think i have avirus, help please

[REDACTED]

Hello, a laptop i am using seems like it has slowed down loads. The virus popup constantly says there is a virus.
could someone help please

[TrueIndian]

Follow this guide:
https://forum.avast.com/index.php?topic=53253.0

attach all logs here on next reply.

[magna86]

Hello,

Instead of standard procedure we usual require (MBAM, OTL and aswMBR) please run system diagnostics with these tools for now. That will allow me to quickly ascertain whether or not malware may be running on your machine and how to map my strategy for attack.



=> Please download Farbar Recovery Scan Tool () by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

[REDACTED]

okay so i ran malwarebytes as i did not see your message magna. and then ran the farbar. here are the logs. thanks for your help.

[magna86]

Hi,

Can you post the MBAM logs while I analyse the Farbar logs?


• Post the logs. Click on the History tab > Application Logs. Double click on the Scan Log which shows the date and time of just performed scan.
- Click Export button at the bottom, and then select the 'Text file (*.txt)'
- In the Save File dialog box which appears, click on Desktop.
- In the File name: box type "mbam" (without quotes) for your scan log name and click Save.
- A message box "Your file has been successfully exported" should appear, click Ok and close the windows.


Please attach the exported/saved log named as mbam.txt to your next reply.

[magna86]

Btw, can you repost the FRST.txt logfile as your log is not the whole, it's cut in half...

[REDACTED]

here is the mbam

[REDACTED]

frst

[REDACTED]

here it is complete

[magna86]

Good.


We can try to remove bad adware/PUP programs 'by the book' but since MBAM was the first strike tool, we can attempt as related uninstallers may be removed.


From Control Panel > Programs and Features uninstall the following:


1. Search Protect
2. Snap.Do
3. Updater

Reboot the Windows ant this should fix all your problem. But for precaution, we shall deploy fix as well.




1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

File: C:\Program Files\Hotkey\PowerBiosServer.exe
Folder: C:\Program Files\albrechto
REG: reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect" /f
REG: reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{76D809C3-5493-44C2-80AF-E5DF1690A74F}" /f
REG: reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" /f
HOSTS:
Task: {31B97FB7-D497-4B2F-98C7-AF7E2E0960C3} - System32\Tasks\DSite => C:\Users\lue\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKU\S-1-5-21-1801418502-2371206943-1419521884-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\lue\AppData\Local\Smartbar\Application\SnapDo.exe startup
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe (No File)
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\lue\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
ShortcutTarget: Weather Alerts.lnk -> C:\Users\lue\AppData\Local\WeatherAlerts\WeatherAlerts.exe (No File)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=CT3320048&octid=EB_ORIGINAL_CTID&ISID=M7E9CDC32-6677-41AC-AE4A-31A017E582D3&SearchSource=55&CUI=&UM=5&UP=SPD8201196-7C8E-421E-B25D-C10731E6893D&SSPV=
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 Update albrechto; "C:\Program Files\albrechto\updatealbrechto.exe" [X]
REBOOT:
C:\Users\lue\AppData\Roaming\DSite
C:\Users\lue\AppData\Local\Smartbar
C:\PROGRA~1\SearchProtect
C:\Program Files\albrechto\updatealbrechto.exe
C:\Users\lue\AppData\Local\Temp\*.dll
C:\Users\lue\AppData\Local\Temp\*.exe

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

[REDACTED]

okay thats helped alot thanks magna, only it seems snap do wont uninstall. it asks me to manually browse to its unistall location. im guessing malwarebytes deleted it and so it cant uninstall. is this the case?

[REDACTED]

and will defragging speed the laptop up by any noticeable amount?

[magna86]

okay thats helped alot thanks magna, only it seems snap do wont uninstall. it asks me to manually browse to its unistall location. im guessing malwarebytes deleted it and so it cant uninstall. is this the case?

Yes it is. But no problem here, just proceed with FixList execution. 

and will defragging speed the laptop up by any noticeable amount?

Sorry, I can not understand the question. Maybe it's me as English is not my native language. Rephrase the question please.