Previous Topic Next Topic

ZHPDiag usage

Closed
Alex1957 Posts 3 Registration date Tuesday November 26, 2013 Status Member Last seen November 27, 2013 - Nov 26, 2013 at 04:03 PM
 alex1957 - Nov 30, 2013 at 06:38 PM
Hi guys
I checked my system with ZHPDiag,I got a report,what shall I do next?
here's a download link http://speedy.sh/zEwsF/ZHPDiag.txt
Thanks in advance for your help. Just in case ,i have Windows 7 on my laptop.
Alex

5 responses

Answer 1 / 5
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 26, 2013 at 04:47 PM
Hello

ZHP Diag reports are analysed by experienced Virus/Security contributors to detect malware and provide the best way to irradicate the virus or viruses.

In you case, there is adware which got in your machine because of online downloads, probably from torrents.

There is also an autorun virus in your E drive.

There are some Greek files which I cannot read.

Here are two steps to follow:

Step One:

Download the following Adwcleaner created by Xplode

https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.

Step two:

Download UsbFix (created by El Desaparecido) on your desktop.

http://ccm.net/download/download-24089-usbfix

If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.

Plug in all of your usb devices (Flash drive, pen drive. External HD etc...) don't open them.

Double click sur UsbFix.exe.

Click on deletion
.
Let the tool work.

Ambucias
Moderator/virus security contributor

At the end of the scan a report will show which you can copy and paste here..

The report is save at the root ( C:\UsbFix.txt ).
1
Answer 2 / 5
Alex1957 Posts 3 Registration date Tuesday November 26, 2013 Status Member Last seen November 27, 2013
Nov 26, 2013 at 07:16 PM
Thanks a lot! I'll try to do it tomorrow as it's already 1.15 am here and I'm falling asleep.Just a quick question - together with ZHPDiag I downloaded ZHPFix,can I use it to remove what is to be removed?And if yes then how?
thanks again,
Alex
0
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 27, 2013 at 05:29 AM
Good question !

Please don't use ZHP Fix ! It's last resort. If malware is not all removed by the tools I gave you then, I will write you a custom made script to be used with ZHP Fix.
0
Answer 3 / 5
Alex1957 Posts 3 Registration date Tuesday November 26, 2013 Status Member Last seen November 27, 2013
Nov 27, 2013 at 12:00 PM
Hi
I ran the AdwCleaner,here is the report:

# AdwCleaner v3.013 - Report created 27/11/2013 at 17:53:10
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ??????? - WIN-SDTODTH2STH
# Running from : C:\Users\???????\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Connect_DLC_5
Folder Deleted : C:\Users\???????\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\???????\AppData\LocalLow\Connect_DLC_5
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B06F53B-95F8-4FE0-993D-A2E3D6511AB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8E24389-F354-4469-82CB-3B68780B371C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_5
Key Deleted : HKLM\Software\Connect_DLC_5

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\???????\AppData\Roaming\Mozilla\Firefox\Profiles\2x7etu9k.default-1384699491063\prefs.js ]


*************************

AdwCleaner[R0].txt - [32005 octets] - [26/11/2013 20:29:11]
AdwCleaner[R1].txt - [2497 octets] - [27/11/2013 17:51:44]
AdwCleaner[S0].txt - [28608 octets] - [26/11/2013 20:30:28]
AdwCleaner[S1].txt - [2466 octets] - [27/11/2013 17:53:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2526 octets] ##########
0
Answer 4 / 5
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,162
Nov 27, 2013 at 04:35 PM
Hi,

Well, well, adwcleaner did a wonderful job.

Did you run usbfix for the autorun virus on E?

Once you are done, I would appreciate if you delete the ZHP Diag log that you have now. Produce a new one and upload it on speedyshare. I just want to make sure we got everything and that your machine is as clean as whistle.

Regards

P.S. By the way, what are you doing in France?
0

Didn't find the answer you are looking for?

Ask a question
Answer 5 / 5
alex1957
Nov 30, 2013 at 06:38 PM
Hi
sorry for the much belated answer but I was away for a couple of days.I'll do everything tomorrow, promise.
And well,I live in France just across the border from Switzerland where I'm working.
cheers
0