Application virus

Solved/Closed
Report
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013
-
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
-
Hello,
i was using windows 7, when I installed FIFA 14 from the original CD my niece think its pirated and put a crack but I wasn't know it and start the application then some error popped out and I close it, after that error..... my eset nod antivirus doesn't start when my computer are booting and there was an error saying FIFA 14 system error couldn't find activation.dll but the game was already uninstalled
i try to start my eset manually but it says "you don't have the privilege" altought I try to repair them in the control panel but it says "couldn't modify (some files in it) insufficient privilege" I use another antivirus to scan my C:/windows but its automatically stopped
i need help real soon because I think the virus was start to expand

4 replies

Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,263
Hello Mark, if I may butt in...

As_Kill

Those nieces, they will always do it to you. Cracks, most often will contain a virus.

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.

1. Open this link and download ZHPDiag2 :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English

6. Click on the "Configure" button.

7. Click on the Magnifying glass with the + sign.

8. Click on "Search"

Wait for the tool to finished (maybe a long time)

9. Close ZHPDiag.

10. To transmit the report, click on this link :

https://authentification.site

9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

10. Select the file ZHPDiag.txt.

11. Click on "upload »

12. Copy the URL and post it here.

Best regards

Ambucias
Moderator /Security Contributor
1
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 2821 users have said thank you to us this month

Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,263
lol ! You're priceless ! I should put you on E-Bay ! 50-50 ?
Blocked Profile
60-40 if you can get em to finance! You get finance extra and shipping cost!!!

Shipping on electronic delivery. You have to love someone paying you to author a link!

I had a product of a cut-out template.....it was for 25mm gaming, and it was a template for a tank! I thought about a shipping fee, but how can I tax you to use your printer!

I represented it as it was, and sold like 5 of em! It wasn't .99 neither. ALL Satisfied! Basically cut out box and fold on the dotted line, poof, tank for gaming!
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,263
You have just given me a headache ! I am signing off !
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013

well im kinda sad right now.... but im putting on 80-20 so keep your dream away guys
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013

download link : http://speedy.sh/5WMg8/ZHPDiag.txt
delete key : fugamurozubu
i don't know why I am putting the delete key.... just in case :D and thank you for the fast reply I really appreciate it
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,263
Hello As_Kill,

Wow ! I'm impressed ! You machine is extremely infected by "crapware", adware, pup, usb virus and other.

And where did you get all thoses viruses you might ask ? Utorrent downloads and a contaminated Pen drive.

Your Eset will never work because it is itself contaminated. The same for Malwarebyte. Are those cracked versions?

As a matter of a fact, there is as much illegal stuff of your machine than legal software

Where do I start ? Let me think of a plan...

Lets do this a step at a time:

1. Immediatly uninstall these programmes with the add/remove programme utility :

C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe

Delete Malwarebyte

2. Look for and delete the following:

C:\Users\bt\Downloads\CRACK___GUIDA_BY_FullHack-IT.blogspot.it.rar

C:\Users\bt\Downloads\ESET PureFix v2.03 (Crack).rar

D:\asdasd\KeyGenSmadav 2013 Pro 9.3.1[BAGAS31].zip

D:\Corel Draw X5 with Keygen\CorelDRAWGraphicsSuiteX5Installer_EN.exe

D:\Corel Draw X5 with Keygen\CrackCoreldrawX5Hackcenter.zip

D:\Corel Draw X5 with Keygen\KeygenCorelX5Hackcenter.zip

D:\error sound\Keygen MBAM 1.75 [chairullight.blogspot.com].rar

D:\GAME\FIFA 13 INTERNAL-RELOADED\Fifa 13 Trainer 9v Cracked.rar

3. Now, Kioskea does not help people who use illegal means to obtain software. It appears to me that not only your niece but you also have installed cracked software.

Once you have deleted all the illegal stuff from your machine, generate and upload a new ZHP Diag log. I will check it for cracks and if I find none, I will continue helping you to desinfect.

Regards
1
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 2821 users have said thank you to us this month

Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013

I only use gamehouse key once and the rest I only use to type most of my work and put them in my harddisk, my niece was installing all the other games and he installed eset and try to find the crack, I delete the crack and only use trial username. my D and E drive were really full because of his game
Thanks a lot for your help, I really appreciate it
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013

i never tought about this... but when I see the download folder... its filled with a lot of file :/
i think this is really bad
download link : http://speedy.sh/ZhHgc/ZHPDiag.txt
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,263
Hi

How about that ! Deleting the cracks got rid of most of the malware !

Now, you may wish to print the following;

1. Close all applications

2. Select and copy all of the following bold lines.

M3 - MFPP: Plugins - [bt] -- C:\Users\bt\AppData\Roaming\Mozilla\Firefox\Profiles\kkftp4ez.default\searchplugins\my-web-search.xml => Infection BT (Adware.MyWebSearch)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://hp.mywebsearch.com/mywebsearch/index.html =>Adware.MyWebSearch
O43 - CFD: 4/22/2013 - 10:21:15 - [1.028] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O64 - Services: CurCS - 1/2/1601 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.mywebsearch.prevDefaultEngine", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.mywebsearch.prevSelectedEngine", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.toolbar.mindspark._1gMembers_.homepage", "https://hp.mywebsearch.com/mywebsearch/index.html?ptb=FBCB438B-E511-4F47-AD2[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("extensions.toolbar.mindspark._5qMembers_.homepage", "https://hp.mywebsearch.com/mywebsearch/index.html?ptb=FEFDAE8A-2147-45BC-BF7[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [bt - kkftp4ez.default] user_pref("keyword.URL", "https://hp.mywebsearch.com/mywebsearch/index.html[...] =>Adware.MyWebSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Program Files\iMesh Applications


3. ZHP Diag created a short cut on your desktop called ZHP Fix, launch ZHP Fix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to weither you want to run it or not

4. Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

9. Download the following Adwcleaner created by Xplode
https://ccm.net/download/download-24088-adwcleaner
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.

10. Tell your nephew to keep his hands off your machine, he his very dangerous !

That should end the clean-up.

Let me know as you now need a new antivirus and I have a good free one to recommend to you.

Ambucias
Moderator, Virus/Security Contributor


9. Close ZHP Fix

10.
1
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 2821 users have said thank you to us this month

Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013

No
:/
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013

Sorry... I forgot about tjat adwcleaner
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,263
Well, run adwcleaner
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013

uhh still not.. but my computer was better than ever
Posts
47367
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,263
Then don't run adwcleaner and stay with infected computer which will cause you more issues in the near future, such as hyjacking and spying.

Good luck

P.S. You still don't have an efficient antivirus software !

I am now closing this thread !

Ok, hang in there...

When you went to install the FIFA disk, did you have privalages to install? SO in other words, did you put in the admin password when it asked?
Posts
10
Registration date
Monday October 7, 2013
Status
Member
Last seen
October 10, 2013

when I installed FIFA I installed using administrator.... I don't have any problem until with privilege until the crack is opened