Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Malware removal

Solved 
9K views 154 replies 6 participants last post by  DR.M 
#1 ·
I just got notice to contact Microsoft. Last time, July 2021, this was fake but I think it is really Microsoft this time. I spent a long time with their tech person. He said I needed a lost of things done and wanted a large sum to start the process. This sum must be paid every year. I am a 76 year old on limited Social Security and this sum is not possible for me especially since I use the computer so little. I am not sure how to proceed here. Dr. M was superb help to me before and I hope theat the Doctor can save me again. Thank you. PatrickAshfield
 
#30 ·
Hi, Patrick.

Some critical health issues kept me away from Forums for a while. I'm back now and I'll do my best to help you.

Karen, thanks so much for your help on that.

=====================================

Let's start, Patrick.

I understand that we are talking about the same computer for which you asked for help here. Please correct me if I'm wrong. Then, you had similar problems and you were very worried about your computer's security. Although I didn't find signs of an infection or remote access, since the kind of your problems were serious, I recommended you to inform the Police and perform a clean install of the operating system. Since I see Norton remnants in your recent logs, I gather that you didn't follow my advice? I have no problem to clean your computer now, but my previous recommendation still exists.

In case you want me to proceed with cleaning the computer, please follow the steps below. Otherwise, let me know, so I can help you perform a clean install.

1. WaveBrowser

It seems that this browser is your default one. Did you intentionally install/use it? If yes, that's fine. However, note that some of the tools we use in the cleaning procedure detect this as a PUP, meaning potentially Unwanted Program. Read more about these programs here: PUP | Malwarebytes Labs | Glossary
In case you want to uninstall it, please do that, along with the other programs listed in Step 2.

2. Uninstall Programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
Code:
AVG Secure Browser 
AVG Update Helper 
Shockwave 7.0.3 Player 
WaveBrowser *
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

3. Uninstall apps
  • Click on the Start button.
  • Find the following apps in the code, one by one, right click on them and choose Uninstall.
  • Restart the computer.
  • Code:
    HP Support Assistant
    McAfee WebAdvisor
    Norton Safe Web
    Norton Security Protection
    Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System

In your next reply:

Let me know if you successfully uninstall the above apps/programs.
 
#40 ·
OK. Patrick.

Now, let me see fresh FRST logs.
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
 
#42 ·
Hi, Patrick.

I wonder if you can be online more regularly, so we can deal with your computer's issues effectively. I know that we are in different time zones, but I guess we could find a way to do that. This time is ideal for me anyway. Perhaps I (or you) want to ask just a simple question. Knowing that I'll see you again in more than 24 hours, makes my efforts to help you more complicated, as in the meantime the computer's status changes.

Let's continue.

Although I completely missed a program needing uninstall (Driver Support One), and we need to clean the computer, I noticed some errors in your new logs indicating that you are logged in Windows with a temporary profile account. This maybe is due to corrupted files and folders on your current user profile.

Have you noticed anything strange? Save things and nothing gets saved after a restart? Some errors when you log in? Any warning? Please give me some feedback about this.

Please do the following first:

Click on the Start button, click (or right click) on the profile icon, sign out and restart.

After the above, I would like to see:

1. Your account info


Go to Settings (press the Windows logo key on the keyboard together with letter i), then Accounts. From the menu at the left choose Your Info. Please take a screenshot of what you see.

2. Users

Open File explorer (press the Windows logo key on the keyboard together with letter r, type Explorer and press Enter).
From the menu at the left choose My PC, then double click on C and then choose Users.
Please take a screenshot of what you see.

3. Users accounts from Control Panel

In the Search area type Control Panel and select it.
Select View by Large Icons and find Users accounts. Select it.
Please take a screenshot of what you see.

For now, let me see the 3 screenshots.
 
#44 ·
Thank you!

First things first: Now please remove the screenshots, since they include your email account and this is personal info.

Then:
  • Press Windows icon on your Desktop, together with the letter R.
  • Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
  • Copy and paste the following command line and press Enter.
Code:
reg export "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" C:\Profile.txt
  • In the Search area type File Explorer and choose it from the items appeared.
  • In the address area type C:\Profile.txt and press Enter.
  • From the list, choose C:\Profile.txt, double click to open it.
  • Select the content of the file, copy and paste it in your next reply.
 
#45 ·
What do you mean "remove the screen shots"? Do you mean delete them from my downloads? I do not care if you have my personal info. The email shown came somehow and I do not use that email. I would love to be rid of it.

The snip is what I got from pasting in the line you gave me. I see no search box. Patrick
Black Rectangle Font Screenshot Electronic device
 
#47 ·
The email shown came somehow and I do not use that email. I would love to be rid of it.
Even if they are no longer in active use, the site policy is to not divulge personally identifiable information, such as email addresses, in public posts. I have deleted the screen captures.
 
#49 ·
OK, so you did it. In any case, type Yes, Enter, and then follow my rest of instructions.
  • In the Search area type File Explorer and choose it from the items appeared.
  • In the address area type C:\Profile.txt and press Enter.
  • From the list, choose C:\Profile.txt, double click to open it.
  • Select the content of the file, copy and paste it in your next reply.
 
#51 ·
Close this black window and then follow the instructions:
  • In the Search area type File Explorer and choose it from the items appeared.
  • In the address area type C:\Profile.txt and press Enter.
  • From the list, choose C:\Profile.txt, double click to open it.
  • Select the content of the file, copy and paste it in your next reply.
 
#52 ·
Hey all!! Quick note. I removed the screenshots that had the personal information in it. We certainly want to protect your privacy.

Now... back to the fun. :)
 
  • Like
Reactions: DR.M
#56 ·
Yes, that is the content of the file, but I don't want screenshots this time. Please select all the content of it, and copy/paste it in your next reply.

Letting you know that it's almost 11 p.m. here, so I will be back to you ideally my afternoon (5-11 p.m.).
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top