Jump to content

Techsuite ran but system keeps reinfecting

Recommended Posts

HP EnVY TS 17 Notbook PC

Has an I7 4700 processor and 16 GB ram. This machine should be running real fast.  However it seems to be really slow.  After running a full clean up using Techsuite (which includes EMSI soft removal tools)  I was ready to give it back to the client..AFter a reboot it started running real slow again.  I ran the techsuite software again and removed 17 new items.  The only thing the machine had done was site idle on the internet.

Attached is the EEK report.

The FRST 64 bit would run until I pressed scan, then it would crash. (I verified the machine is running 64 bit windows 10 home)




Link to post
Share on other sites


See what AdwCleaner turns up.

Download AdwCleaner and save it on your Desktop.

  1. Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
  2. Double click on adwcleaner.exe to run the tool.
  3. Click on the Scan button.
  4. After the scan has finished, click on the Clean button.
  5. Confirm each time with OK.
  6. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your Desktop.
  7. Attach that log file to your reply.
    NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.
Link to post
Share on other sites

Download RogueKiller from https://www.fosshub.com/RogueKiller.html and save it to your desktop.

  • Double-click on setup.exe to install RogueKiller.

Close all programs and disconnect any USB or external drives before running the tool.

  • Right-click RogueKiller.exe and select Run As Administrator to run the tool.
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", click on the "Report" button and attach the scan log to your reply.
Link to post
Share on other sites

I don't see anything malicious in the RogueKiller scan.

Please read through these instructions before starting.

  1. Create a Windows 10 recovery USB stick: https://www.techrepublic.com/article/be-prepared-create-a-windows-10-recovery-drive/
  2. Using the clean machine, download a fresh copy of FRST64.exe that has never touched the 'sick' machine, and copy it to a separate USB stick. DO NOT INSERT THE USB STICK INTO THE 'SICK' MACHINE YET.
  3. Once you're ready with the USB stick and the Windows 10 recovery USB stick (yes, two sticks), shut down the sick computer completely. As in shut down power off. Follow the instructions here to boot from the Windows 10 recovery USB stick: https://craftedflash.com/info/how-boot-computer-from-usb-flash-drive
  4. Use the Repair -> Troubleshoot -> Command Prompt option within recovery mode. Once there, plug in the second USB stick that has FRST64 on it. Find your USB drive by running notepad.exe, clicking File->Open, then noting which drive says "Boot". Normally that is 😧 or E:, depending on how many drives are in your machine. Either way, we're looking for the USB stick drive letter. You can also find it by typing (in the command prompt) "dir d:", "dir e:" etc. until you find the FRST64.exe program you downloaded earlier.
  5. Type "FRST64" to run it. Click the Scan button. Please send the FRST.txt file that it creates. If all goes well, FRST64 will have killed the malware driver, and you'll be able to reboot into normal mode where we can finish the removal.
Link to post
Share on other sites

In trying to review your instructions I recived this on clicking the link for step 3.

craftedflash.com uses an invalid security certificate. The security certificate for craftedflash.com is not trustworthy because the issuing organization failed to follow security practices. Certificates issued by Symantec, including the Thawte, GeoTrust, and RapidSSL brands, are not considered safe. Error code: MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED

I find it odd that Symantec is on the "not trusted" list.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...