Bobby1507

CLOSED Malware: Generic Trojan

Recommended Posts

Not sure what to do. Basically, i ran a scan with emsisoft and it found 4 threats, all within the same main folder. It was a game i downloaded(Universe Sandbox 2), in the folder downloads/games/Universe-sandbox-2. So, Emsisoft successfully removed 2 of the viruses but could not remove the other 2 displaying the error message: "The following objects were not removed for your safety ...Removing these items bears an unusually high risk of crashing your OS.."

So i followed the instructions on the "START HERE.." page and now i'm posting. I'm not exceptionally good with computers so try to dull it down and make it simple for me, please. Thank you, and let me know if any other information is needed.

Addition_06-05-2018 17.02.54.txt

FRST_06-05-2018 17.02.54.txt

scan_180506-164815.txt

Share this post


Link to post
Share on other sites

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1498782710-3284273996-3402878453-1001\...\MountPoints2: {4f36c0f8-1af1-11e8-8390-9061ae7d3687} - "E:\HiSuiteDownLoader.exe"
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
2018-04-13 21:06 - 2018-04-13 21:07 - 003865738 _____ C:\Users\Bobby\Downloads\5992d6c3-b837-447a-bd5c-8b30c56852c0.mp4
2018-04-12 23:39 - 2018-04-12 23:40 - 019227921 _____ C:\Users\Bobby\Downloads\21174024_844318675725878_8526671905573306368_n.mp4
C:\$Recycle.Bin\S-1-5-21-1498782710-3284273996-3402878453-1001\$RMM4T9S\steam_api.dll
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
HKU\S-1-5-21-1498782710-3284273996-3402878453-1001\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.