Author Topic: Removal And Cleaning Virus - system32.exe  (Read 2586 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Removal And Cleaning Virus - system32.exe
« on: June 23, 2018, 08:51:16 AM »
Hi all,

I need assistant to remove unwanted program in my laptop suspected a malware. I have attached reports from malware and frst as required. FYI, this is second laptop,4th modems since the first incident. The first laptop been hacked by IT expert and there's another story.. I hope the experts here can resolve this for me.. This malware override the antivirus and user account. No notification asked from avast. Lots of extension files and unknown program like Hyper V Powershell and consume 99-100% of the disk.

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Removal And Cleaning Virus - system32.exe
« Reply #1 on: June 23, 2018, 05:45:11 PM »
  • Open Notepad (click Start button -> type notepad.exe -> press Enter)
  • Copy text from code block below and paste it into Notepad
Code: [Select]
CHR NewTab: Default ->  Not-active:"chrome-extension://pepoggcjhfobfcdfmpfokfighfjnfhjk/newtabproduct.html", Not-active:"chrome-extension://maedhjefckjfcmahamefeenlgdcddpcc/productnewtab.html", Not-active:"chrome-extension://bhebhhjlpcpnoaipjkghnkplmekcbeeh/productnewtab.html", Not-active:"chrome-extension://fhphlengpfffhlebfagkmmahimbkfmgg/productnewtab.html", Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html"
CHR DefaultSearchURL: Default -> hxxp://srchnet.com/search/{searchTerms}
  • Go to File -> Save As
  • Make sure that  UTF-8 is selected as Encoding (left side of Save button)
  • Save it as fixlist.txt on Desktop
  • Open again FRST and click on button Fix
  • Wait until FRST finishes
  • fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.



Remove these Chrome extensions:

OnlineWorkSuite
FunCustomCreations
FromDocToPDF
Search for Chrome
FromDocToPDF

REDACTED

  • Guest
Re: Removal And Cleaning Virus - system32.exe
« Reply #2 on: June 24, 2018, 03:46:53 PM »
Hi Sass,

Thank you so much. Attached is the fixlog report for your perusal.

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Removal And Cleaning Virus - system32.exe
« Reply #3 on: June 24, 2018, 07:35:42 PM »
Can you give us more details about "This malware override the antivirus and user account" and "Lots of extension files and unknown program like Hyper V Powershell and consume 99-100% of the disk". Screenshots would be very useful.