Removing McAfee and bootracer

Closed
Report
Posts
4
Registration date
Wednesday March 5, 2014
Status
Member
Last seen
March 7, 2014
-
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
-
I have removed McAfee virus scanner and Bootracer umpteen times i.e with Revo uninstaller-windows uninstaller- from the registree etc.
It comes back every time.
In some cases Creating a restore point failed.
Am I hit with malware? What can I do about it?
sipke

58 replies

Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Hello,

Please, post the link of the report in your next answer.

Gabriel.
2
Hello Ambucias,

Thank you for your speedy reply to my query. I have run the required procedure you sent me. All went smoothly. However i got only two icons on my desktop
t.w. ZHPDiag and ZHPFix. Have uploaded the text and wait for your reply.
Thanks again!
Sipke
0
Posts
47366
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,369
Please do as Gabriel asked. He will take over from me and he is most competent, a genius.
0
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
:)
0
Posts
4
Registration date
Wednesday March 5, 2014
Status
Member
Last seen
March 7, 2014

Hello Gabriel,
Sorry , I am alittle confused. I do have the report, but I don't know how to send it to you, as I cannot attach the report to this message. Sorry again.
Sipke
0
Posts
47366
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,369
sipke

To transmit the report, click on this link :

https://authentification.site

1. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).

2. Select the file ZHPDiag.txt.

3. Click on "upload »

4. Copy the URL and post it here.

What is it that is confusing you?
0
Posts
4
Registration date
Wednesday March 5, 2014
Status
Member
Last seen
March 7, 2014

Hello Ambucias,

My confusion was that i could not find a website of Gabriel.
As I understand it now, eveything works through speedshare.
Sorry to you and Gabriel.
I have uploaded the report again.
Hopefully I have done it right this time.
Sipke
0
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Hello,

You have to copy the link in your next answer, otherwise i can't access to the report... :)

Gabriel.
0
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
No.

Speedyshare, when you upload ZHPDiag's report, create a link no ? You have to copy this link in this topic in your answer.
If you don't understand, you can upload a new time the report, and when it is uploaded, you press F6 and then you do Ctrl + C. After, you return in this topic and when you write your answer, press Ctrl + V.

Do you understand ?

Gabriel.
0
Hello Gabriel,

The report has vanished (virus ?).

Also some programs I have uninstalled have come back the next day.

I have gone through the whole procedure again and have now a new report.

Thank you for your patience !

sipke
0
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Hello,

OK, but can you upload the report on speedyshare and copy the link in your next answer please ?
I have to look at the report to know if your computer is infected.

Thanks,

Gabriel.
0
Hello Gabriel,

Have uplooaded the report via speedyshare. This went well.
On pressing F6 and then Ctrl + C
I did not notice anything happening.
So I went back to the topic and pressed Ctrl + V.
Nothing happened.
I took a screenshot at the upload which showed the following link:

http://speedy.sh/g7m4d/ZHPDiag.txt

Is this of any use?

Sipke
0
Posts
47366
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,369
Okay Sipke,

I was able to get it and it was transmitted to Gabriel.

Sit back, pour yourself a cool Heineken and wait for Gabriel's answer.
0
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Hi,

Good. :)

Download the following Adwcleaner created by Xplode
https://ccm.net/download/download-24088-adwcleaner
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.

Gabriel.
0
Hello Gabriel,

Thank you for the reply.
Have downloaded Adwcleaner- ran it as administrator.
Executed the scan
after the scan clicked report which created:
C:\Adwcleaner[R0].txt

I have uploaded this report
the link is http://speedy.sh/7yvKt/AdwCleaner-R0.txt.

sipke
0
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Hello,

Okay, now run again AdwCleaner and click on Delete and post the report.

Gabriel.
0
Hello Gabriel,

AdwCleaner shows only the actions:

Scan - Clean - Report - Uninstall

but NO delete.

Clicking on Other produced nothing.

What can I do?

sipke
0
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Hi,

Sorry, click on Clean.

Gabriel.
0
Hello Gabriel:


Clean was dimmed, so I did the scan again after which I could

click on Clean.

Got a message that program would shut down to do its work.
So it shut down and rebooted.

But NO REPORT.

I went to work to see if I could find something useful
taking care that the times were between shutdown
and reboot

and this is what I found:

In c:\Users\Wil\AppData\Local\Temp\
etilqs_QomUWwQM9f6MOBN 32kb 09-03-14

In c:\Users\All Users\McAfee Security Scan\
ftstate.inii 846b 09-03-14 16:19

In c:\Users\All Users\AVAST Software\Avast\log\
aswAr.log 58k 09-03-14 16:26
GrimeFighter.log 5k " 16:22
EventLog.log 30k " 16:19
Resident.log 607b " 16:18
SecureLine.log 10k " 16:18
Streamfilter.log 52k " 16:17
Chest.log 850b " 16:17
Mail.log 25k " 16:17

In c:\Users\All Users\AVAST Software\Avast\Secure\
I found:
lient.ovpn 187b 09-03-14 16:18

c:\Users\All Users\AVAST Software\Persistent Data\Avast\Logs\
Update.log 16M 09-03-14 16:17

Sipke
0
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Hello,

The log is saved at C:\AdwCleaner[S0].txt

Gabriel.
0
Hello Gabriel,

You said:
The log is saved at C:\AdwCleaner[S0].txt

I did not understand the purpose of this message,
so I downloaded it.
What I got was:
AdwCleaner[R0].txt.EXE

Tried to run it but ACCESS DENIED

Sipke
0
Posts
13334
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Hello,

The report is saved in your drive C.
But never mind.

Download Shortcut_Module from this link :

http://www.telecharger.sosvirus.net/download/shortcut-module/

save it to your desktop, run it and click on "Clean" after it has verified if it's up to date

Attention : It'll close all the programs opened like IE, Firefox, Word, etc.

It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.

copy/paste the content of the report in your next answer.

Gabriel.
0
Hello Gabriel,

Have downloaded
Download Shortcut_Module and ran the procedure.

Pressed CLEAN and got a message to remove antvirus program
which I did. (Avast)

The Shortcut_Module started and after it finished shut down
and rebooted.

But NO C:\Shortcut_Module_date_hour.txt , so I did a search
and found:

E:\avast! sandbox\S-1-5-21-1490758984-813645090-1167344919-1000\r1019\Shortcut_Module.exe_{33bea63b-a857-

11e3-8b7e-e0cb4ed405ff}

This folder is empty

So nothiing to upload.

Sorry!

sipke
0