application virus Solved/Closed

Question

Hello, 
i was using windows 7, when I installed FIFA 14 from the original CD my niece think its pirated and put a crack but I wasn't know it and start the application then some error popped out and I close it, after that error..... my eset nod antivirus doesn't start when my computer are booting and there was an error saying FIFA 14 system error couldn't find activation.dll but the game was already uninstalled
i try to start my eset manually but it says "you don't have the privilege" altought I try to repair them in the control panel but it says "couldn't modify (some files in it) insufficient privilege" I use another antivirus to scan my C:/windows but its automatically stopped
i need help real soon because I think the virus was start to expand

ac3mark · Answer

Ok, hang in there...

When you went to install the FIFA disk, did you have privalages to install?  SO in other words, did you put in the admin password when it asked?

Ambucias · Answer

Hello Mark, if I may butt in...

As_Kill

Those nieces, they will always do it to you.  Cracks, most often will contain a virus.

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log. 

1. Open this link and download ZHPDiag2 : 

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)

2. Save the file on your Desktop. 

3. Double click on ZHPDiag.exe and follow the installation instructions. 

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis). 

4. Double click on the short cut ZHPDiag on your Destktop. 

5. If you need to change the language, click on the little house, (bottom right) and change to English

6. Click on the "Configure" button.

7. Click on the Magnifying glass with the + sign. 

8. Click on "Search"

Wait for the tool to finished (maybe a long time) 

9. Close ZHPDiag. 

10. To transmit the report, click on this link : 

https://authentification.site 

9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt). 

10. Select the file ZHPDiag.txt. 

11. Click on "upload » 

12. Copy the URL and post it here.

Best regards

Ambucias
Moderator /Security Contributor

Ambucias · Answer

Hello As_Kill,

Wow ! I'm impressed !  You machine is extremely infected by "crapware", adware, pup, usb virus and other.

And where did you get all thoses viruses you might ask ?  Utorrent downloads and a contaminated Pen drive.

Your Eset will never work because it is itself contaminated.  The same for Malwarebyte. Are those cracked versions?

As a matter of a fact, there is as much illegal stuff of your machine than legal software

Where do I start ?  Let me think of a plan...

Lets do this a step at a time:

1. Immediatly uninstall these programmes with the add/remove programme utility :

C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe   

Delete Malwarebyte

2. Look for and delete the following:

C:\Users\bt\Downloads\CRACK___GUIDA_BY_FullHack-IT.blogspot.it.rar

C:\Users\bt\Downloads\ESET PureFix v2.03 (Crack).rar   

D:\asdasd\KeyGenSmadav 2013 Pro 9.3.1[BAGAS31].zip

D:\Corel Draw X5 with Keygen\CorelDRAWGraphicsSuiteX5Installer_EN.exe 

D:\Corel Draw X5 with Keygen\CrackCoreldrawX5Hackcenter.zip

D:\Corel Draw X5 with Keygen\KeygenCorelX5Hackcenter.zip

D:\error sound\Keygen MBAM 1.75 [chairullight.blogspot.com].rar

D:\GAME\FIFA 13 INTERNAL-RELOADED\Fifa 13 Trainer 9v Cracked.rar

3. Now, Kioskea does not help people who use illegal means to obtain software.  It appears to me that not only your niece but you also have installed cracked software.

Once you have deleted all the illegal stuff from your machine, generate and upload a new ZHP Diag log.  I will check it for cracks and if I find none, I will continue helping you to desinfect.

Regards

Ambucias · Answer

Hi

How about that ! Deleting the cracks got rid of most of the malware !

Now, you may wish to print the following;

1. Close all applications

2. Select and copy all of the following bold lines.

M3 - MFPP: Plugins - [bt] -- C:\Users\bt\AppData\Roaming\Mozilla\Firefox\Profiles\kkftp4ez.default\searchplugins\my-web-search.xml    => Infection BT (Adware.MyWebSearch)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html =>Adware.MyWebSearch
O43 - CFD: 4/22/2013 - 10:21:15 - [1.028] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O64 - Services: CurCS - 1/2/1601 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.mywebsearch.prevDefaultEngine", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.mywebsearch.prevSelectedEngine", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.toolbar.mindspark._1gMembers_.homepage", "https://hp.mywebsearch.com/mywebsearch/index.html?ptb=FBCB438B-E511-4F47-AD2[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.toolbar.mindspark._5qMembers_.homepage", "https://hp.mywebsearch.com/mywebsearch/index.html?ptb=FEFDAE8A-2147-45BC-BF7[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("keyword.URL", "https://hp.mywebsearch.com/mywebsearch/index.html[...] =>Adware.MyWebSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]   =>PUP.ToparcadeHits
C:\ProgramData\InstallMate   =>PUP.Tarma^
C:\Program Files\iMesh Applications

3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin.  Answer yes if you get an enquiry as to weither you want to run it or not

4.  Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

9. Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.

10. Tell your nephew to keep his hands off your machine, he his very dangerous !

That should end the clean-up.

Let me know as you now need a new antivirus and I have a good free one to recommend to you.

Ambucias
Moderator, Virus/Security Contributor


9. Close ZHP Fix

10.

Application virus

4 responses

Similar discussions

Subscribe To Our Newsletter!