1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Virus or Malware????

Discussion in 'Virus & Other Malware Removal' started by cdbright, Sep 22, 2019.

Advertisement
  1. cdbright

    cdbright Thread Starter

    Joined:
    May 31, 2013
    Messages:
    49
    I keep getting pop ups in the lower right corner of my screen whether I am on the internet or not. It is coming from ig-games.com. I have gone to that website and there is no place for me to cancel or get rid of it. Yesterday it started showing porn. So my question is how do I get rid of this?
    Cheryl

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 8.1, 64 bit
    Processor: AMD E-300 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
    Processor Count: 2
    RAM: 3678 Mb
    Graphics Card: AMD Radeon HD 6310 Graphics, 384 Mb
    Hard Drives: C: 286 GB (213 GB Free);
    Motherboard: TOSHIBA, Portable PC
    Antivirus: Windows Defender, Disabled
     
    techtheme likes this.
  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Hi cdbright, welcome back to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not install any new software or run any fixes/tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.

    ---------------------------------------------------
    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool - 64 bit and save it to your desktop.

    • Right-click FRST64.exe then click "Run as administrator"
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.
    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
  3. cdbright

    cdbright Thread Starter

    Joined:
    May 31, 2013
    Messages:
    49
    Here are the files you requested. Thank you for helping me in this matter.
     

    Attached Files:

  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Hi cdbright,

    It looks like the FRST logs are from a few months ago. Please delete any old FRST.txt and Addition.txt files from C:\Users\cdbright\Downloads.

    Run a new scan with FRST and post both reports in your reply. (FRST.txt and Addition.txt)
     
  5. cdbright

    cdbright Thread Starter

    Joined:
    May 31, 2013
    Messages:
    49
    Here are the new scans
     

    Attached Files:

  6. cdbright

    cdbright Thread Starter

    Joined:
    May 31, 2013
    Messages:
    49
    Both files show that they were run on 09/29/2019
     
  7. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Hi cdbright,

    My apologies, I was looking at the wrong logs.

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      CreateRestorePoint:
      HKU\S-1-5-21-1866606178-2781154-2188405074-1001\...\MountPoints2: {17fd2de4-7caf-11e8-824f-806e6f6e6963} - "D:\Autorun.exe" 
      HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> 
      FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
      Task: {05C1E34A-1A7E-4F27-BBE5-F4B0C13E9176} - System32\Tasks\{9FB36864-8019-4587-8693-DE9B91585AD2} => C:\WINDOWS\system32\pcalua.exe -a C:\PROGRA~2\SHOCKW~1.COM\CAKEMA~2\UNWISE.EXE -c C:\PROGRA~2\SHOCKW~1.COM\CAKEMA~2\INSTALL.LOG
      SearchScopes: HKLM -> DefaultScope {A6E9B3B0-F36B-4722-B9C9-24D397231221} URL = 
      SearchScopes: HKLM-x32 -> DefaultScope {A6E9B3B0-F36B-4722-B9C9-24D397231221} URL = 
      SearchScopes: HKU\S-1-5-21-1866606178-2781154-2188405074-1001 -> DefaultScope {A6E9B3B0-F36B-4722-B9C9-24D397231221} URL = 
      FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll [No File]
      S3 glavcam; \SystemRoot\system32\DRIVERS\glavcam.sys [X]
      ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
      ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
      AlternateDataStreams: C:\ProgramData\TEMP:077F4C77 [118]
      AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
      AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [384]
      AlternateDataStreams: C:\ProgramData\TEMP:A8DAF782 [286]
      AlternateDataStreams: C:\ProgramData\TEMP:BBF60A29 [146]
      FirewallRules: [{FC79FF3B-876F-43E9-9BD6-950A9F62A485}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe No File
      FirewallRules: [{C15F9F39-A976-4E9E-9AAA-7633F7F78D10}] => (Allow) C:\Program Files (x86)\\Bignox\\BigNoxVM\\RT\NoxVMHandle.exe No File
      virustotal: C:\PROGRA~2\SHOCKW~1.COM\CAKEMA~2\UNWISE.EXE
      Emptytemp:
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
      Note: No need to paste the script into FRST.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------
    • Open Google Chrome.
    • Click the Menu icon in the upper right corner of the window. (three dots)
    • Click Settings from the drop-down menu. Scroll down and click Advanced.
    • Under "Privacy and Security" click "Content Settings."
    • Click Notifications. If you see any notifications allowed from unfamiliar sites, click Block or Remove next to the site URL.
    • Restart Chrome.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
    • Let me know if the problem persists.
     
  8. cdbright

    cdbright Thread Starter

    Joined:
    May 31, 2013
    Messages:
    49
    After I highlight and press CTRL + C the program shows that its fixing but when it gets to deleting temporary files it freezes up and says that the program is not responsive. it's done it 2 times
     
  9. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Hi cdbright,

    Even if the fix doesn't complete, there should be a file called Fixlog.txt saved to the same location as FRST. If Fixlog.txt is present, please copy/paste its contents in your reply.

    If the fixlog is not present, let me know.
     
  10. cdbright

    cdbright Thread Starter

    Joined:
    May 31, 2013
    Messages:
    49
    Good afternoon iMacg3. Yes there is a fixlog and there is also to other files that showed up in the same folder. I have copied and pasted all three over to you.
     

    Attached Files:

  11. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Hi cdbright,

    Let me know if the following fix runs successfully:

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      EmptyTemp:
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
      Note: No need to paste the script into FRST.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
    • Let me know how the computer is doing.
     
  12. cdbright

    cdbright Thread Starter

    Joined:
    May 31, 2013
    Messages:
    49
    The program stopped responding again. attached is the log. As for how my computer is running? It is running very slow
     

    Attached Files:

  13. cdbright

    cdbright Thread Starter

    Joined:
    May 31, 2013
    Messages:
    49
    The pop ups have finally stopped. but like I said it is running really slow
     
  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    548
    Hi cdbright,

    Let's try cleaning up temporary files using Disk Cleanup.

    ---------------------------------------------------
    Disk Cleanup
    • Press the Windows Key + R.
    • Type cleanmgr and press Enter.
    • Disk Cleanup will open after a few seconds.
    • Review the results. Click OK.
    • Select Delete Files.
    • Disk Cleanup will now delete temporary files. The program will close once it's complete.

    Let me know if computer performance has improved after running Disk Cleanup.
     
  15. cdbright

    cdbright Thread Starter

    Joined:
    May 31, 2013
    Messages:
    49
    It runs so much better. Thank you for taking the time out of your busy schedule to help me.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1233308

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice