Application virus
Solved/Closed
AS_Kill
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013
-
Oct 7, 2013 at 10:09 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Oct 10, 2013 at 04:25 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Oct 10, 2013 at 04:25 PM
Related:
- Application virus
- Goose virus - Download - Other
- Ntuser.dat virus - Guide
- Can jpg have virus - Guide
- Free java application download - Download - Other
- Windows10upgrade9252.exe is not a valid win32 application - Guide
4 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 7, 2013 at 04:19 PM
Oct 7, 2013 at 04:19 PM
Hello Mark, if I may butt in...
As_Kill
Those nieces, they will always do it to you. Cracks, most often will contain a virus.
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista and Win 7 users, click right to ensure you execute with admin right)
The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).
4. Double click on the short cut ZHPDiag on your Destktop.
5. If you need to change the language, click on the little house, (bottom right) and change to English
6. Click on the "Configure" button.
7. Click on the Magnifying glass with the + sign.
8. Click on "Search"
Wait for the tool to finished (maybe a long time)
9. Close ZHPDiag.
10. To transmit the report, click on this link :
https://authentification.site
9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload ยป
12. Copy the URL and post it here.
Best regards
Ambucias
Moderator /Security Contributor
As_Kill
Those nieces, they will always do it to you. Cracks, most often will contain a virus.
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista and Win 7 users, click right to ensure you execute with admin right)
The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).
4. Double click on the short cut ZHPDiag on your Destktop.
5. If you need to change the language, click on the little house, (bottom right) and change to English
6. Click on the "Configure" button.
7. Click on the Magnifying glass with the + sign.
8. Click on "Search"
Wait for the tool to finished (maybe a long time)
9. Close ZHPDiag.
10. To transmit the report, click on this link :
https://authentification.site
9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload ยป
12. Copy the URL and post it here.
Best regards
Ambucias
Moderator /Security Contributor
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 8, 2013 at 05:34 AM
Oct 8, 2013 at 05:34 AM
Hello As_Kill,
Wow ! I'm impressed ! You machine is extremely infected by "crapware", adware, pup, usb virus and other.
And where did you get all thoses viruses you might ask ? Utorrent downloads and a contaminated Pen drive.
Your Eset will never work because it is itself contaminated. The same for Malwarebyte. Are those cracked versions?
As a matter of a fact, there is as much illegal stuff of your machine than legal software
Where do I start ? Let me think of a plan...
Lets do this a step at a time:
1. Immediatly uninstall these programmes with the add/remove programme utility :
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
Delete Malwarebyte
2. Look for and delete the following:
C:\Users\bt\Downloads\CRACK___GUIDA_BY_FullHack-IT.blogspot.it.rar
C:\Users\bt\Downloads\ESET PureFix v2.03 (Crack).rar
D:\asdasd\KeyGenSmadav 2013 Pro 9.3.1[BAGAS31].zip
D:\Corel Draw X5 with Keygen\CorelDRAWGraphicsSuiteX5Installer_EN.exe
D:\Corel Draw X5 with Keygen\CrackCoreldrawX5Hackcenter.zip
D:\Corel Draw X5 with Keygen\KeygenCorelX5Hackcenter.zip
D:\error sound\Keygen MBAM 1.75 [chairullight.blogspot.com].rar
D:\GAME\FIFA 13 INTERNAL-RELOADED\Fifa 13 Trainer 9v Cracked.rar
3. Now, Kioskea does not help people who use illegal means to obtain software. It appears to me that not only your niece but you also have installed cracked software.
Once you have deleted all the illegal stuff from your machine, generate and upload a new ZHP Diag log. I will check it for cracks and if I find none, I will continue helping you to desinfect.
Regards
Wow ! I'm impressed ! You machine is extremely infected by "crapware", adware, pup, usb virus and other.
And where did you get all thoses viruses you might ask ? Utorrent downloads and a contaminated Pen drive.
Your Eset will never work because it is itself contaminated. The same for Malwarebyte. Are those cracked versions?
As a matter of a fact, there is as much illegal stuff of your machine than legal software
Where do I start ? Let me think of a plan...
Lets do this a step at a time:
1. Immediatly uninstall these programmes with the add/remove programme utility :
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
Delete Malwarebyte
2. Look for and delete the following:
C:\Users\bt\Downloads\CRACK___GUIDA_BY_FullHack-IT.blogspot.it.rar
C:\Users\bt\Downloads\ESET PureFix v2.03 (Crack).rar
D:\asdasd\KeyGenSmadav 2013 Pro 9.3.1[BAGAS31].zip
D:\Corel Draw X5 with Keygen\CorelDRAWGraphicsSuiteX5Installer_EN.exe
D:\Corel Draw X5 with Keygen\CrackCoreldrawX5Hackcenter.zip
D:\Corel Draw X5 with Keygen\KeygenCorelX5Hackcenter.zip
D:\error sound\Keygen MBAM 1.75 [chairullight.blogspot.com].rar
D:\GAME\FIFA 13 INTERNAL-RELOADED\Fifa 13 Trainer 9v Cracked.rar
3. Now, Kioskea does not help people who use illegal means to obtain software. It appears to me that not only your niece but you also have installed cracked software.
Once you have deleted all the illegal stuff from your machine, generate and upload a new ZHP Diag log. I will check it for cracks and if I find none, I will continue helping you to desinfect.
Regards
AS_Kill
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013
Oct 8, 2013 at 06:57 AM
Oct 8, 2013 at 06:57 AM
I only use gamehouse key once and the rest I only use to type most of my work and put them in my harddisk, my niece was installing all the other games and he installed eset and try to find the crack, I delete the crack and only use trial username. my D and E drive were really full because of his game
Thanks a lot for your help, I really appreciate it
Thanks a lot for your help, I really appreciate it
AS_Kill
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013
Oct 8, 2013 at 07:13 AM
Oct 8, 2013 at 07:13 AM
i never tought about this... but when I see the download folder... its filled with a lot of file :/
i think this is really bad
download link : http://speedy.sh/ZhHgc/ZHPDiag.txt
i think this is really bad
download link : http://speedy.sh/ZhHgc/ZHPDiag.txt
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 8, 2013 at 04:42 PM
Oct 8, 2013 at 04:42 PM
Hi
How about that ! Deleting the cracks got rid of most of the malware !
Now, you may wish to print the following;
1. Close all applications
2. Select and copy all of the following bold lines.
M3 - MFPP: Plugins - [bt] -- C:\Users\bt\AppData\Roaming\Mozilla\Firefox\Profiles\kkftp4ez.default\searchplugins\my-web-search.xml => Infection BT (Adware.MyWebSearch)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html =>Adware.MyWebSearch
O43 - CFD: 4/22/2013 - 10:21:15 - [1.028] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O64 - Services: CurCS - 1/2/1601 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.mywebsearch.prevDefaultEngine", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.mywebsearch.prevSelectedEngine", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.toolbar.mindspark._1gMembers_.homepage", "https://hp.mywebsearch.com/mywebsearch/index.html?ptb=FBCB438B-E511-4F47-AD2[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.toolbar.mindspark._5qMembers_.homepage", "https://hp.mywebsearch.com/mywebsearch/index.html?ptb=FEFDAE8A-2147-45BC-BF7[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("keyword.URL", "https://hp.mywebsearch.com/mywebsearch/index.html[...] =>Adware.MyWebSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Program Files\iMesh Applications
3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not
4. Click on the the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
9. Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.
10. Tell your nephew to keep his hands off your machine, he his very dangerous !
That should end the clean-up.
Let me know as you now need a new antivirus and I have a good free one to recommend to you.
Ambucias
Moderator, Virus/Security Contributor
9. Close ZHP Fix
10.
How about that ! Deleting the cracks got rid of most of the malware !
Now, you may wish to print the following;
1. Close all applications
2. Select and copy all of the following bold lines.
M3 - MFPP: Plugins - [bt] -- C:\Users\bt\AppData\Roaming\Mozilla\Firefox\Profiles\kkftp4ez.default\searchplugins\my-web-search.xml => Infection BT (Adware.MyWebSearch)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html =>Adware.MyWebSearch
O43 - CFD: 4/22/2013 - 10:21:15 - [1.028] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O64 - Services: CurCS - 1/2/1601 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.mywebsearch.prevDefaultEngine", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.mywebsearch.prevSelectedEngine", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.toolbar.mindspark._1gMembers_.homepage", "https://hp.mywebsearch.com/mywebsearch/index.html?ptb=FBCB438B-E511-4F47-AD2[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.toolbar.mindspark._5qMembers_.homepage", "https://hp.mywebsearch.com/mywebsearch/index.html?ptb=FEFDAE8A-2147-45BC-BF7[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("keyword.URL", "https://hp.mywebsearch.com/mywebsearch/index.html[...] =>Adware.MyWebSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Program Files\iMesh Applications
3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not
4. Click on the the Import button and the lines will automatically paste themselves.
5. Click on the Go button to clean
6. Confirm by clicking OK
7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time
8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.
9. Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.
10. Tell your nephew to keep his hands off your machine, he his very dangerous !
That should end the clean-up.
Let me know as you now need a new antivirus and I have a good free one to recommend to you.
Ambucias
Moderator, Virus/Security Contributor
9. Close ZHP Fix
10.
AS_Kill
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013
Oct 9, 2013 at 12:34 AM
Oct 9, 2013 at 12:34 AM
when I click import, the line does not paste it self so I paste them but after I click GO....
there was a pop up named advertissement it says
samples :
------------
Script ZHPFix (Ligne obligatore)
C:\Program Files\MagniPic
[HKEY_CURRENT_USER\Software\MagniPic]
[HKEY_USERS\S-1-5-18\Control MagniPic]
[HKCU\Software\MagniPic]
i click ok and nothing happened :/
there was a pop up named advertissement it says
samples :
------------
Script ZHPFix (Ligne obligatore)
C:\Program Files\MagniPic
[HKEY_CURRENT_USER\Software\MagniPic]
[HKEY_USERS\S-1-5-18\Control MagniPic]
[HKCU\Software\MagniPic]
i click ok and nothing happened :/
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 9, 2013 at 04:22 PM
Oct 9, 2013 at 04:22 PM
Did you get a report on your desktop from ZHP Fix ?
Have you ran adwcleaner ?
Have you ran adwcleaner ?
AS_Kill
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013
Oct 9, 2013 at 06:07 PM
Oct 9, 2013 at 06:07 PM
No
:/
:/
AS_Kill
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013
Oct 10, 2013 at 03:34 AM
Oct 10, 2013 at 03:34 AM
Sorry... I forgot about tjat adwcleaner
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Oct 10, 2013 at 06:26 AM
Oct 10, 2013 at 06:26 AM
Well, run adwcleaner
Ok, hang in there...
When you went to install the FIFA disk, did you have privalages to install? SO in other words, did you put in the admin password when it asked?
When you went to install the FIFA disk, did you have privalages to install? SO in other words, did you put in the admin password when it asked?
AS_Kill
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013
Oct 7, 2013 at 05:44 PM
Oct 7, 2013 at 05:44 PM
when I installed FIFA I installed using administrator.... I don't have any problem until with privilege until the crack is opened
Oct 7, 2013 at 05:02 PM
Oct 7, 2013 at 05:24 PM
Oct 7, 2013 at 05:36 PM
Shipping on electronic delivery. You have to love someone paying you to author a link!
I had a product of a cut-out template.....it was for 25mm gaming, and it was a template for a tank! I thought about a shipping fee, but how can I tax you to use your printer!
I represented it as it was, and sold like 5 of em! It wasn't .99 neither. ALL Satisfied! Basically cut out box and fold on the dotted line, poof, tank for gaming!
Oct 7, 2013 at 05:43 PM
Oct 7, 2013 at 05:51 PM