General Category > Malware removal help

removal of SafeFinder from WIN7 pro

(1/3) > >>

arikpik:
hi ,

I can't remove safefinder program  WIN7 pro that hijacks my opening goole screen inside Chrome.

apparently it can't be removed by  the control panel tools.

https://search.safefinder.com/?st=sc&q=

Please advise,

Arik.P.

Curson:
Hi arikpik,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller latest scan report with your next reply ?

Regards.

arikpik:
Here is the report of the initial rouguekiler scan :

RogueKiller Anti-Malware V14.4.0.0 (x64) [Apr  1 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Eyal Pickholz [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200421_093730, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2020/04/21 21:19:51 (Duration : 00:11:14)
Switches : -minimize

いいいいいいいいいいいい Processes いいいいいいいいいいいい
[Suspicious.Path (Potentially Malicious)] wscript.exe (6284) -- C:\Windows\System32\wscript.exe -> Found
[PUP.Gen1 (Potentially Malicious)] Quoteex.exe (1528) -- C:\ProgramData\Quoteex\Quoteex.exe -> Found
[PUP.LogicHandler|Adw.LogicCramble (Malicious)] set.exe (2388) -- C:\ProgramData\Logic Cramble\set.exe -> Found
[PUP.CloudPrinter|PUP.Linkury|PUP.Gen1 (Potentially Malicious)] CloudPrinter.exe (2500) -- C:\ProgramData\CloudPrinter\CloudPrinter.exe -> Found
[Tr.Ursu (Malicious)] EaseUS Data Recovery Wizard License Code.exe (2996) -- C:\Program Files (x86)\MachinerData\EaseUS Data Recovery Wizard License Code.exe -> Found
[PUP.Popcorn (Potentially Malicious)] Updater.exe (3340) -- C:\Program Files (x86)\Popcorn Time\Updater.exe -> Found
[Tr.ProxyAgent (Malicious)] rundll32.exe (7900) -- C:\Windows\System32\rundll32.exe -> Found
[Tr.ProxyAgent (Malicious)] rundll32.exe (7936) -- C:\Windows\SysWOW64\rundll32.exe -> Found

いいいいいいいいいいいい Process Modules いいいいいいいいいいいい
>>>>>> rundll32.exe (7936) -- C:\Windows\SysWOW64\rundll32.exe
  [Tr.ProxyAgent (Malicious)] ahbilr.dll (7936) -- C:\Users\Eyal Pickholz\AppData\Local\ahbilr.dll -> Found

いいいいいいいいいいいい Services いいいいいいいいいいいい
[PUP.LogicHandler (Potentially Malicious)] backlh (2388) -- C:\ProgramData\Logic Cramble\set.exe -> Found
[PUP.Gen0 (Potentially Malicious)] CloudPrinter (2500) -- C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a -> Found
[Tr.Ursu (Malicious)] Main Service (2996) -- C:\Program Files (x86)\MachinerData\EaseUS Data Recovery Wizard License Code.exe 1 -> Found
[PUP.Gen0 (Potentially Malicious)] Quoteex (1528) -- C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f "C:\ProgramData\\Quoteex\\Quoteex.dat" -l -a -> Found
[PUP.Popcorn (Potentially Malicious)] Update service (3340) -- C:\Program Files (x86)\Popcorn Time\Updater.exe -> Found
[Tr.Winmon (Malicious)] Winmon (0) -- \??\C:\Windows\System32\drivers\Winmon.sys -> Found
[Tr.Zusy (Malicious)] WinDefender (3420) -- C:\Windows\windefender.exe -> Found
[Tr.Winmon (Malicious)] WinmonFS (0) -- \??\C:\Windows\System32\drivers\WinmonFS.sys -> Found
[Tr.Winmon (Malicious)] WinmonProcessMonitor (0) -- \??\C:\Windows\System32\drivers\WinmonProcessMonitor.sys -> Found

いいいいいいいいいいいい Tasks いいいいいいいいいいいい
[Suspicious.Path (Potentially Malicious)] (Microsoft Windows) \koIASyAUcnLTC2 -- C:\Windows\system32\wscript.exe ["C:\ProgramData\lbXXFMhQgcaZEWVB\iSIInEH.wsf"] -> Found
[Tr.Chapak (Malicious)] \csrss -- C:\Windows\rss\csrss.exe -> Found

いいいいいいいいいいいい Registry いいいいいいいいいいいい
>>>>>> XX - Software
  [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\mtQuoteex -- N/A -> Found
  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\mtQuoteex -- N/A -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\PopcornTime -- N/A -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\Popcorn Time -- N/A -> Found
>>>>>> XX - Uninstall
  [PUP.Popcorn (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn Time_is1 -- N/A -> Found
>>>>>> O4 - Run
  [Tr.ProxyAgent (Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\Microsoft\Windows\CurrentVersion\Run|ahbilr -- rundll32.exe "C:\Users\Eyal Pickholz\AppData\Local\ahbilr.dll",ahbilr -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\Microsoft\Windows\CurrentVersion\Run|3192095 -- "C:\Users\EYALPI~1\AppData\Local\Temp\is-CUISD.tmp\ScreenShop.exe" /VERYSILENT (missing) -> Found
  [Tr.Chapak (Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\Microsoft\Windows\CurrentVersion\Run|HiddenMountain -- "C:\Windows\rss\csrss.exe" -> Found
  [Cloud.Generic (Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\Microsoft\Windows\CurrentVersion\Run|CloudNet -- "C:\Users\Eyal Pickholz\AppData\Roaming\03024efdcdc8\03024efdcdc8.exe" 31337 -> Found
>>>>>> O4 - Run
  [Cloud.Generic (Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce|jariocllozj -- "C:\Program Files (x86)\Keyboard\716736870.exe" 1 3.1586425463.5e8eee7728206 -> Found
>>>>>> O23 - Services
  [PUP.LogicHandler (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\backlh -- "C:\ProgramData\Logic Cramble\set.exe" -> Found
  [PUP.Gen0 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CloudPrinter -- C:\ProgramData\CloudPrinter\CloudPrinter.exe -> Found
  [Tr.Ursu (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Main Service -- "C:\Program Files (x86)\MachinerData\EaseUS Data Recovery Wizard License Code.exe 1" (missing) -> Found
  [PUP.Gen0 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Quoteex -- C:\ProgramData\Quoteex\Quoteex.exe -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update service -- "C:\Program Files (x86)\Popcorn Time\Updater.exe" -> Found
  [Tr.Winmon (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winmon -- C:\Windows\System32\drivers\Winmon.sys -> Found
  [Tr.Winmon (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinmonFS -- C:\Windows\System32\drivers\WinmonFS.sys -> Found
  [Tr.Winmon (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinmonProcessMonitor -- C:\Windows\System32\drivers\WinmonProcessMonitor.sys -> Found
  [Tr.Zusy (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefender -- C:\Windows\windefender.exe -> Found
  [PUP.LogicHandler (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\backlh -- "C:\ProgramData\Logic Cramble\set.exe" -> Found
  [PUP.Gen0 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CloudPrinter -- C:\ProgramData\CloudPrinter\CloudPrinter.exe -> Found
  [Tr.Ursu (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Main Service -- "C:\Program Files (x86)\MachinerData\EaseUS Data Recovery Wizard License Code.exe 1" (missing) -> Found
  [PUP.Gen0 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Quoteex -- C:\ProgramData\Quoteex\Quoteex.exe -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Update service -- "C:\Program Files (x86)\Popcorn Time\Updater.exe" -> Found
  [Tr.Winmon (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinmonFS -- C:\Windows\System32\drivers\WinmonFS.sys -> Found
  [Tr.Winmon (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinmonProcessMonitor -- C:\Windows\System32\drivers\WinmonProcessMonitor.sys -> Found
  [Tr.Winmon (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Winmon -- C:\Windows\System32\drivers\Winmon.sys -> Found
  [Tr.Zusy (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinDefender -- C:\Windows\windefender.exe -> Found
>>>>>> O87 - Firewall
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D394BD86-FCDD-46EC-886D-C6C638CF511E} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| (C:\Program Files (x86)\Popcorn Time\Updater.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{253E3D48-8900-4036-B0F3-8955F74F9FC1} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| (C:\Program Files (x86)\Popcorn Time\Updater.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FC06434B-36F2-47C7-9841-FAC2F0C2AE6C} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| (C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B4961D4F-9D46-4AFD-BEAD-075F788FA2F1} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| (C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A5EA01CC-E833-404C-B822-867F67E4E924} -- (Joyent Inc) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\chromecast\node.exe|Name=cs-node.exe| (C:\Program Files (x86)\Popcorn Time\chromecast\node.exe) -> Found
  [Tr.Chapak (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0A1F1C09-ECF9-4EE0-8336-CDD760AA9772} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\rss\csrss.exe|Name=csrss| (C:\Windows\rss\csrss.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C247AA71-F977-420B-8436-9F1FEFC999D7} -- (Joyent Inc) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\chromecast\node.exe|Name=cs-node.exe| (C:\Program Files (x86)\Popcorn Time\chromecast\node.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E0F68D1E-0AAD-42C4-BBBA-0BD7821DEC5D} -- (Node.js Foundation) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\nodejs\node.exe|Name=pt-node.exe| (C:\Program Files (x86)\Popcorn Time\nodejs\node.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FAA27643-0E09-42A1-AD6F-367B4C2A19DE} -- (Node.js Foundation) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\nodejs\node.exe|Name=pt-node.exe| (C:\Program Files (x86)\Popcorn Time\nodejs\node.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{253E3D48-8900-4036-B0F3-8955F74F9FC1} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| (C:\Program Files (x86)\Popcorn Time\Updater.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D394BD86-FCDD-46EC-886D-C6C638CF511E} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| (C:\Program Files (x86)\Popcorn Time\Updater.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FC06434B-36F2-47C7-9841-FAC2F0C2AE6C} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| (C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B4961D4F-9D46-4AFD-BEAD-075F788FA2F1} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| (C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A5EA01CC-E833-404C-B822-867F67E4E924} -- (Joyent Inc) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\chromecast\node.exe|Name=cs-node.exe| (C:\Program Files (x86)\Popcorn Time\chromecast\node.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C247AA71-F977-420B-8436-9F1FEFC999D7} -- (Joyent Inc) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\chromecast\node.exe|Name=cs-node.exe| (C:\Program Files (x86)\Popcorn Time\chromecast\node.exe) -> Found
  [Tr.Chapak (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0A1F1C09-ECF9-4EE0-8336-CDD760AA9772} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\rss\csrss.exe|Name=csrss| (C:\Windows\rss\csrss.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E0F68D1E-0AAD-42C4-BBBA-0BD7821DEC5D} -- (Node.js Foundation) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\nodejs\node.exe|Name=pt-node.exe| (C:\Program Files (x86)\Popcorn Time\nodejs\node.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FAA27643-0E09-42A1-AD6F-367B4C2A19DE} -- (Node.js Foundation) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\nodejs\node.exe|Name=pt-node.exe| (C:\Program Files (x86)\Popcorn Time\nodejs\node.exe) -> Found
>>>>>> O20 - AppInit DLLs
  [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs -- C:\ProgramData\Quoteex\ZonZoolight.dll -> Found
  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs -- C:\ProgramData\Quoteex\Zenlight.dll -> Found

いいいいいいいいいいいい WMI いいいいいいいいいいいい

いいいいいいいいいいいい Hosts File いいいいいいいいいいいい

いいいいいいいいいいいい Files いいいいいいいいいいいい
[PUP.Popcorn (Potentially Malicious)] (shortcut) Popcorn Time.lnk -- C:\Users\Public\Desktop\Popcorn Time.lnk => C:\PROGRA~2\POPCOR~1\POPCOR~1.EXE -> Found
[Tr.Winmon (Malicious)] (file) WinmonProcessMonitor.sys -- C:\Windows\System32\drivers\WinmonProcessMonitor.sys -> Found
[PUP.Popcorn (Potentially Malicious)] (shortcut) Popcorn Time.lnk -- C:\Users\Eyal Pickholz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Popcorn Time.lnk => C:\PROGRA~2\POPCOR~1\POPCOR~1.EXE -> Found
[Tr.ProxyAgent (Malicious)] (file) ahbilr.dll -- C:\Users\Eyal Pickholz\AppData\Local\ahbilr.dll -> Found
[PUP.Popcorn (Potentially Malicious)] (folder) PopcornTime -- C:\Users\Eyal Pickholz\AppData\Local\PopcornTime -> Found
[Miner.Gen (Malicious)] (folder) wup -- C:\Users\Eyal Pickholz\AppData\Local\Temp\wup -> Found
[PUP.CloudPrinter|PUP.Linkury|PUP.Gen1 (Potentially Malicious)] (folder) CloudPrinter -- C:\ProgramData\CloudPrinter -> Found
[PUP.LogicHandler|Adw.LogicCramble (Malicious)] (folder) Logic Cramble -- C:\ProgramData\Logic Cramble -> Found
[PUP.Popcorn (Potentially Malicious)] (folder) Popcorn Time -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time -> Found
[PUP.Gen1 (Potentially Malicious)] (folder) Quoteex -- C:\ProgramData\Quoteex -> Found
[PUP.Gen1 (Potentially Malicious)] (folder) Quoteexs -- C:\ProgramData\Quoteexs -> Found
[PUP.Gen1 (Potentially Malicious)] (folder) Solvusoft -- C:\ProgramData\Solvusoft -> Found
[PUP.PCProtect (Potentially Malicious)] (folder) TotalAV -- C:\ProgramData\TotalAV -> Found
[Tr.Ursu (Malicious)] (folder) MachinerData -- C:\Program Files (x86)\MachinerData -> Found
[PUP.Popcorn (Potentially Malicious)] (folder) Popcorn Time -- C:\Program Files (x86)\Popcorn Time -> Found

いいいいいいいいいいいい Web browsers いいいいいいいいいいいい
>>>>>> Chrome Config
  [PUM.SearchEngine (Potentially Malicious)] default_search_provider_data.template_url_data.keyword (C:\Users\Eyal Pickholz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- feed.sonic-search.com -> Found

Curson:
Hi arikpik,

Please remove all the entries RogueKiller found, then follow the following process : Reset Chrome settings to default.
Is the redirection still present ?

Regards.

arikpik:
Hi,

1. It only work temporarily.I regains after a while.

2. The safefinder is still seen in the list of programs under control panel programs. The uninstall/change operation does not remove it so I believe this malware had deleted its own uninstaller.

4. Mostbof the malware and UV are not back supporting win7.

3. This is affecting seriously on my daughters ability to use the laptop for her studies specially today when working all the time from remote.

Thanks ,

Arikpik.

Navigation

[0] Message Index

[#] Next page

Go to full version