Inactive Virus and malware

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Hello, Amitrana.

Welcome to TSG Forums.

If you want us to check your computer for malware, please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
 

Amitrana

Thread Starter
Joined
Oct 27, 2021
Messages
7
Hello, Amitrana.

Welcome to TSG Forums.

If you want us to check your computer for malware, please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.
Chrome and firefix is running very slow // recently i had updated my laptop to windows 11
system specification i5 8th gen
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Hi, Amitrana.

You have McAfee LiveSafe installed, but in the Security Center the program appears as disabled.

I suggest you to completely uninstall it (please make sure you have somewhere saved a license in case it is a payed product), and see if there is a difference regarding the computer's functionality. Personally, I recommend the use of the Windows built-in antivirus, Windows Defender, since many times users report problems with third party antivirus. But it's your computer, so your decision, and you can install McAfee again when we finish from here.

To uninstall McAfee:
  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
Code:
McAfee
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the Sophos Anti-Virus items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.

Something else

Did you intentionally enable notifications from the following sites?
Code:
hxxps//www.patanjaliayurved.net
hxxps//allen3.extraaedge.com;
hxxps//www.irctc.co.in

After uninstalling McAffe, please let me check fresh FRST logs, Addition and FRST.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Hi, Amitrana.

Let's continue. First, please move FRST tool out of the folder Important, directly on to your Desktop.

After that,

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b42be1c9c51179ef\Amit (Person 1) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 7"
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\rohit (amit rana) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\hp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
2020-12-14 11:06 - 2020-12-14 11:06 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\e_sqlite3.dll
2021-10-04 13:07 - 2021-10-04 13:08 - 016744448 _____ (McAfee LLC) [File not signed] C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy\mcafee-security.dll
FirewallRules: [UDP Query User{FFFF1B55-8F51-4A53-928D-4C6B07FD748F}C:\users\hp\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\hp\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [TCP Query User{0665C98A-2D66-4B7E-AD79-B8ED65305FF1}C:\users\hp\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\hp\appdata\local\programs\opera\opera.exe => No File
FirewallRules: [{09AFE620-351F-4C58-B2B5-A0D3EBB7D648}] => (Allow) C:\Users\hp\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{66360707-32B1-4EA5-981B-D9A6020398A3}] => (Allow) C:\Users\hp\AppData\Roaming\uTorrent Web\utweb.exe => No File
FirewallRules: [{528774A4-0E65-4D83-A97F-90559E017C4D}] => (Allow) C:\Windows\twain_32\HP\HPLM13X\ScanCDLM\ScanCDLM.exe => No File
FirewallRules: [{9A59BF54-AC9E-42B9-9A2E-3077E9774B80}] => (Allow) C:\Windows\twain_32\HP\HPLM13X\ScanCDLM\ScanCDLM.exe => No File
HKU\S-1-5-21-792561640-2004951702-1346922285-1001\...\Run: [utweb] => "C:\Users\hp\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
CHR Notifications: Profile 10 -> hxxps//allen3.extraaedge.com; hxxps//mail.google.com; hxxps//www.irctc.co.in
CHR Notifications: Profile 13 -> hxxps//mail.google.com; hxxps//www.patanjaliayurved.net
S2 0028831635380918mcinstcleanup; C:\ProgramData\McInstTemp0028831635380918\McInst.exe [839968 2020-08-18] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe" [X]
S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe" [X]
S3 mfevtp; no ImagePath
S0 cfwids; system32\drivers\cfwids.sys [X]
R0 mfeaack; system32\drivers\mfeaack.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfeplk; system32\drivers\mfeplk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
S3 MpKslde63dcf5; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1858C53-D7F0-44F6-99A6-9275E23E05E8}\MpKslDrv.sys [X]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2021-10-28 05:58 - 2021-10-28 05:58 - 000000000 ____D C:\ProgramData\McInstTemp0028831635380918
2021-10-23 18:44 - 2021-10-23 18:44 - 000000000 ____D C:\Users\hp\Downloads\uTorrent Web Tutorial Video
2021-10-21 19:13 - 2021-10-27 09:46 - 000000000 ____D C:\Users\hp\AppData\Local\BitTorrentHelper
2021-10-21 19:09 - 2021-10-21 19:09 - 000000000 ____D C:\ProgramData\Lavasoft
2021-10-21 19:08 - 2021-10-21 19:08 - 000000000 ____D C:\Users\hp\AppData\Local\UTW008
2021-10-21 19:04 - 2021-10-21 19:05 - 021120176 _____ (BitTorrent, Inc.) C:\Users\hp\Downloads\utweb_installer.exe
2021-10-28 05:58 - 2019-09-08 22:39 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-10-19 14:03 - 2019-09-08 22:39 - 000000000 ____D C:\Program Files (x86)\McAfee
C:\Users\hp\AppData\Roaming\uTorrent Web
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

2. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

3. Run Malwarebytes (Scan mode)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. The fixlog.txt
  2. The AdwCleaner[S0*].txt
  3. The Malwarebytes report
 

Amitrana

Thread Starter
Joined
Oct 27, 2021
Messages
7
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/28/21
Scan Time: 5:05 PM
Log File: 34b8cce2-37e3-11ec-9e2a-040e3c52ae35.json

-Software Information-
Version: 4.4.9.142
Components Version: 1.0.1486
Update Package Version: 1.0.46486
License: Trial

-System Information-
OS: Windows 11 (Build 22000.282)
CPU: x64
File System: NTFS
User: RANA\hp

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 324722
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 13 min, 29 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Hi.

It seems that you ran twice the fix, that's why the Not found indications in the log.

Let's clean.

1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in Registry part of the log, is adware and PUP which stands for Potentially Unwanted Programs. In the instructions below, I will list it to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I don't keep programs I don't use/need, since there is a possibility to cause issues/slowness. But again, it's your computer, so your decision.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Remove an app

Click on the Start icon, find McAfee® Personal Security, right click on it and choose Uninstall.
Restart.

In your next reply please post:
  1. The AdwCleaner[C0*].txt
  2. Feedback: How is the computer running now? Any improvement?
 

Amitrana

Thread Starter
Joined
Oct 27, 2021
Messages
7
Feedback :- Device is running fine . But it is taking to much time to start when i restart and chrome is running slow in starting but after sometime it start working fine . i had uninstalled McAfee .
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
But it is taking to much time to start when i restart and chrome is running slow in starting but after sometime it start working fine .
OK. We will do something for that.

But first, let me see fresh FRST logs, Addition and FRST logs. I see that you chose to uninstall the Preinstalled software, so we may need to uninstall some programs manually too.
 

Amitrana

Thread Starter
Joined
Oct 27, 2021
Messages
7
yes but if some pre installed software's are necessary for device then we can leave them as installed . if it doesn't make much changes to device
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
yes but if some pre installed software's are necessary for device then we can leave them as installed . if it doesn't make much changes to device
I understand your concern, but most of the times they are not needed. Let's see the logs, and I will let you know.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Hello.

Asking for help, providing your logs for analysis and then go away, is not just a simple thing. Plus, it's not kind at all. People spend a remarkable amount of time to analyse the logs and, as you know, time is valuable for all of us.

If you still need assistance, you can post here again, or, if the thread is closed, send me a personal message (hover the mouse on my profile avatar and press Start a conversation) with a link to the topic.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top