Jump to content

Kevin Zoll

Emsisoft Employee
  • Content Count

    18856
  • Joined

  • Last visited

  • Days Won

    178

Everything posted by Kevin Zoll

  1. Hello @Karan75, Welcome to the Emsisoft Support Forums. What does "Remote name could not be resolved" mean? It's an indication of a DNS issue. Our first recommendation is to reset your HOSTS file back to default. Microsoft has an article about this at the following link: https://support.microsoft.com/en-us/help/972034/how-to-reset-the-hosts-file-back-to-the-default
  2. Hello @Gerrit van den Burg, Welcome to the Emsisoft Support Forums. This is a core file for the Brave Browser. What is telling you that the file is infected?
  3. Hello @BlackTunicLink, Welcome to the Emsisoft Support Forums. C:\Program Files\KMSpico\Service_KMS.exe C:\Users\aaron_000\Downloads\_\KEYGEN-TSZ\Keygen.exe Software cracks and Keygens are the only observed infection vector for the STOP Ransomware family, which accounts for roughly 50% of ransomware attacks worldwide. If you do not want your files encrypted by STOP, do not engage in software piracy. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\N
  4. Hello @Didi, Welcome to Emsisoft Support. Please read the entire instructions below. Yes, they are a bit lengthy and contain necessary administrative instructions as well as technical instructions. All users of Emsisoft Support who are in need of Malware Removal assistance are required to complete the procedures listed below: NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed. The majority of our support staff work Monday-Friday. We try very hard to answer all posts within 24-hour
  5. Hello @Nemanja Kostic, Welcome to the Emsisoft Support Forums. Please read the entire instructions below. Yes, they are a bit lengthy and contain necessary administrative instructions as well as technical instructions. All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed below: NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed. The majority of our support staff work Monday-Friday. We try very hard to
  6. Check and make sure that "Automatically quarantine files with bad reputation" is not checked in Settings => Advanced. That looks like a a reputation based action was taken.
  7. Might be a bug with defender. I suggest visiting Microsoft Community and seeing if they can help sort out the issue with Defender. https://answers.microsoft.com/en-us
  8. Your scans are not showing any malware. You may have to remove the exclusions by manually editing the Registry. Windows stores Defender exclusions in HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows Defender > Exclusions > Paths Exercise caution when manually editing the registry.
  9. OK, going to switch to a tool that will take a more indepth look at the system. Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop. Double-click on setup.exe to install RogueKiller. Close all programs and disconnect any USB or external drives before running the tool. Right-click RogueKiller.exe and select Run As Administrator to run the tool. Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.
  10. You can let AdwCleaner remove the following: PUP.Optional.WebCompanion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion PUP.Optional.Legacy C:\Users\Razvan\AppData\Roaming\Mozilla\Firefox\Profiles\xmllcvw7.default\searchplugins\yahoo-lavasoft.xml PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Start Page PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion Yes, you can delete that.
  11. I would like for you to run a third-party tool that aggressively targets Adware, Junkware, and PUPs. Download AdwCleaner and save it to your desktop. Right-click AdwCleaner.exe and select Run as Administrator. Read and accept the End User License Agreement. Press the Scan Now button and wait for it to complete. A window titled Scan Results will open. Select Cancel. Click the Log Files button on the left pane. Double-click the newest log file to open it in Notepad. (AdwCleaner[Sxx].txt, where x is replaced by a number) Attach the scan log to
  12. Hello @LeagueX, Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-3298452434-1556392215-2145215963-1001\...\Run: [Zoom] => [X] GroupPolicy: Restriction - Chrome <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Edge Extension: (TotalСashback — кэшбэк-сервис) - C:\Users\Razvan\AppData\Local\Microsoft\Edge\User Da
  13. Hello @Rohit Kushwah, Welcome to the Emsisoft Support Forums. Double Pulsar is a memory resident infection using an exploit in Windows to get in. Because it is only memory resident, restarting the computer removes it. It will get infected again until Windows is updated properly while another computer with Double Pulsar is able to contact yours. Restart the computer. Check for Windows updates. Methods vary with the Windows version. Ask if you do not know how to do this, or perform a Google search for "How to update Windows x", where x is the vers
  14. The version of Emsisoft Emergency Kit you are using is out dated and not current. Update your copy of the Emsisoft Emergency Kit and run the scan again.
  15. You have been told multiple times to run FRST with it's default settings. This support thread is terminated. Reason inability or unwillingness to follow directions.
  16. Run a fresh scan with FRST, attach the new FRST scan logs to your reply.
  17. The system is very infected, because it has pirated software installed, that is either cracked or activated by use of a keygen. The restore partition cannot be cleaned up. The entire PC needs to be wiped and the system reinstalled using the factory provided installation media.
  18. You were told to run FRST with its default settings, which you obviously ignored. Continue to do things your own way and I will terminate all support and close your topic. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-185298743-3200257722-2405642193-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 BootExecute: autocheck autochk * icarus_rvrt.exe FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X] S2 WajamUpdaterV3; "C
  19. You need to follow directions. Everything I ask you to run has to be run from an account with Administrator privileges. Also do not enable any settings that you were not asked to enable. Rerun FRST from an administrator account and do not change any of its default settings. Attach the new FRST scan reports to your reply.
  20. You can allow AdwCleaner to remove the following ***** [ Folders ] ***** PUP.Optional.FileViewPro C:\Program Files\FileViewPro PUP.Optional.OneSafePCCleaner C:\Program Files (x86)\OneSafe PC Cleaner PUP.Optional.OneSafePCCleaner C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSafe PC Cleaner PUP.Optional.OneSafePCCleaner C:\Users\night sun anti-VEFM1\AppData\Roaming\OneSafe PC Cleaner PUP.Optional.WebBar C:\Program Files\WebDiscoverBrowser PUP.Optional.WebBar C:\Users\night sun anti-VEFM1\AppData\Local\WebDiscoverBrowser ***** [ Files ] *****
  21. Since most of what I see in your looks is a PUP, let's start with a tool that aggressively targets PUP's. Download AdwCleaner and save it to your desktop. Right-click AdwCleaner.exe and select Run as Administrator. Read and accept the End User License Agreement. Press the Scan Now button and wait for it to complete. A window titled Scan Results will open. Select Cancel. Click the Log Files button on the left pane. Double-click the newest log file to open it in Notepad. (AdwCleaner[Sxx].txt, where x is replaced by a number) Attach the scan lo
  22. Hello @ainoha, Welcome to the Emsisoft Support Forums. Please read the entire instructions below. Yes, they are a bit lengthy and contain necessary administrative instructions as well as technical instructions. All users of the Emsisoft Support Forums who are in need of Malware Removal assistance are required to complete the procedures listed below: NOTE: You will want to print these instructions for reference, as you will perform all scans with all browsers closed. The majority of our support staff work Monday-Friday. We try very hard to answer
×
×
  • Create New...