Removing SmartComp Safe Network/GetPrivate virus [Solved/Closed]

Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
- - Latest reply: Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
- Dec 21, 2015 at 06:37 PM
Hello, I recently downloaded malware/adware from piratebay and my anti-virus detected harmful objects which seemed to lead to a suspicious folder called "SmartComp Safe Network". I did some research on this suspicious folder and it seems that other people are having problems deleting this same folder/malware. There was some suggestions on how to fix it but they were all too confusing for someone who's not good with this kind of stuff. With the malware in my computer, I've been getting ads from "GetPrivate" on everything I click and big bolded blue words on websites on google chrome. I've been able to remove it temporarily with malwarebytes but after a day or two it comes back.
See more 

11 replies

Best answer
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899
2
Thank you
Hello again,

This is a dandy. If you really give a virustotal scan to everything you download and install, it surely did not work for you. There are 50 malware infecting your computer as well as 14 useless files.

Shall we get rid of them? I assume your answer is yes.

Here is what I wish you do. If I ask you to delete some programs files, don't be alarmed as they really do contain malware.

Step one:

Through the add/remove program utility, remove the following:

Skillbrains

Step two

1. Close all applications

2. Go to this URL

http://www.nicolascoolman.fr/download/zhpfix/

and download zhpfix

3. Select and copy the following bold lines:

(For any other user reading this thread, the following lines cannot be used by you, they are customized for Ezpz)

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
O42 - Logiciel: Lightshot-5.3.0.0 - (.Skillbrains.) [HKLM][64Bits] -- {30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
HKLM\SOFTWARE\Wow6432Node\NpApp
HKLM\SOFTWARE\Wow6432Node\SecureWeb
HKLM\SOFTWARE\Wow6432Node\SecureWebChannel
HKLM\SOFTWARE\Wow6432Node\Skillbrains
HKLM\SOFTWARE\Wow6432Node\Systweak
HKLM\SOFTWARE\Wow6432Node\YourFileDownloader
HKCU\SOFTWARE\Skillbrains
O23 - Service: Privoxy (PrivoxyService) (PrivoxyService) . (...) - C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe (.not file.)
[MD5.59F07211D52D191E465A2915EF448E0D] [APT] [Better Installer] (...) -- C:\Users\Bears\AppData\Roaming\Better Installer\Better Installer.exe [495616]
[MD5.70D6EA378844CC762C57FA4B8AC63764] [APT] [update-S-1-5-21-863551351-428171438-3677390635-1004] (.Copyright 2009.) -- C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [105728]
[MD5.70D6EA378844CC762C57FA4B8AC63764] [APT] [update-sys] (.Copyright 2009.) -- C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [105728]
O39 - APT: update-S-1-5-21-863551351-428171438-3677390635-1004 - (.Copyright 2009.) -- C:\WINDOWS\Tasks\update-S-1-5-21-863551351-428171438-3677390635-1004.job [408]
O39 - APT: update-sys - (.Copyright 2009.) -- C:\WINDOWS\Tasks\update-sys.job [408]
O39 - APT: Better Installer - (...) -- C:\WINDOWS\System32\Tasks\Better Installer [3430]
O39 - APT: update-S-1-5-21-863551351-428171438-3677390635-1004 - (.Copyright 2009.) -- C:\WINDOWS\System32\Tasks\update-S-1-5-21-863551351-428171438-3677390635-1004 [3394]
O39 - APT: update-sys - (.Copyright 2009.) -- C:\WINDOWS\System32\Tasks\update-sys [3388]
[MD5.0B42873501A576FF6CDE35EA69EE930A] - (.Skillbrains - Lightshot.) -- C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe [477184] [PID.3996]
3 - CFD: 12/01/2015 - [0] D -- C:\Program Files (x86)\download Manager
3 - CFD: 14/03/2015 - [] D -- C:\Program Files (x86)\Skillbrains
3 - CFD: 10/08/2014 - [0] D -- C:\Program Files (x86)\TowerTilt
3 - CFD: 20/11/2015 - [] D -- C:\Users\Bears\AppData\Roaming\Better Installer
3 - CFD: 31/01/2015 - [0] D -- C:\Users\Bears\AppData\Roaming\IHlpr
3 - CFD: 13/01/2015 - [] D -- C:\Users\Bears\AppData\Roaming\SoftwareUpdater
O45 - LFCP:[MD5.1B53EA087318112317CEB4BD8B24DC64] 20/11/2015 A -- C:\WINDOWS\Prefetch\BETTER INSTALLER.EXE-096AC1ED.pf
O45 - LFCP:[MD5.72B0018C7106214CEA435A83D3761750] 26/11/2015 A -- C:\WINDOWS\Prefetch\PRIVOXY.EXE-34E51078.pf
O61 - LFC: 2015/11/20 17:37:57 A . (..) -- C:\Users\Bears\AppData\Roaming\Better Installer\Better Installer.exe [495616]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
HKLM\SYSTEM\CurrentControlSet\Services\PrivoxyService
C:\Users\Bears\AppData\Roaming\Better Installer\Better Installer.exe
C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
C:\WINDOWS\Tasks\update-S-1-5-21-863551351-428171438-3677390635-1004.job
C:\WINDOWS\Tasks\update-sys.job
C:\WINDOWS\System32\Tasks\Better Installer
C:\WINDOWS\System32\Tasks\update-S-1-5-21-863551351-428171438-3677390635-1004
C:\WINDOWS\System32\Tasks\update-sys
C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
C:\Program Files (x86)\Skillbrains
C:\Program Files (x86)\TowerTilt
C:\Users\Bears\AppData\Roaming\Better Installer
C:\Users\Bears\AppData\Roaming\IHlpr
C:\WINDOWS\Prefetch\BETTER INSTALLER.EXE-096AC1ED.pf
C:\WINDOWS\Prefetch\PRIVOXY.EXE-34E51078.pf

P2 - EXT FILE: (...) -- C:\Users\Bears\AppData\Roaming\Mozilla\Firefox\Profiles\7udurnxy.default\searchplugins\avg-secure-search.xml
O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU][64Bits] -- Akamai
HKCU\SOFTWARE\Akamai
[MD5.F2AD1B265908797F8A5E21E0312F2F25] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Bears\AppData\Local\Akamai\netsession_win.exe [4691384] [PID.1892] ©
[MD5.F2AD1B265908797F8A5E21E0312F2F25] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Bears\AppData\Local\Akamai\netsession_win.exe [4691384] [PID.10052] ©
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Bears\AppData\Local\Akamai\netsession_win.exe ©
O4 - HKUS\S-1-5-21-863551351-428171438-3677390635-1004\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Bears\AppData\Local\Akamai\netsession_win.exe ©
O43 - CFD: 26/09/2015 - [0] D -- C:\ProgramData\Reprise
O43 - CFD: 14/11/2015 - [] D -- C:\Users\Bears\AppData\Local\Akamai
O87 - FAEL: "UDP Query User{527DD5B6-1909-4540-8296-DA363FA9041C}C:\games\counter-strike global offensive\csgo.exe" [In-None-P17-TRUE] .(...) -- C:\games\counter-strike global offensive\csgo.exe (.not file.)
O87 - FAEL: "TCP Query User{E91211BC-87F5-4084-A72D-E56460E940B7}C:\games\counter-strike global offensive\csgo.exe" [In-None-P6-TRUE] .(...) -- C:\games\counter-strike global offensive\csgo.exe (.not file.)
O87 - FAEL: "{4A93956D-7C85-40A0-A101-CE4F9D282F5E}" [In-None-P6-TRUE] .(...) -- C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe (.not file.)
O87 - FAEL: "{1DA55B90-969F-49AA-9D39-C35C40D7A07A}" [In-None-P17-TRUE] .(...) -- C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe (.not file.)
O87 - FAEL: "UDP Query User{ED0760EB-A3B9-4104-829D-66C50FCFF4A8}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" [In-None-P17-TRUE] .(...) -- C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe (.not file.)
O87 - FAEL: "TCP Query User{1FB8229F-67CD-4261-AD9E-EDF540CBFA3F}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" [In-None-P6-TRUE] .(...) -- C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe (.not file.)


4. Launch ZHP Fix and click on "Import" the lines you copied will get pasted.

5. Click on Go. A report will be generated which you can post here.

Good luck and let me know

Say "Thank you" 2

A few words of thanks would be greatly appreciated. Add comment

CCM 6905 users have said thank you to us this month

Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
By the add/remove program utility, do you mean remove the program in Programs and Features or do you mean remove the file "Skillbrains" in Program Files(x86)?
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899 > Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Programs and Features ! Yes ! If you have Win 10, click left on it to highlight and choose uninstall and click right. Your machine will already feel some stomach relief.
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
I do not see a "Skillbrains" program in Program and Features, unless you're referring to the program "Lightshot - 5.3.0.0" by the publisher "Skillbrains".
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899 > Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Okay, go ahead with ZHP Fix
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Okay, here's the report log:
http://speedy.sh/TKJzG/ZHPFixReport.txt
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899
0
Thank you
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report.

1. Open this link and download ZHPDiag3 :
http://www.nicolascoolman.fr/download/zhpdiag/
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right)

4. Double click on the short cut ZHPDiag on your Destktop.

5. Click on Full.

Wait for the tool to finished (maybe a long time)

6. Close ZHPDiag.

7. To transmit the report, click on this link :

http://www.speedyshare.com/

8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from Speedyshare and paste it here in your reply.

Ambucias
Moderator and Virus/Security Contributor
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Hi, I downloaded ZHPDiag3.exe from the link you provided, and I scanned the file on virustotal like I do with every file/program I download on the internet. And I noticed that it detected 5/55. Should I ignore that and install or is it something I need to worry about?
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899 > Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
ZHP Diag, I use all the time and also hundreds of v/s experts, it's 100% safe.

Please, follow exactly the instructions I have given you about ZHP Diag.
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Here is the zhpdiag.txt link:
http://speedy.sh/BJBy5/ZHPDiag.txt
At the moment, the virus has not downloaded back onto my computer.
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899 > Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Thanks for the log

The is the potential for it to return.

I will get to you with the medicinal compound very soon, just stand-by.
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899
0
Thank you
On ZHP Fix, After "go" did you validate the message asking you to confirm the removal or clean up?

If not, please repeat the ZHP Fix
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
It did ask me to confirm the uninstall of lightshot and Akamai NetSession Interface but I don't think I remember it asking me to confirm the removal.
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899 > Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Please repeat ZHP Fix and, after go, confirm everything that ZHP Fix asks for

Thank you
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Okay, I remembered that I did confirm the removal but I did repeat the ZHP Fix anyways.
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899 > Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
can I see the report ?
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899
0
Thank you
Hello and thank you for the report!

Everything looks honky dory and your system is as clean as a whistle.

Your antivirus is Kaspersky, along with F-Secure they are the most efficient on the market but no antivirus is 100% safe. In my opinion, most of the 50 malware on your computer came from torrent sites: uTorrent, Pando, Bit Torrent and Bears. Those p2p sites most often hide malware and there are the best mode for pirates, hackers and other malicious people to infect computers. If you invite them in, Kaspersky will not protest because you are the boss.

I suggest that your remove Malwarebyte so that it does not come in conflict with Kaspersky. You can always get it back if necessary.

These two keys, if you wish can also be deleted:

HKLM\SOFTWARE\Wow6432Node\McAfee
HKCU\SOFTWARE\McAfee


It was a pleasure helping you.
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Hello, I greatly appreciate your time and effort to help me get rid of this darn malware! My PC is as clean as ever. And I surely will be more careful on those torrent sites and watching what I download. Anyway, thanks for the help and making this a smooth experience!
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
0
Thank you
Hello again, the GetPrivate virus has downloaded back to my computer, if you wouldn't mind, could you help me get rid of it so that it doesn't come back?

Thanks,
Ezpz
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899 -
Hello EZ

With pleasure. Please, another ZHP Diag report. Thanks
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
I temporarily removed it with malwarebytes but here's the log:
http://speedy.sh/tpK73/ZHPDiag.txt
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899
0
Thank you
Hello

Well, you did get infected again.

This time, we will go in what I believe to be the sources in an easy 1, 2, 3. 4

ONE

1. Open Internet Explorer

2. Click on the gear box.

3. Click on "Manage add-on and then on "Toolbars and extensions"

4. Look for and delete all suspicious extensions. (may say "not verified)

5. Close IE.

TWO

1. Open Firefox

2. Click the menu by click on the 3 horizontal lines, top right corner.

3. Click on the puzzle piece icon and then on plug-ins

4. Look for and delete all suspicious plug-in

Important note: If you still get problems with GetPlus after the above steps, you will need to reset both browsers' to default setting.

THREE

1. Open the add/remove program utility and delete

Download Manager

FOUR

1. We will repeat our ZHP Fix trick

Here are the bold lines:

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
HKLM\SOFTWARE\Wow6432Node\SecureWebChannel
3 - CFD: 12/01/2015 - [0] D -- C:\Program Files (x86)\download Manager
3 - CFD: 13/01/2015 - [] D -- C:\Users\Bears\AppData\Roaming\SoftwareUpdater
O45 - LFCP:[MD5.E8D56F120C5EFF515F03CF3FE165FD1E] 30/11/2015 A -- C:\WINDOWS\Prefetch\PRIVOXY.EXE-34E51078.pf
C:\WINDOWS\Prefetch\PRIVOXY.EXE-34E51078.pf


Let me know
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
I do not see a "Download Manager" program in the add/remove program utility.
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899
0
Thank you
Please download, install and run Adwcleaner

http://ccm.net/download/download-24088-adwcleaner
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
I installed it.
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899 > Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Did you run a scan with it?
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899
0
Thank you
Those were the adware viruses I was talking about as browser extensions.

Chrome did not show on your ZHP Diag log!!!

Folder Deleted : C:\Program Files (x86)\download Manager
[-] Folder Deleted : C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
[-] Folder Deleted : C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\madakpajlmcpaodhfbekojajlhbdklol
[-] Folder Deleted : C:\Users\Bears\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhoahihokddepjlegpenefeaahdkojog
Folder Deleted : C:\Users\Bears\AppData\Roaming\SoftwareUpdater

Could you please check in your Chrome extensions to see if:

lhoahihokddepjlegpenefeaahdkojog
madakpajlmcpaodhfbekojajlhbdklol
gngocbkfmikdgphklgmmehbjjlfgdemm

Are still there; if they are, we may need to remove them manually.

Did you find that the virus returned after you launched Chrome?

Take care
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
I do not see those extensions in there, and at the moment, the virus has not returned after I launched chrome.
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899 > Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Did you, in the past, find that the virus returned after you launched Chrome?

Out of curiosity, can you tell me what is this C:\Users\Bears\AppData\Roaming\SoftwareUpdater

Thanks
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Yes, It has returned before, after I launched chrome, and I'm not too sure what "SoftwareUpdater" is for but I've seen it. And about "download manager", I downloaded that when I was trying to download something a long time ago because I thought it would help me download faster.
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899
0
Thank you
Okay, I believe we have resolved the problem.

It's getting ever popular for many to include adware or spyware in the sofware package. Recently, in case of browser applications, they are added to the browser extensions.

Should this occur to you again, first start to disinfect with adwcleaner, it is much more efficient than malwarebyte in the case of adware and spyware where you get pop-ups or browser redirecting.

Take care in Dixieland VA.
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Thanks a lot for helping me solve this problem. But I have a question, how would I uninstall software updater and download manager if I would want to uninstall them since they don't clearly show up as programs in Programs and Features?
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899 > Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
You are most welcome.

They were deleted by adwcleaner. Othewise, you would have to follow the paths
C:\Program Files (x86)\download Manager
C:\Users\Bears\AppData\Roaming\SoftwareUpdater
and delete them, like any other file.

Then I would CCleaner to see if they are still in the registry and delete also from there.
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
0
Thank you
Hello again,

The the virus has come back and I followed your instructions to disinfect it with adwcleaner. However, today it came back once I opened chrome, and after I disinfected it again with adwcleaner, I checked my extensions folder for chrome and I didn't find those three extensions you mentioned about. Could it be other extensions that's making it come back after a couple of days?
Ambucias
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899 -
Hi,

Yes it could very well be those extensions.
Why don't you remove Chrome completely, you can always get a fresh copy.

Care to upload another ZHP Diag log, just in case something else got infected?
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
Sorry for the late reply, I've been busy. Anyways, I've reinstalled google chrome and ran zhp so here's the log:
http://speedy.sh/B2Pe5/ZHPDiag.txt
Posts
51278
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
August 24, 2019
11899
0
Thank you
Hi

Every time I analyse one of your reports I find new malware.

Where did you get this one?

PRIVOXY.EXE

It's a proxy hyjacker.

If you see it in your Chrome extensions, remove it.

Run ZHP Fix with this script:

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
O45 - LFCP:[MD5.1A5C72CAB3A96378BAAA227801876896] 14/12/2015 A -- C:\WINDOWS\Prefetch\PRIVOXY.EXE-34E51078.pf
C:\WINDOWS\Prefetch\PRIVOXY.EXE-34E51078.pf
Ezpz
Posts
35
Registration date
Wednesday November 25, 2015
Status
Member
Last seen
August 15, 2016
-
I checked my chrome extensions but I don't know which extensions to look for? I can list what extensions I currently have:
aapocclcgogkmnckokdopfmhonfmgoek
aohghmighlieiainnegkcijnfilokake
apdfllckaahabafndbhieahigkjlhalf
blpcfgokakmgnkcojhhkbfbldkacnbeo
cmeakgjggjdlcpncigglobpjbkabhmjl
coobgpohoikkiipiblmjeljniedjpjpf
eahebamiopdhefndnmappcihfajigkka
felcaaldnbdncclmgdcncolpebgiejap
ghbmnnjooekpmoecnnnilnnbdlolhkhi
nmmhkkegccagdldgiimedpiccmgmieda
pjkljhegncpnkpknbcohdijeoejaedia