Avast WEBforum
Other => Viruses and worms => Topic started by: Nodar on May 15, 2019, 08:32:41 AM
-
Hi, every 30 mins or 60 mins I lose my internet connection, I mean I am connected to my network, but I can't access the internet and my avast browser freezes when this problem happens!!! so I restart the browser again and try to get in any website then it says this message https://ibb.co/h710PmJ but if I disconnect the network by myself it says this message when I try to enter a website "No Internet", and the browser doesn't freeze then,
I Then understood of the first case [which is in the screenshot] that this is not normal, I am connected but I can't access the internet.
I fix that by reconnecting to my network again. then after a while it happens again. then I used a full scan by another anti virus and found this https://ibb.co/pPdLrTd I thought maybe that is the reason, but it didn't give me the location of the file to delete it, all what I had is "RESOLVE" button so I clicked on resolve. then I scanned again and didn't find it, but I still lose my internet connection.
I told my friend -He is High TechLevel engineer- that I be connected to my network but can't access the internet, He said "You are probably DDOSed".
I looked at the IP and used "WhatismyIPaddress" Website to know the location of this IP and I found it was in "Singapore" then I started to think "is my network being hacked by a guy in singapore?" "And does he use my network?" "And does he see my desktop?"
["And does he only know the IP of this PC? that is why my PC can't access the internet?]
I then immediately changed the password of the Wifi page and the password of the network, but that didn't work too, all what I realized is I can access my internet for a longer while after I changed the passwords then the problem happens again.
My network works fine on my other devices but on this PC it doesn't, so I think my network is being hacked.........Please help me.
-
.........then I used a full scan by another anti virus and found this.............
Do you have more then one antivirus installed?
Follow instructions here >> https://forum.avast.com/index.php?topic=194892.0
Attach the requested logs from step #1 and #2
-
actually, I uninstalled my other antivirus -although it was useful to know that I was being switched to another IP- and I didn't trust it much I thought maybe it is the reason of my problem, I have read lots of things about it "Fake Microsoft updates, fake scans, fake results, ..... ETC" so I uninstalled it, and installed avast, because I I thought maybe avast can protect me of this problem.
Now I only have avast.
But I still Have the problem. https://ibb.co/YXQyzqv this "!" symbol which is on the wifi Icon means that my network is limited, I read under my network name "Limited" that means the problem happened again, so I reconnect again.
Why should I install Farbar Recovery Scan Tool and MalwareBytes? I am okay with avast but ........ How do I get ride of this problem? And I apologize for putting screenshot links I don't know how to put an Image here except with putting screenshot links. I don't have or see "Attachments and other options" button.
I used Wifi Inspector which is in Avast and it said my network password is weak although the whole password consists of numbers and made a full scan using Avast and avast didn't find anything. Please Free me of my problem.
-
Why should I install Farbar Recovery Scan Tool and MalwareBytes? I am okay with avast but ........
Did you want assistanse to solve your problem?
If so, those logs are needed. Tools can be removed when expert is finish
-
Is not Avast Anti Virus too? I don't understand, why use malwarebytes and not Avast?
-
Is not Avast Anti Virus too? I don't understand, why use malwarebytes and not Avast?
Malwarebytes is not antivirus
FRST is a diagnostic tool
-
MalwareBytes is really Dumb it detects around 225 viruses? .... No No No I don't think so, and how do I know which one is the correct virus that causes this problem? , Not good software. I am not gonna install it again.
And I don't want to use Farbar Recovery Scan Tool. I am tired of downloading softwares that I don't know and it could harm some parts of the system.
I am good with Avast.
Do you have another solution? Please all what I just want is to make my internet connection always on, That is all.
I am tired of reconnecting again and again.
-
MalwareBytes is really Dumb it detects around 225 viruses?
I guess it detected lots of PUPs ?
PUP = Possible Unwanted Program (usually crap)
Do you have another solution?
We can not see what is inside your computer .... for that we need to see logs
The two diagnostic logs from FRST are the important ones
-
Fine I will send you logs.
I decided to try avast premier, and I tried its firewall, However I still have the problem.
Do you want its log too?
-
Attach the log to your post, using the Attachments and other options below the text window, click the text to expand.
-
Do I have to put it here in public?
It may have some sensitive information.
-
There are only a few volunteer malware removal specialists available to help and Pondus isn't one of them. Their available time is limited and they may also be in a different time zone.
So you could well be plying time zone ping pong, so direct communication even by PM would make the whole process more difficult. Generally help is only provided through the medium of the forums.
-
What do you mean by "Volunteer"? You mean they are just volunteers not part of Avast team?
And Who are they?
And By the way I am still waiting for Pondus to read the logs which I sent to him.
You too can help me in my problem please? Can I send you logs?
-
What do you mean by "Volunteer"? You mean they are just volunteers not part of Avast team? And Who are they?
Yes .... you find all info at top in the guide
@Sass Drake is notified and i gave him links to the logs.
It may take hours before he is online, sometimes not before next day
-
Ok.
-
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
HKLM-x32\...\Run: [chrome] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --headless --disable-gpu --remote-debugging-port=9222 hxxp://mi-de-ner-nis3.info/cdn-37.html?t=0.4
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0EE3BE16-5A42-4419-B8BA-9680A80DBB10} - System32\Tasks\FastDataX Task => C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE
Tcpip\Parameters: [NameServer] 82.163.142.9 95.211.158.137
Tcpip\..\Interfaces\{4C64E1C4-3495-4D7A-8109-C961B000B025}: [NameServer] 82.163.142.9 95.211.158.137
Tcpip\..\Interfaces\{532E43E3-D068-40CA-A3F9-1384E66BABDE}: [NameServer] 82.163.142.9 95.211.158.137
Tcpip\..\Interfaces\{532E43E3-D068-40CA-A3F9-1384E66BABDE}: [DhcpNameServer] 82.163.142.9
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\636559140.js [2017-04-27] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\636559140.cfg [2017-04-27] <==== ATTENTION
Shortcut: C:\Users\Karam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Eхрlorer.lnk -> C:\Users\Karam\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Karam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozillа Firеfoх.lnk -> C:\Users\Karam\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\Users\Karam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfoх.lnk -> C:\Users\Karam\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvast SаfеZоnе Browsеr.lnk -> C:\Users\Karam\AppData\Roaming\Browsers\exe.rehcnual.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfоx.lnk -> C:\Users\Karam\AppData\Roaming\Browsers\exe.xoferif.bat ()
C:\Users\Karam\AppData\Roaming\Browsers
C:\ProgramData\{3ef26ccf-212c-1}
C:\PROGRA~2\FASTDA~1
EmptyTemp:- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
I am very very sorry I uninstalled some Software I thought that may solve my problem but No, It didn't.
I will send you new logs.
And I am sorry again.
I have some questions please,
Won't the software harm the system if I click on "Fix" button? What I mean is maybe it is not smart software. Nothing is guaranteed about it.
And what does fixlist.txt do?
And should I select all the options so it fixes them? Registry, Services, Drivers, Processes, Internet.
If yes, then why not choosing only "Internet" Option? I only have problem with my internet connection, I can access my network but can't access the internet.
-
When you click on Fix button, FRST will look for fixlist.txt and do what is instructed in fixlist.txt. Options Registry, Services, Drivers, Internet are scan options and they control what will appear in scan log. Follow instructions I gave please.
-
OK but I see in the fixlist "Mozilla firefox". so I must tell you that I uninstalled Mozilla firefox too. I am sorry for that.
So I think the new logs have the latest information, That is why I sent you them. Shouldn't I use a new fixlist.txt because of the new logs?
or Should I still use the old fixlist you gave me?
-
Doesn't matter if you uninstalled Firefox. Just follow the instructions.
-
Ok I followed the instructions and clicked on "fix" and sent you Fixlog.txt
I still have problem and I noticed that my IP address got changed, but the location is the same.
And I feel that the period got decreased, I mean maybe every 10 minutes or 15 minutes or even less than 10 minutes , the problem happens again.
it was 30 - 60 minutes,and now it is 10 -15 minutes or less than 10 minutes. I can't spend an hour without losing connection.
-
Post fixlog.txt here.
-
Fix result of Farbar Recovery Scan Tool (x64) Version: 16-05.2019
Ran by Karam (18-05-2019 01:14:15) Run:1
Running from C:\Users\Karam\Desktop
Loaded Profiles: Karam (Available Profiles: Karam)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM-x32\...\Run: [chrome] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --headless --disable-gpu --remote-debugging-port=9222 hxxp://mi-de-ner-nis3.info/cdn-37.html?t=0.4
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0EE3BE16-5A42-4419-B8BA-9680A80DBB10} - System32\Tasks\FastDataX Task => C:\PROGRA~2\FASTDA~1\FASTDA~1.EXE
Tcpip\Parameters: [NameServer] 82.163.142.9 95.211.158.137
Tcpip\..\Interfaces\{4C64E1C4-3495-4D7A-8109-C961B000B025}: [NameServer] 82.163.142.9 95.211.158.137
Tcpip\..\Interfaces\{532E43E3-D068-40CA-A3F9-1384E66BABDE}: [NameServer] 82.163.142.9 95.211.158.137
Tcpip\..\Interfaces\{532E43E3-D068-40CA-A3F9-1384E66BABDE}: [DhcpNameServer] 82.163.142.9
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\636559140.js [2017-04-27] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\636559140.cfg [2017-04-27] <==== ATTENTION
Shortcut: C:\Users\Karam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Eхрlorer.lnk -> C:\Users\Karam\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <==== Cyrillic
Shortcut: C:\Users\Karam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozillа Firеfoх.lnk -> C:\Users\Karam\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\Users\Karam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfoх.lnk -> C:\Users\Karam\AppData\Roaming\Browsers\exe.xoferif.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvast SаfеZоnе Browsеr.lnk -> C:\Users\Karam\AppData\Roaming\Browsers\exe.rehcnual.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfоx.lnk -> C:\Users\Karam\AppData\Roaming\Browsers\exe.xoferif.bat ()
C:\Users\Karam\AppData\Roaming\Browsers
C:\ProgramData\{3ef26ccf-212c-1}
C:\PROGRA~2\FASTDA~1
EmptyTemp:
*****************
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\chrome" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EE3BE16-5A42-4419-B8BA-9680A80DBB10}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EE3BE16-5A42-4419-B8BA-9680A80DBB10}" => removed successfully
C:\WINDOWS\System32\Tasks\FastDataX Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FastDataX Task" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C64E1C4-3495-4D7A-8109-C961B000B025}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{532E43E3-D068-40CA-A3F9-1384E66BABDE}\\NameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{532E43E3-D068-40CA-A3F9-1384E66BABDE}\\DhcpNameServer" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\636559140.js => moved successfully
C:\Program Files (x86)\mozilla firefox\636559140.cfg => moved successfully
C:\Users\Karam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Eхрlorer.lnk => moved successfully
C:\Users\Karam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozillа Firеfoх.lnk => moved successfully
C:\Users\Karam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfoх.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvast SаfеZоnе Browsеr.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfоx.lnk => moved successfully
C:\Users\Karam\AppData\Roaming\Browsers => moved successfully
C:\ProgramData\{3ef26ccf-212c-1} => moved successfully
"C:\PROGRA~2\FASTDA~1" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16142581 B
Java, Flash, Steam htmlcache => 3409 B
Windows/system/drivers => 1299544632 B
Edge => 0 B
Chrome => 121913892 B
Firefox => 431771183 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 7676402 B
systemprofile32 => 336682503 B
LocalService => 1450820 B
NetworkService => 607262 B
Karam => 1470921471 B
RecycleBin => 0 B
EmptyTemp: => 3.4 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 01:14:51 ====
-
Post new FRST.txt and Addition.txt logs.
-
New Logs
-
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by Karam (19-05-2019 16:40:35) Run:2
Running from C:\Users\Karam\Desktop
Loaded Profiles: Karam (Available Profiles: Karam)
Boot Mode: Normal
==============================================
fixlist content:
*****************
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
*****************
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
==== End of Fixlog 16:40:35 ====
I still have the problem, I got "limited" word under my network name and lost connection. So I reconnected again.
-
Do you have other PC, phone or tablet in same network and if you have, dou you have same problem on them?
-
Actually I have another PC, but its case is different, it can access the network but it can't access the internet [AT ALL].
in the past it was working fine, then I stopped using it for months, then someday I turned it on and I found it very slow -[I looked at task manager then I found "System Process" it uses too much of the CPU, CPU Usage maybe 90 - 97 , I don't know why]-, and can't access the internet.
I don't why it is slow, maybe because I didn't clean it years ago with a blower. And I don't know why it doesn't have access to the internet.
-
According to logs your PC is clean. Can you test with Google Chrome instead of Avast Browser?
-
I uninstalled Avast Secure Browser and I tried Google Chrome but I still have the problem and google chrome Froze. so I reconnected again.
What do I do?
What about uninstalling all chrome browsers [Google Chrome and Avast Secure Browsers] and deleting some chrome codes using FRST?
Then installing chrome Browsers again.
What I mean is maybe we should start from 0
I don't know I am just suggesting.
And did you see this? https://ibb.co/pPdLrTd I already posted that in my first post. I want to make sure you saw that.
And I don't know if what is written in that screenshot happens to me or not, but that is what I got from my other anti virus -when I made a scan- before I uninstall it.
And should I do anything here? https://ibb.co/txnBN3W
-
Is problem gone if you uinstall avast?
-
The problem already started before I install Avast. Actually it is been months and my PC is still in that case.
Here is another screenshot, https://ibb.co/D7tn6xW
Nothing works....
-Avast Premier and its firewall and its Wi-Fi Inspector.
-Avast Online Security (browser extension).
-Uninstalling OpenVPN and other softwares.-------------------------------Do you want me to uninstall avast too?
-Using Google Chrome.----------------------------------------------------I re installed Avast Secure Browser again because Google Chrome didn't fix my problem.
-Deselecting "Register This Connection's Address in DNS" for IPv4 and IPv6
-Farbar Recovery Scan Tool.
-Uninstalling my other Anti Virus and its products.
-Running CMD as Administrator and Writing ipconfig command in CMD.
I need big help. I hope Sass Drake finds a solution for this.
-
I made Strong Full Virus Scan, with
-High sensitivity
-Scan for potentially unwanted programs (PUBs)
-Follow links during scan.
-Test whole files (Very slow for big files)
-High priority Scan
-Scan all types of archives
-Scan all files (very slow)
And here is what I got ... I only know Avira VPN Crack the rest of the files I don't know them.
And I have just read about nettrans.exe and it could be the reason of my problem:-
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Nettrans virus (also found as Nettrans.exe virus) is a term used to identify adware that connects to a remote host to transmit and receive unknown data. Once Nettrans is on a computer it will create a service named “Prefs Secure” that loads the C:\ProgramData\PrefsSecure\Nettrans.exe program.
When you "double-click" an EXE file, your computer automatically executes these instructions designed by a software developer (eg. Kingsoft Corporation) to run a program (eg. Kingsoft FastAit 2009) on your PC.
Every software application on your PC uses an executable file - your web browser, word processor, spreadsheet program, etc. - making it one of the most useful kinds of files in the Windows operating system. Without executable files like nettrans.exe, you wouldn't be able to use any programs on your PC.
Nattrens erros The most common nettrans.exe errors that can appear on a Windows-based computer are:
"Nettrans.exe Application Error."
"Nettrans.exe is not a valid Win32 application."
"Nettrans.exe has encountered a problem and needs to close. We are sorry for the inconvenience."
"Cannot find nettrans.exe."
"Nettrans.exe not found."
"Error starting program: nettrans.exe."
"Nettrans.exe is not running."
"Nettrans.exe failed."
"Faulting Application Path: nettrans.exe."
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I have never got any nettrans error before. At least Nettrans.exe and LogicHandler.exe don't run on Task Manager.
So What do I do with all these files?
Or I send you them then you analyze them all? Then at the end deciding what to delete or repair?
-
Do you have same problem on other Wi-Fi network?
-
I have been using this network for approximately 2 years, and the problem started maybe 3 months ago,
So I don't know if I use another network I will get this problem again or not.
What do I do to fix this problem?
And what about the 18 scanned files in Avast?
I made another scan to get a report file , this time I got same issues + one = 19 issues
Here is the report file
*
* Avast Scan Report
* This file is generated automatically
*
* Scan name: Advanced Scan
* Started on: Wednesday, May 22, 2019 12:44:17 AM
* VPS: 190521-4, 05/21/2019
*
C:\Users\Karam\AppData\Roaming\Stockdanstring.tst|>Nettrans.exe [L] Win32:Adware-gen [Adw] (0)
C:\Users\Karam\Downloads\Avira Phantom VPN 2.12.8.21345 Setup + Crack\Avira Phantom VPN 2.12.8.21345 Setup + Crack\Avira Phantom VPN 2.12.8.21345 Setup + Crack\Data Reset\Data Reset.exe [L] Win32:Malware-gen (0)
C:\ProgramData\a7c11770-3c77-0\a7c11770-3c77-0.d [L] Win32:AdwareX-gen [Adw] (0)
C:\Users\Karam\AppData\Roaming\Voyabam.bin|>LogicHandler.exe [L] Win32:InstallCore-IE [PUP] (0)
C:\Users\Karam\AppData\Roaming\Voyabam.bin [L] FileRepMalware [PUP] (0)
C:\ProgramData\a7c11770-4de7-1\a7c11770-4de7-1.d [L] Win32:AdwareX-gen [Adw] (0)
C:\ProgramData\{128871a8-412c-1}\{128871a8-412c-1}.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\{366F7B1D-C7EE-32EE-96DA-6DBE963D34EF}\{366F7B1D-C7EE-32EE-96DA-6DBE963D34EF}.tmp [L] Win32:Adposhel-E [Adw] (0)
C:\ProgramData\a7c11770-3b83-1\a7c11770-3b83-1.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\9cadea51-3c75-0\9cadea51-3c75-0.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\9cadea51-4cc1-1\9cadea51-4cc1-1.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\{4bc5400b-712c-0}\{4bc5400b-712c-0}.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\{71901338-412c-1}\{71901338-412c-1}.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\{11440c3a-312c-0}\{11440c3a-312c-0}.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\{70874456-512c-1}\{70874456-512c-1}.d [L] Win32:AdwareX-gen [Adw] (0)
C:\ProgramData\{E416A6AE-1A5D-E097-2507-146C25E04D3D}\{E416A6AE-1A5D-E097-2507-146C25E04D3D}.tmp [L] Win32:Adposhel-E [Adw] (0)
C:\ProgramData\a7c11770-03f3-0\a7c11770-03f3-0.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\{95C6A0E3-1C10-9147-6801-C41D68E69D4C}\{95C6A0E3-1C10-9147-6801-C41D68E69D4C}.tmp [L] Win32:Adposhel-E [Adw] (0)
C:\Users\Karam\Downloads\Avira Phantom VPN 2.12.8.21345 Setup + Crack.rar|>Avira Phantom VPN 2.12.8.21345 Setup + Crack\Avira Phantom VPN 2.12.8.21345 Setup + Crack\Data Reset\Data Reset.exe [L] Win32:Malware-gen (0)
Infected files: 19
Total files: 703134
Total folders: 46671
Total size: 151.6 GB
*
* Scan stopped: Wednesday, May 22, 2019 1:10:44 AM
* Run-time was 26 minute(s), 27 second(s)
*
-
Can you try to factory reset router of yours?
-
I reset the router and didn't work too.
What now?
-
Hello? Anyone?
-
I made Strong Full Virus Scan, with
-High sensitivity
-Scan for potentially unwanted programs (PUBs)
-Follow links during scan.
-Test whole files (Very slow for big files)
-High priority Scan
-Scan all types of archives
-Scan all files (very slow)
If you set High sensitivity back to default, what result to you get then?
-
Default is : Medium
====================
Same results (18 issues).
* Avast Scan Report
* This file is generated automatically
*
* Scan name: Advanced Scan
* Started on: Thursday, May 23, 2019 8:30:23 PM
* VPS: 190523-2, 05/23/2019
*
C:\Users\Karam\AppData\Roaming\Stockdanstring.tst|>Nettrans.exe [L] Win32:Adware-gen [Adw] (0)
C:\Users\Karam\Downloads\Avira Phantom VPN 2.12.8.21345 Setup + Crack\Avira Phantom VPN 2.12.8.21345 Setup + Crack\Avira Phantom VPN 2.12.8.21345 Setup + Crack\Data Reset\Data Reset.exe [L] Win32:Malware-gen (0)
C:\ProgramData\a7c11770-3c77-0\a7c11770-3c77-0.d [L] Win32:AdwareX-gen [Adw] (0)
C:\Users\Karam\AppData\Roaming\Voyabam.bin|>LogicHandler.exe [L] Win32:InstallCore-IE [PUP] (0)
C:\ProgramData\a7c11770-4de7-1\a7c11770-4de7-1.d [L] Win32:AdwareX-gen [Adw] (0)
C:\ProgramData\{128871a8-412c-1}\{128871a8-412c-1}.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\{366F7B1D-C7EE-32EE-96DA-6DBE963D34EF}\{366F7B1D-C7EE-32EE-96DA-6DBE963D34EF}.tmp [L] Win32:Adposhel-E [Adw] (0)
C:\ProgramData\a7c11770-3b83-1\a7c11770-3b83-1.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\9cadea51-3c75-0\9cadea51-3c75-0.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\9cadea51-4cc1-1\9cadea51-4cc1-1.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\{4bc5400b-712c-0}\{4bc5400b-712c-0}.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\{71901338-412c-1}\{71901338-412c-1}.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\{11440c3a-312c-0}\{11440c3a-312c-0}.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\{70874456-512c-1}\{70874456-512c-1}.d [L] Win32:AdwareX-gen [Adw] (0)
C:\ProgramData\{E416A6AE-1A5D-E097-2507-146C25E04D3D}\{E416A6AE-1A5D-E097-2507-146C25E04D3D}.tmp [L] Win32:Adposhel-E [Adw] (0)
C:\ProgramData\a7c11770-03f3-0\a7c11770-03f3-0.d [L] Win32:Adware-gen [Adw] (0)
C:\ProgramData\{95C6A0E3-1C10-9147-6801-C41D68E69D4C}\{95C6A0E3-1C10-9147-6801-C41D68E69D4C}.tmp [L] Win32:Adposhel-E [Adw] (0)
C:\Users\Karam\Downloads\Avira Phantom VPN 2.12.8.21345 Setup + Crack.rar|>Avira Phantom VPN 2.12.8.21345 Setup + Crack\Avira Phantom VPN 2.12.8.21345 Setup + Crack\Data Reset\Data Reset.exe [L] Win32:Malware-gen (0)
Infected files: 18
Total files: 699434
Total folders: 46686
Total size: 152.1 GB
*
* Scan stopped: Thursday, May 23, 2019 8:57:08 PM
* Run-time was 26 minute(s), 45 second(s)
*
What do I do to fix the problem which is in my first post?
-
Well according to this line in your scan report
C:\Users\Karam\Downloads\Avira Phantom VPN 2.12.8.21345 Setup + Crack\Avira Phantom VPN 2.12.8.21345 Setup + Crack\Avira Phantom VPN 2.12.8.21345 Setup + Crack\Data Reset\Data Reset.exe [L] Win32:Malware-gen (0)
You have downloaded a crack. These frequently come with other guests, especially if you have tried to install it or even possibly during the download.
-
FALSE POSITIVE, I will not send the crack to anyone
I used it and it worked. Then I stopped using it before the problem happens.
-
Here are all the files to analyze Except the crack. Please open the "Read Me" files.
http://www.mediafire.com/file/nzo6rqg5p1f25p1/Suspicious_Files%25282%2529.rar/file
Disable your anti virus so you can download it, or at least the web shield.
------------------------------------------------------------------------------------------------------------------
What do I delete or repair or what do I do?
-
Latest logs from,
Farbar Recovery Scan Tool and MalwareBytes.
Note: I didn't delete what MalwareBytes scanned, I just brought the Report.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
What an anti malware, the scan made my PC freeze for few seconds. Never Mind. at least I got the report.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
184 files are identified as a threat while Avast only detects 19.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Ok Now we have the suspicious files and FRST and MalwareBytes logs
What do I do now?
-
Unless @Sass Drake say other i would let avast and Malwarebytes quarantine all the crap they find
You can always restore from quarantine
-
You are using Avast as Cleaner? That is not good.
I remember when I got bytefence anti Virus on my PC -it was the dumbest anti virus-, I didn't know how it came , but I didn't care I had put a full trust at it so I kept on clicking remove button every time it thinks a file as a virus,
it ruined my windows and deleted some important windows files. At the end I had to take the computer to computer shop.
Don't always trust any anti virus. They are not always smart. For now I am good with Avast.
Another point if An anti virus or an anti malware finds lots of files as threat like 184 or 300 or 2000 files , then that proves it is dumb. It can't be that all these files are threat.
-
Another point if An anti virus or an anti malware finds lots of files as threat like 184 or 300 or 2000 files , then that proves it is dumb. It can't be that all these files are threat.
This is a matter of how the program list detected items, it does not necessarily mean multiple infections
Malwarebytes will list evry entry that a malicious program have written in your computer, so one infection can look like many. Other programs may lits this different
Your computer your choise
-
FRST logs are clean. I can only suggest reseting network settings from
Start button -> PC Settings -> Network & Internet -> Status -> Network reset
-
But you are malware analyst , shouldn't you analyze those files and see if they are dangerous or not?
Or at least send me someone to analyze them please.
And where is that "Network Reset" Button?
I don't see it.
-
You can upload and check files at www.virustotal.com
-
Start button -> PC Settings -> Network & Internet -> Status -> Network reset
-
This is windows 10, I use windows 8.1
-
This is windows 10, I use windows 8.1
Do you know how to google search?
https://pureinfotech.com/how-to-fix-wireless-limited-connectivity-windows-81/
https://www.google.com/search?q=windows+8.1+network+reset&rlz=1C1JZAP_noNO713NO713&oq=windows+8.1+network+reset&aqs=chrome..69i57j0l5.11560j0j7&sourceid=chrome&{google:instantExtendedEnabledParameter}ie=UTF-8