36.QCP";"Secured";"Healed";"High"
"C:\Users\Ghostryan\Desktop\Ghost\Downloadder\EXE\Software\Nero 10.0 + Serials en Keygen - DivXNL-Team\Nero Multimedia Suite 10 - Keygen.exe";"Potentially harmful program Crack.AQF";"Secured";"Healed";"Medium"
"C:\Users\Ghostryan\AppData\Local\qbuubrra.exe";"Trojan horse Downloader.Generic13.CGYQ";"Secured";"Healed";"High"
"Whole Computer Scan"
"High severity";"5";"5";"0"
"Medium severity";"4";"4";"0"
"Scanned folders:";"Scan Whole Computer"
"Started:";"7/7/2014, 2:07:31 AM"
"Finished:";"7/7/2014, 3:58:17 AM"
"Scanned items:";"203997"
"Launched by:";"Ghostryan"
"Name";"Description";"Status";"Status";"Priority"
"C:\Users\Ghostryan\AppData\LocalLow\MarchOfWar\game_Data\Managed\Assembly-CSharp.dll";"Corrupted executable file";"Secured";"Healed";"Medium"
"C:\Users\Ghostryan\Desktop\Ghost\Downloadder\EXE\Software\Driver Genius v12 0 0 1211 Incl. Crack [ThumperDC]\Driver Genius v12 0 0 1211 Incl. Crack [ThumperDC].exe";"Virus found Fat-Obfuscated";"Secured";"Healed";"High"
"C:\Users\Ghostryan\AppData\Local\Google\Chrome\User Data\Profile 2\File System\001\t\00\00000000";"Found MalSign.Generic.F7D";"Secured";"Healed";"Medium"
"C:\Users\Ghostryan\AppData\Local\cjouaclt.exe";"Trojan horse Downloader.Generic13.CGYE";"Secured";"Healed";"High"
"C:\Users\Ghostryan\AppData\Local\qnlomufc.exe";"Trojan horse Inject2.ALWL";"Secured";"Healed";"High"
"C:\Users\Ghostryan\Desktop\Ghost\Downloadder\EXE\ACDSee Video Converter Pro 4.1.0.166 Incl. KeyMaker-CORE\CORE\keygen.exe";"Potentially harmful program RemoteAdmin.COZ";"Secured";"Healed";"Medium"
"C:\Users\Ghostryan\Desktop\Ghost\Downloadder\EXE\Software\WinRAR.v4.11.x64.Incl.KEYGEN-FFF\Keygen\WinRAR.v4.11.KEYGEN-FFF.exe";"Trojan horse Generic36.QCP";"Secured";"Healed";"High"
"C:\Users\Ghostryan\Desktop\Ghost\Downloadder\EXE\Software\Nero 10.0 + Serials en Keygen - DivXNL-Team\Nero Multimedia Suite 10 - Keygen.exe";"Potentially harmful program Crack.AQF";"Secured";"Healed";"Medium"
"C:\Users\Ghostryan\AppData\Local\qbuubrra.exe";"Trojan horse Downloader.Generic13.CGYQ";"Secured";"Healed";"High"
ken545
Emeritus-Security Expert
Good Morning,
This system is a mess, a good option would be to format the hard drive and do a nice fresh reinstall of windows then you can be reassured that everything would be fine. Even after cleaning this system its going to leave it compromised, that means its never to be trusted to do any online banking or purchases with a credit card. Do you have the windows CD for this computer ? Another thing I would do is if your son in law ever comes over for a visit I would take this computer and hide it in a closet and not let him anywhere near it, I cant believe all the damage he has caused you.
IObit <-- This is from a company in China that has stolen all the databases and what not from Malwarebytes, you need to uninstall this one also
http://blogs.computerworld.com/15026/iobit_accused_of_stealing_from_malwarebytes
I looked at your FRST logs briefly, I will be offline the rest of the day until this evening and will give them a more thorough look when I return.
In the meantime lets run Combofix and see how much of this garbage it may remove, I am sure the manufacturer has installed the Recovery Console so you may not have to install it
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
This system is a mess, a good option would be to format the hard drive and do a nice fresh reinstall of windows then you can be reassured that everything would be fine. Even after cleaning this system its going to leave it compromised, that means its never to be trusted to do any online banking or purchases with a credit card. Do you have the windows CD for this computer ? Another thing I would do is if your son in law ever comes over for a visit I would take this computer and hide it in a closet and not let him anywhere near it, I cant believe all the damage he has caused you.
IObit <-- This is from a company in China that has stolen all the databases and what not from Malwarebytes, you need to uninstall this one also
http://blogs.computerworld.com/15026/iobit_accused_of_stealing_from_malwarebytes
I looked at your FRST logs briefly, I will be offline the rest of the day until this evening and will give them a more thorough look when I return.
In the meantime lets run Combofix and see how much of this garbage it may remove, I am sure the manufacturer has installed the Recovery Console so you may not have to install it
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Last edited:
ken545
Emeritus-Security Expert
You have this program installed, it may be preventing the other programs from being uninstalled. Go to Programs and Features in the Control Panel and uninstall it.
(WinAbility® Software Corporation) C:\Program Files\Folder Guard\FGKey64.exe
Then uninstall these programs
acdsee video converter pro 4.1.0.166
ashampoo burning studio 14 build 14.0.1.12
daemon tools pro advanced
glary utilities pro
malwarebytes anti-malware v1.60
sony acid pro 7.
xilisoft.video.converter
After your done run a new scan with CKScanner and post the log
(WinAbility® Software Corporation) C:\Program Files\Folder Guard\FGKey64.exe
Then uninstall these programs
acdsee video converter pro 4.1.0.166
ashampoo burning studio 14 build 14.0.1.12
daemon tools pro advanced
glary utilities pro
malwarebytes anti-malware v1.60
sony acid pro 7.
xilisoft.video.converter
After your done run a new scan with CKScanner and post the log
Page 1
I am sorry but when i looked at page 1 ya ask me to get Malwarebytes Anti-Malware .And send log info, For some reason i didn't do that. So i am doing that now...... And i will try to find avg tool bar that i don't need. Furthermore i did delete all of these programs .acdsee video converter pro 4.1.0.166
ashampoo burning studio 14 build 14.0.1.12
daemon tools pro advanced
glary utilities pro
malwarebytes anti-malware v1.60
sony acid pro 7.
xilisoft.video.converter.. Then searched in start menue and found nothing. So the ESET NOD is still wanting to run but i disable it so it wont clash with AVG. And it's not in the uninstall programs list.
I am sorry but when i looked at page 1 ya ask me to get Malwarebytes Anti-Malware .And send log info, For some reason i didn't do that. So i am doing that now...... And i will try to find avg tool bar that i don't need. Furthermore i did delete all of these programs .acdsee video converter pro 4.1.0.166
ashampoo burning studio 14 build 14.0.1.12
daemon tools pro advanced
glary utilities pro
malwarebytes anti-malware v1.60
sony acid pro 7.
xilisoft.video.converter.. Then searched in start menue and found nothing. So the ESET NOD is still wanting to run but i disable it so it wont clash with AVG. And it's not in the uninstall programs list.
CKScanner
CKScanner not responding, try to run as administrator also. Did threat scan with Malwarebytes Anti-Malware. I really don't want to do a fresh install, but leaning towards doing so. If it is going to leave it compromised then what good is doing the fresh install? Please forgive my lack of knowledge ,,, I do trust what you are saying and guidance. Just wondering.:thanks: Is there another scanner that i can use that is like CKSanner ?
CKScanner not responding, try to run as administrator also. Did threat scan with Malwarebytes Anti-Malware. I really don't want to do a fresh install, but leaning towards doing so. If it is going to leave it compromised then what good is doing the fresh install? Please forgive my lack of knowledge ,,, I do trust what you are saying and guidance. Just wondering.:thanks: Is there another scanner that i can use that is like CKSanner ?
ken545
Emeritus-Security Expert
Hi,
When you do a install of windows, if you do a repair install it just copies windows over the current copy and fixes anything that may be missing...BUT...everything on your system remains the same, your computer will still be infected and those illegal infected programs will still be there. What I am talking about is backing up any data you don't want to lose, like word docs, spreadsheets, pictures and the like to a CD or thumb drive, then formatting the drive, this basically takes it back down to bare metal with nothing at all on it, then the drive is formatted and windows is installed nice and clean, then you can copy your docs back to the new system. Since you don't have your windows CD, although you can purchase it through the manufacturer, if you did i could link you to a good site that can guide you through the process.
My thoughts, since this has been one heavily infected computer is to bite the bullet and take it to a local computer shop and have them do it for you. Tell them that its very infected and that you want to do a complete format of the hard drive and a clean install of windows, then you would be 100% guaranteed that your system will be malware free and run like new.
Since you cant get CKScanner to run and I have no idea whats left on your system i'm afraid I cant proceed any further. Thanks for understanding my position
Good Luck
Ken
When you do a install of windows, if you do a repair install it just copies windows over the current copy and fixes anything that may be missing...BUT...everything on your system remains the same, your computer will still be infected and those illegal infected programs will still be there. What I am talking about is backing up any data you don't want to lose, like word docs, spreadsheets, pictures and the like to a CD or thumb drive, then formatting the drive, this basically takes it back down to bare metal with nothing at all on it, then the drive is formatted and windows is installed nice and clean, then you can copy your docs back to the new system. Since you don't have your windows CD, although you can purchase it through the manufacturer, if you did i could link you to a good site that can guide you through the process.
My thoughts, since this has been one heavily infected computer is to bite the bullet and take it to a local computer shop and have them do it for you. Tell them that its very infected and that you want to do a complete format of the hard drive and a clean install of windows, then you would be 100% guaranteed that your system will be malware free and run like new.
Since you cant get CKScanner to run and I have no idea whats left on your system i'm afraid I cant proceed any further. Thanks for understanding my position
Good Luck
Ken
- Status