Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - arikpik

Pages: [1]
1
Malware removal help / Re: removal of SafeFinder from WIN7 pro
« on: April 24, 2020, 04:11:30 PM »
Hi ,

I just bought a yearly license. My computer works great now.

One question though is if the sound that appears when the rouguekiller is detecting real time issue can be shut for this app.

Thank you for the very professional treatment.

arikpik
Ariel.pickholz

2
Malware removal help / Re: removal of SafeFinder from WIN7 pro
« on: April 24, 2020, 12:08:35 PM »
Hi ,

Thank you for trying to assist us.

During this run the laptop had to shut down and it did not continue running the FRST following the boot.

Nevertheless it had saved a file that is attached.

Best regards ,

arikpik

3
Malware removal help / Re: removal of SafeFinder from WIN7 pro
« on: April 23, 2020, 08:55:49 PM »
Hi ,

The files are attached now.

Best regards ,

arikpik

4
Malware removal help / Re: removal of SafeFinder from WIN7 pro
« on: April 23, 2020, 07:30:14 AM »
Hi,

1. It only work temporarily.I regains after a while.

2. The safefinder is still seen in the list of programs under control panel programs. The uninstall/change operation does not remove it so I believe this malware had deleted its own uninstaller.

4. Mostbof the malware and UV are not back supporting win7.

3. This is affecting seriously on my daughter’s ability to use the laptop for her studies specially today when working all the time from remote.

Thanks ,

Arikpik.

5
Malware removal help / Re: removal of SafeFinder from WIN7 pro
« on: April 22, 2020, 09:18:56 PM »
Here is the report of the initial rouguekiler scan :

RogueKiller Anti-Malware V14.4.0.0 (x64) [Apr  1 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Eyal Pickholz [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200421_093730, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2020/04/21 21:19:51 (Duration : 00:11:14)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] wscript.exe (6284) -- C:\Windows\System32\wscript.exe -> Found
[PUP.Gen1 (Potentially Malicious)] Quoteex.exe (1528) -- C:\ProgramData\Quoteex\Quoteex.exe -> Found
[PUP.LogicHandler|Adw.LogicCramble (Malicious)] set.exe (2388) -- C:\ProgramData\Logic Cramble\set.exe -> Found
[PUP.CloudPrinter|PUP.Linkury|PUP.Gen1 (Potentially Malicious)] CloudPrinter.exe (2500) -- C:\ProgramData\CloudPrinter\CloudPrinter.exe -> Found
[Tr.Ursu (Malicious)] EaseUS Data Recovery Wizard License Code.exe (2996) -- C:\Program Files (x86)\MachinerData\EaseUS Data Recovery Wizard License Code.exe -> Found
[PUP.Popcorn (Potentially Malicious)] Updater.exe (3340) -- C:\Program Files (x86)\Popcorn Time\Updater.exe -> Found
[Tr.ProxyAgent (Malicious)] rundll32.exe (7900) -- C:\Windows\System32\rundll32.exe -> Found
[Tr.ProxyAgent (Malicious)] rundll32.exe (7936) -- C:\Windows\SysWOW64\rundll32.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> rundll32.exe (7936) -- C:\Windows\SysWOW64\rundll32.exe
  [Tr.ProxyAgent (Malicious)] ahbilr.dll (7936) -- C:\Users\Eyal Pickholz\AppData\Local\ahbilr.dll -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.LogicHandler (Potentially Malicious)] backlh (2388) -- C:\ProgramData\Logic Cramble\set.exe -> Found
[PUP.Gen0 (Potentially Malicious)] CloudPrinter (2500) -- C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a -> Found
[Tr.Ursu (Malicious)] Main Service (2996) -- C:\Program Files (x86)\MachinerData\EaseUS Data Recovery Wizard License Code.exe 1 -> Found
[PUP.Gen0 (Potentially Malicious)] Quoteex (1528) -- C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f "C:\ProgramData\\Quoteex\\Quoteex.dat" -l -a -> Found
[PUP.Popcorn (Potentially Malicious)] Update service (3340) -- C:\Program Files (x86)\Popcorn Time\Updater.exe -> Found
[Tr.Winmon (Malicious)] Winmon (0) -- \??\C:\Windows\System32\drivers\Winmon.sys -> Found
[Tr.Zusy (Malicious)] WinDefender (3420) -- C:\Windows\windefender.exe -> Found
[Tr.Winmon (Malicious)] WinmonFS (0) -- \??\C:\Windows\System32\drivers\WinmonFS.sys -> Found
[Tr.Winmon (Malicious)] WinmonProcessMonitor (0) -- \??\C:\Windows\System32\drivers\WinmonProcessMonitor.sys -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] (Microsoft Windows) \koIASyAUcnLTC2 -- C:\Windows\system32\wscript.exe ["C:\ProgramData\lbXXFMhQgcaZEWVB\iSIInEH.wsf"] -> Found
[Tr.Chapak (Malicious)] \csrss -- C:\Windows\rss\csrss.exe -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - Software
  [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\mtQuoteex -- N/A -> Found
  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\mtQuoteex -- N/A -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\PopcornTime -- N/A -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\Popcorn Time -- N/A -> Found
>>>>>> XX - Uninstall
  [PUP.Popcorn (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn Time_is1 -- N/A -> Found
>>>>>> O4 - Run
  [Tr.ProxyAgent (Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\Microsoft\Windows\CurrentVersion\Run|ahbilr -- rundll32.exe "C:\Users\Eyal Pickholz\AppData\Local\ahbilr.dll",ahbilr -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\Microsoft\Windows\CurrentVersion\Run|3192095 -- "C:\Users\EYALPI~1\AppData\Local\Temp\is-CUISD.tmp\ScreenShop.exe" /VERYSILENT (missing) -> Found
  [Tr.Chapak (Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\Microsoft\Windows\CurrentVersion\Run|HiddenMountain -- "C:\Windows\rss\csrss.exe" -> Found
  [Cloud.Generic (Malicious)] (X64) HKEY_USERS\S-1-5-21-1537819233-3836446741-3658253957-1001\Software\Microsoft\Windows\CurrentVersion\Run|CloudNet -- "C:\Users\Eyal Pickholz\AppData\Roaming\03024efdcdc8\03024efdcdc8.exe" 31337 -> Found
>>>>>> O4 - Run
  [Cloud.Generic (Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce|jariocllozj -- "C:\Program Files (x86)\Keyboard\716736870.exe" 1 3.1586425463.5e8eee7728206 -> Found
>>>>>> O23 - Services
  [PUP.LogicHandler (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\backlh -- "C:\ProgramData\Logic Cramble\set.exe" -> Found
  [PUP.Gen0 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CloudPrinter -- C:\ProgramData\CloudPrinter\CloudPrinter.exe -> Found
  [Tr.Ursu (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Main Service -- "C:\Program Files (x86)\MachinerData\EaseUS Data Recovery Wizard License Code.exe 1" (missing) -> Found
  [PUP.Gen0 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Quoteex -- C:\ProgramData\Quoteex\Quoteex.exe -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update service -- "C:\Program Files (x86)\Popcorn Time\Updater.exe" -> Found
  [Tr.Winmon (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winmon -- C:\Windows\System32\drivers\Winmon.sys -> Found
  [Tr.Winmon (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinmonFS -- C:\Windows\System32\drivers\WinmonFS.sys -> Found
  [Tr.Winmon (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinmonProcessMonitor -- C:\Windows\System32\drivers\WinmonProcessMonitor.sys -> Found
  [Tr.Zusy (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefender -- C:\Windows\windefender.exe -> Found
  [PUP.LogicHandler (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\backlh -- "C:\ProgramData\Logic Cramble\set.exe" -> Found
  [PUP.Gen0 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CloudPrinter -- C:\ProgramData\CloudPrinter\CloudPrinter.exe -> Found
  [Tr.Ursu (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Main Service -- "C:\Program Files (x86)\MachinerData\EaseUS Data Recovery Wizard License Code.exe 1" (missing) -> Found
  [PUP.Gen0 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Quoteex -- C:\ProgramData\Quoteex\Quoteex.exe -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Update service -- "C:\Program Files (x86)\Popcorn Time\Updater.exe" -> Found
  [Tr.Winmon (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinmonFS -- C:\Windows\System32\drivers\WinmonFS.sys -> Found
  [Tr.Winmon (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinmonProcessMonitor -- C:\Windows\System32\drivers\WinmonProcessMonitor.sys -> Found
  [Tr.Winmon (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Winmon -- C:\Windows\System32\drivers\Winmon.sys -> Found
  [Tr.Zusy (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinDefender -- C:\Windows\windefender.exe -> Found
>>>>>> O87 - Firewall
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D394BD86-FCDD-46EC-886D-C6C638CF511E} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| (C:\Program Files (x86)\Popcorn Time\Updater.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{253E3D48-8900-4036-B0F3-8955F74F9FC1} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| (C:\Program Files (x86)\Popcorn Time\Updater.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FC06434B-36F2-47C7-9841-FAC2F0C2AE6C} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| (C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B4961D4F-9D46-4AFD-BEAD-075F788FA2F1} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| (C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A5EA01CC-E833-404C-B822-867F67E4E924} -- (Joyent Inc) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\chromecast\node.exe|Name=cs-node.exe| (C:\Program Files (x86)\Popcorn Time\chromecast\node.exe) -> Found
  [Tr.Chapak (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0A1F1C09-ECF9-4EE0-8336-CDD760AA9772} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\rss\csrss.exe|Name=csrss| (C:\Windows\rss\csrss.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C247AA71-F977-420B-8436-9F1FEFC999D7} -- (Joyent Inc) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\chromecast\node.exe|Name=cs-node.exe| (C:\Program Files (x86)\Popcorn Time\chromecast\node.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E0F68D1E-0AAD-42C4-BBBA-0BD7821DEC5D} -- (Node.js Foundation) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\nodejs\node.exe|Name=pt-node.exe| (C:\Program Files (x86)\Popcorn Time\nodejs\node.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FAA27643-0E09-42A1-AD6F-367B4C2A19DE} -- (Node.js Foundation) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\nodejs\node.exe|Name=pt-node.exe| (C:\Program Files (x86)\Popcorn Time\nodejs\node.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{253E3D48-8900-4036-B0F3-8955F74F9FC1} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| (C:\Program Files (x86)\Popcorn Time\Updater.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D394BD86-FCDD-46EC-886D-C6C638CF511E} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| (C:\Program Files (x86)\Popcorn Time\Updater.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FC06434B-36F2-47C7-9841-FAC2F0C2AE6C} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| (C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B4961D4F-9D46-4AFD-BEAD-075F788FA2F1} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| (C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A5EA01CC-E833-404C-B822-867F67E4E924} -- (Joyent Inc) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\chromecast\node.exe|Name=cs-node.exe| (C:\Program Files (x86)\Popcorn Time\chromecast\node.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C247AA71-F977-420B-8436-9F1FEFC999D7} -- (Joyent Inc) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\chromecast\node.exe|Name=cs-node.exe| (C:\Program Files (x86)\Popcorn Time\chromecast\node.exe) -> Found
  [Tr.Chapak (Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0A1F1C09-ECF9-4EE0-8336-CDD760AA9772} -- v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Windows\rss\csrss.exe|Name=csrss| (C:\Windows\rss\csrss.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E0F68D1E-0AAD-42C4-BBBA-0BD7821DEC5D} -- (Node.js Foundation) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\nodejs\node.exe|Name=pt-node.exe| (C:\Program Files (x86)\Popcorn Time\nodejs\node.exe) -> Found
  [PUP.Popcorn (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FAA27643-0E09-42A1-AD6F-367B4C2A19DE} -- (Node.js Foundation) v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\nodejs\node.exe|Name=pt-node.exe| (C:\Program Files (x86)\Popcorn Time\nodejs\node.exe) -> Found
>>>>>> O20 - AppInit DLLs
  [PUP.Gen1 (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs -- C:\ProgramData\Quoteex\ZonZoolight.dll -> Found
  [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs -- C:\ProgramData\Quoteex\Zenlight.dll -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Popcorn (Potentially Malicious)] (shortcut) Popcorn Time.lnk -- C:\Users\Public\Desktop\Popcorn Time.lnk => C:\PROGRA~2\POPCOR~1\POPCOR~1.EXE -> Found
[Tr.Winmon (Malicious)] (file) WinmonProcessMonitor.sys -- C:\Windows\System32\drivers\WinmonProcessMonitor.sys -> Found
[PUP.Popcorn (Potentially Malicious)] (shortcut) Popcorn Time.lnk -- C:\Users\Eyal Pickholz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Popcorn Time.lnk => C:\PROGRA~2\POPCOR~1\POPCOR~1.EXE -> Found
[Tr.ProxyAgent (Malicious)] (file) ahbilr.dll -- C:\Users\Eyal Pickholz\AppData\Local\ahbilr.dll -> Found
[PUP.Popcorn (Potentially Malicious)] (folder) PopcornTime -- C:\Users\Eyal Pickholz\AppData\Local\PopcornTime -> Found
[Miner.Gen (Malicious)] (folder) wup -- C:\Users\Eyal Pickholz\AppData\Local\Temp\wup -> Found
[PUP.CloudPrinter|PUP.Linkury|PUP.Gen1 (Potentially Malicious)] (folder) CloudPrinter -- C:\ProgramData\CloudPrinter -> Found
[PUP.LogicHandler|Adw.LogicCramble (Malicious)] (folder) Logic Cramble -- C:\ProgramData\Logic Cramble -> Found
[PUP.Popcorn (Potentially Malicious)] (folder) Popcorn Time -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time -> Found
[PUP.Gen1 (Potentially Malicious)] (folder) Quoteex -- C:\ProgramData\Quoteex -> Found
[PUP.Gen1 (Potentially Malicious)] (folder) Quoteexs -- C:\ProgramData\Quoteexs -> Found
[PUP.Gen1 (Potentially Malicious)] (folder) Solvusoft -- C:\ProgramData\Solvusoft -> Found
[PUP.PCProtect (Potentially Malicious)] (folder) TotalAV -- C:\ProgramData\TotalAV -> Found
[Tr.Ursu (Malicious)] (folder) MachinerData -- C:\Program Files (x86)\MachinerData -> Found
[PUP.Popcorn (Potentially Malicious)] (folder) Popcorn Time -- C:\Program Files (x86)\Popcorn Time -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> Chrome Config
  [PUM.SearchEngine (Potentially Malicious)] default_search_provider_data.template_url_data.keyword (C:\Users\Eyal Pickholz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences) -- feed.sonic-search.com -> Found

6
Malware removal help / removal of SafeFinder from WIN7 pro
« on: April 21, 2020, 09:18:40 PM »
hi ,

I can't remove safefinder program  WIN7 pro that hijacks my opening goole screen inside Chrome.

apparently it can't be removed by  the control panel tools.

https://search.safefinder.com/?st=sc&q=

Please advise,

Arik.P.

Pages: [1]