Configurações - módulo "Exclusões" modificado por vírus e VPN desligada

[REDACTED]

Todo dia meu Avast Premier é invadido e tem suas configurações - módulo "Exclusões" modificado, o VPNSecureLine desligado e todos os navegadores que uso - Firefox, Edge e IE - abrem primeiramente uma página do luckystartsites ou ourluckystartsites. As vezes diversos ícones de Casas Bahia, Americanas e outros aparecem na área de trabalho. Como ficar livre disso de uma vez por todas?

[Herbert30]

Cara,

Coloca ou troca a senha do Avast para impossibilitar que essas alterações sejam feitas, talvez resolva.

[REDACTED]

Coloquei a senha recentemente, mas vou seguir sua sugestão e trocar novamente. Retorno amanhã! Valeu!

[jefferson sant]

Todo dia meu Avast Premier é invadido e tem suas configurações - módulo "Exclusões" modificado, o VPNSecureLine desligado e todos os navegadores que uso - Firefox, Edge e IE - abrem primeiramente uma página do luckystartsites ou ourluckystartsites. As vezes diversos ícones de Casas Bahia, Americanas e outros aparecem na área de trabalho. Como ficar livre disso de uma vez por todas?

Boa noite Maurilio 3

Por favor, siga este procedimento:

• Faça o download Farbar Recovery Scan Tool Por Farbar e salve-o no seu Desktop.

- Farbar Recovery Scan Tool (FRST) Link de download alternativo:

Nota: Você precisa executar a versão compatível com o seu sistema. Se não tiver certeza de qual versão se aplica ao seu sistema, faça o download de ambos e tente executá-los. Apenas um deles será executado em seu sistema, que será a versão certa.

• Clique duas vezes para executar o FRST. Quando a ferramenta abrir, clique Sim Ao aviso de isenção.
  Aguarde um momento enquanto a ferramenta verifica se existe uma versão mais recente. Quando a ferramenta diz"A ferramenta está pronta para uso." FRST está pronto.
  
  
• Pressione [Scan]botão.
  
• A ferramenta produzirá dois arquivos de log chamados FRST.txt e Additions.txt No mesmo diretório, a ferramenta é. 
  
  
• Por favor, anexe ambos gerados FRST.txt e Additions.txt logs.

[REDACTED]

Bom dia, Jefferson. Ontem escaneei novamente o computador e excluí alguns arquivos suspeitos. Hoje o computador amanheceu com as invasões costumeiras. Estou encaminhando os arquivos solicitados. Grato pela atenção e um bom final de semana!

[jefferson sant]

Obrigado pelos logs,já informei dbrisendine (Especialista em remoção vírus and worms)
Por favor aguarde pela resposta

[dbrisendine]

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

AlphaGo

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. 

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

How is the system running now?

[REDACTED]

Good evening, dbrisendine and jefferson sant,

I uninstalled AlphaGo and performed all other procedures.

The computer is already working normally.

Thank you very much for your help.

[jefferson sant]

Let's wait until you check this log
I have already notified you for tomorrow, it may please take patience, if is no problem the tools will be removed by the instructions provided by dbrisendine.

[dbrisendine]

Please provide fresh FRST logs to verify the deletions took place properly.

[font color="#FF0000"]Read Slowly and all of it.[/font]

If you still have a Addition.txt log file on your desktop, please delete it now.

Start FRST64 that is on your Desktop by double clicking and allowing the software to run when the User Access Control asks (if it does).

Select Additional.txt in the Optional Scans section of FRST64 if it is not already selected.

Press the Scan button.

It will make two logs (FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back.

[REDACTED]

I attached the logs. Thanks.

[dbrisendine]

Thank you for the latest logs; they show no signs of the malware.

If everything else if fine for you (Avast is running / scanning with no warnings, etc.) then I will remove our tools and get you on your way ...


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

• Download Delfix from here to your desktop and double click it to start the program
• Ensure Remove disinfection tools is ticked
  Also tick:
• Create registry backup
• Purge system restore

• Click Run
• The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system.  Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

==Some Tools to consider to help keep your system safe ==

Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing.  By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.  You can read the details about this program here.

Also, consider keeping MalwareBytes Antimalware in your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and uBlock Origin add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
 How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!

[REDACTED]

Thanks for everything!

[jefferson sant]

Thank you for the work dbrisendine
There are no problems Maurilio3   

[REDACTED]

Obrigado por tudo, Jefferson Sant.