1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Happy Lucky Park Club removal

Discussion in 'Virus & Other Malware Removal' started by titleman, Oct 25, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. titleman

    titleman Thread Starter

    Joined:
    Jan 29, 2006
    Messages:
    105
    I have one forum I visit regularly and the malware Happy Lucky Park Club has starting taking over my page. I don't believe it's happening on other sites.

    I'm running Windows 10 .

    Could someone help me remove this?
     
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    678
    Hi titleman, welcome to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.

    ---------------------------------------------------
    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
  3. titleman

    titleman Thread Starter

    Joined:
    Jan 29, 2006
    Messages:
    105
    Attached: FIRST.txt & Addition.txt
     

    Attached Files:

  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    678
    Hi titleman,

    Which browser do the issues occur in?

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      CreateRestorePoint:
      SearchScopes: HKU\S-1-5-21-1422640865-951509083-3167410046-1001 -> DefaultScope {06C1CE64-BD7C-4384-945A-9A2573D01CA2} URL = 
      SearchScopes: HKU\S-1-5-21-1422640865-951509083-3167410046-1001 -> {06C1CE64-BD7C-4384-945A-9A2573D01CA2} URL = 
      CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.19.8.65\Exts\Chrome.crx <not found>
      CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.19.8.65\Exts\Chrome.crx <not found>
      ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
      Emptytemp:
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
      Note: No need to paste the script into FRST.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
     
  5. titleman

    titleman Thread Starter

    Joined:
    Jan 29, 2006
    Messages:
    105
    I use chrome.
     

    Attached Files:

  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    678
    Hi titleman,

    I noticed that you posted a profile message on my user profile page. Is the profile message referring to the issue of the popups/ads?
     
  7. titleman

    titleman Thread Starter

    Joined:
    Jan 29, 2006
    Messages:
    105
    Yes it pertains to the popups/ads. I was trying to send a PM
     
  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    678
    Hi titleman,

    Since the issue is with the site you're visiting, the webmaster will be able to address the issue.


    If all is well:

    The following will remove the tools we used as well as reset system restore points:

    ---------------------------------------------------
    KpRm

    Download KpRm by kernel-panik and save it to your desktop.
    • Right-click kprm_(version).exe and select Run as Administrator.
    • When the tool opens, ensure all boxes are checked, and select Run.
    • Once complete, click OK.
    • A log will open in Notepad titled kprm-(date).txt.
    • Please copy and paste its contents in your next reply.
    ----------------------------------------------------
    Some tips to keep your computer safe on the Internet

    Make sure to use strong passwords. There are password managers (for example, Bitwarden) that can help you use secure passwords, and keep track of them.

    How to create a strong password
    ----------------------------------------------------
    Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.

    To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
    ----------------------------------------------------
    I recommend backing up your PC regularly. There are several ways to back up your computer, such as using a cloud-based service online, external hard drive, or CD/DVD.

    The following articles have more information about methods to back up your computer:

    What's the Best Way to Back Up My Computer?

    5 Ways to Back up Your Data
    ----------------------------------------------------
    Here are some articles about how to keep your computer safe on the Internet -

    Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams

    Answers to common security questions - Best Practices - by quietman7

    COMPUTER SECURITY - a short guide to staying safer online - Malware Removal

    PC Safety and Security - What Do I Need? - Tech Support Forum
    ----------------------------------------------------

    Safe surfing :)
     
  9. titleman

    titleman Thread Starter

    Joined:
    Jan 29, 2006
    Messages:
    105
    [OK] Registry Backup: C:\KPRM\backup\2019-10-30-06-06-40
    - Remove Tools -
    No tools found
    - Restore System Settings -
    [OK] Flush DNS
    [OK] Reset WinSock
    [OK] Hide Hidden file.
    [OK] Show Extensions for known file types
    [OK] Hide protected operating system files
    - Restore UAC -
    [OK] Set ConsentPromptBehaviorAdmin with default (5) value
    [OK] Set ConsentPromptBehaviorUser with default (3) value
    [OK] Set EnableInstallerDetection with default (0) value
    [OK] Set EnableLUA with default (1) value
    [OK] Set EnableSecureUIAPaths with default (1) value
    [OK] Set EnableUIADesktopToggle with default (0) value
    [OK] Set EnableVirtualization with default (1) value
    [OK] Set FilterAdministratorToken with default (0) value
    [OK] Set PromptOnSecureDesktop with default (1) value
    [OK] Set ValidateAdminCodeSignatures with default (0) value
    - Clear Restore Points -
    ~ [OK] RP named KpRm created at 10/30/2019 10:57:49 deleted
    [OK] All system restore points have been successfully deleted
    - Create Restore Point -
    [OK] System Restore Point created
    - Display System Restore Point -
    ~ RP named KpRm created at 10/30/2019 11:07:01 found
    -- KPRM finished in 26.00s --
     
  10. titleman

    titleman Thread Starter

    Joined:
    Jan 29, 2006
    Messages:
    105
    i hope everything is ok above. I ended up with KpRm in my downloads instead of my desktop. I ran it twice as the first time I didn't run as administrator.
     
  11. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    678
    Hi titleman,

    Glad we could help.

    ----------------------------------------------------

    Since this issue appears to be resolved, this topic is marked "Solved."

    In the event you still need assistance, please reply back to the thread. Everyone else begin a New Topic.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1234755

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice