Messages

46

RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)

« on: September 15, 2015, 11:22:25 PM »

Hi Heantrad,

That's really strange behaviour.
I suggest you to report thoses things to Ron Lewis, at Malwarebytes forum. He should be more suited than me in troubleshooting them since you are currently following a disinfection process there.

Regards.

Alright, on my next reply I'll tell him the problem, thanks.

47

RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)

« on: September 15, 2015, 07:29:10 PM »

Hi Heantrad,

You are welcome.

Regards.

Hey, something strange happened.
For no reason all webpages that I had in favorites in Chrome have totally dissapeared, the rest stills the same.
Also, for some reason Skype keeps changing itself to ausent, I do not have the change to ausent after X time option marked.
Alright, I restored the bookmarks to an older version (from two days ago), I'll do a backup right now, do you have any idea of why has this happen?
Could it be because the lights went off while I was using the PC?, it's not the first time it happens and for some reason it keeps happening and happening without any advice before it happens, it also made disapear the desktop background, it reappeared after a restart.

48

RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)

« on: September 11, 2015, 05:01:00 PM »

Hi Heantrad,

Since you didn't download anything from Babylon website, you are safe.

Regards.

Alright, the guy at the MBAM forum told me to not download, install/unistall programs or do scans unless he tells me to, so, I think that for now I'm done in here.
When I finish in there I will come back here and finish the thing that are left.
Thanks a lot for helping me with all the problems that I've had with the PC.

49

RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)

« on: September 09, 2015, 04:30:32 PM »

So, the guys at the MBAM are still helping me, they're helping me deleting the PUPs that got detected by MBAM, after that there's onlt left the Program Files thing and the drivers.
Also, yesterday, while I downloaded a program that they told me to (Junkware Removal Tool), I saw a strange file in the download folder, it was a .dll file and Microsoft Security Essentials said it was safe, I can't remember the name right now, as I deleted it.
The thing is that it was downloaded at the same time that the program and some days ago, I needed to translate something and by mistake I entered Babylon's translation page (seems that I'm never going to learn the lesson...), I did the typical scans and they didn't detect anything.
Could it be related, or Babylon only gives you his virus if you download anything from his page?

50

RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)

« on: August 27, 2015, 05:11:30 PM »

Hi Heantrad,

But if you use the free version nothing changes right?

Right.

Also, while asking for help on the MBAB forums they told me that full scans can put wear and tear on my hardrive, is that true?, because if it is I don't know how it hasn't stop working by now (I'm doing at least two or three full scans with SAS! a day).

That's true. Conducting extensive scan daily may prematurely wear your HHD.

Regards.

Well, it's probably really late, I probably alredy wear it, it's been like a month.
Anyways, I'll stop doing that since now.
So, the guy at the MBAM forums told me that there's some errors with Windows search and maybe a PUP, I'll paste the solution he gave me.
Please try doing a full disk check and running this Search Index fix and see if that helps.

Please visit the following site and run the fixit tool from Microsoft
Fix Windows Desktop Search when it crashes or not showing results (this is the link http://support.microsoft.com/mats/windows_search)

Then click on START and type in CMD.EXE and when it shows on the menu right click and choose "Run as administrator" and type the following.

CHKDSK C: /R

Then press the Y key to run after a restart and restart the computer.

I'll attach the logs that I send to him.
The PUM seems to be FXWebPlayer.
So, I did a MBAM full scan (a full scan not threat scan as I did always) and it detected this, I'll leave the log here (I'll also send it to the guy who is helping me at the MBAM forum, but you can't edit posts there, so I'll need to wait until he replies me).

51

RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)

« on: August 27, 2015, 03:54:46 PM »

Hi Heantrad,

We indeed change the license scheme. Now, with a personal license, you are able to register up to 5 machines instead of 3.
For more information, please read : RogueKiller Premium.

Regards.

But if you use the free version nothing changes right?
Also, while asking for help on the MBAB forums they told me that full scans can put wear and tear on my hardrive, is that true?, because if it is I don't know how it hasn't stop working by now (I'm doing at least two or three full scans with SAS! a day).

52

RogueKiller / Re: svchost.exe process and a bunch of PUM (and other stuffs)

« on: August 25, 2015, 09:54:18 PM »

Hi, Heantrad

Hi Alright, thanks; I'll do a backup (I will need an external hard drive/disk for it right?) and I'll delete it when I can.

Indeed.

Also, I tried to install the drivers through Nvidia GeForce and this happenned (stills not beign the last version of the Drivers, I know), I selected a clean installation and it installed something definetly, as now I have less space on my hard drive.

The NVIDIA drivers and applications seem to be correctly installed, now.

So, Chrome now only shows six thumbnails instead of eight, I've readed that it's a bug with Chrome 44, is that true?

It's true. See Issue 495968.

I did a scan with AdwCleaner, and how did this happen? I haven't went to Softonic's website and I haven't downloaded anything (I updated RKill trough rkill.com and CCleaner through piriform only), I checked his twitter for some reason, can Softonic do this trough Twitter?

I guess Chrome 44 include Softonic Search Form, which was removed by AdwCleaner.

Regards.

I'll install the newest Drivers from the page at some point, I want to leave it the last.
Now it shows the eight thumbnails again for some reason.
And good job Google, good job adding that as a search provider.
While I was doing a scan with RogueKiller I readed something about licensing changed and could affect machine detections or something like that, what does that mean?.

53

RogueKiller / Re: svchost.exe process and a bunch of PUM

« on: August 24, 2015, 08:29:36 PM »

Takeown
Enables an administrator to recover access to a file that previously was denied, by making the administrator the owner of the file.

Icacls
Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories.

Alright, thanks; I'll do a backup (I will need an external hard drive/disk for it right?) and I'll delete it when I can.
Also, I tried to install the drivers through Nvidia GeForce and this happenned (stills not beign the last version of the Drivers, I know), I selected a clean installation and it installed something definetly, as now I have less space on my hard drive.
So, Chrome now only shows six thumbnails instead of eight, I've readed that it's a bug with Chrome 44, is that true?
I did a scan with AdwCleaner, and how did this happen? I haven't went to Softonic's website and I haven't downloaded anything (I updated RKill trough rkill.com and CCleaner through piriform only), I checked his twitter for some reason, can Softonic do this trough Twitter?

54

RogueKiller / Re: svchost.exe process and a bunch of PUM

« on: August 24, 2015, 08:04:02 PM »

Hi Heantrad,

The first part of the script takes ownership of the directory, the second part gives full right to your account over the directory.
For a full explanation, please check takeown and icacls documentation pages at TechNet.

Regards.

So the first part selects the directory to execute the action of giving full right to my account on that folder, right?

55

RogueKiller / Re: svchost.exe process and a bunch of PUM

« on: August 24, 2015, 07:02:32 PM »

Hi Heantrad,

If you really want to delete the folder, you need to take ownership before to be able to delete it.
Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :

Code: [Select]

takeown /f C:\Archivos de programa /r /d y && icacls C:\Archivos de programa /t /q /grant PAQUITO:FNow, you should be able to delete the folder.

Regards.

The folder was created when I installed Windows 7, my previous OS was XP (I changed for all the end of support thing), I think none of the programs I have updated or used the folder, as it didn't update until I tried to delete it for the first time (and until SAS! detected a pair of viruses...).
Also, what does the code do?, I know, it's for giving me rights to delete the folder, but I mean what does the code do (each part).

56

RogueKiller / Re: svchost.exe process and a bunch of PUM

« on: August 24, 2015, 06:18:35 PM »

Hi Heantrad,

Also, what is all that about unistalling Flash, is has that many security fails?.

You could uninstall it, but many sites won't work properly. I rather suggest you to keep it updated.

And about the program files, I think I selected delete old OS folders or something like that when I deleted Windows.old, it worked for the Windows folder, but the old program files stills there, I'll atach a screenshot showing both folders, the one with the red circle is the old one, need to say I neither can delete it manually, as it tells me that I don't have the permission to do that (I'm running as an administrator on the PC always).

Windows.old folder contain all the files you could safely delete. I advise you not to remove any "old" folders since the OS may still use them.

By the way, is this website safe? https://clyp.it/ . I found it today because I wanted to share a song in Reddit and as the creators say, they want to make a sound imgur. I did scans with VirusTotal and Norton's Safe Web and in both it showed clean (but Softonic also shows clean, so...), but I still distrust little known websites.

It seems safe.

Regards.

I'm sure they don't use the folder, as it didn't get updated until I tried to delete it, then it deleted some files but some other are impossible to delete for some reason.
Also, I want to delete it because it occupies like 60 GB and I know that I had virus before changing the OS (I used to piracy a lot back then, now I don't because it always ends with me getting infected and now I can buy stuff without problems also).

57

RogueKiller / Re: svchost.exe process and a bunch of PUM

« on: August 21, 2015, 05:39:19 PM »

Internet Explorer.

Well, I use Chrome, so I think it would do anything is there was rests of it on my PC.
Anyways, by the name I supect is one of those sidebars that adds into your browser, but my Internet Explorer doesn't have any of those, so it's probably fine.
Also, what is all that about unistalling Flash, is has that many security fails?.
And about the program files, I think I selected delete old OS folders or something like that when I deleted Windows.old, it worked for the Windows folder, but the old program files stills there, I'll atach a screenshot showing both folders, the one with the red circle is the old one, need to say I neither can delete it manually, as it tells me that I don't have the permission to do that (I'm running as an administrator on the PC always).
By the way, is this website safe? https://clyp.it/ . I found it today because I wanted to share a song in Reddit and as the creators say, they want to make a sound imgur. I did scans with VirusTotal and Norton's Safe Web and in both it showed clean (but Softonic also shows clean, so...), but I still distrust little known websites.

58

RogueKiller / Re: svchost.exe process and a bunch of PUM

« on: August 21, 2015, 02:05:03 PM »

Hi Heantrad,

You are welcome.
Regards.

Forgot to ask, what browsers does it hijack?

59

RogueKiller / Re: svchost.exe process and a bunch of PUM

« on: August 20, 2015, 02:27:15 PM »

Hi Heantrad,

SupTab is a browser hijacker and is usually located in the following folders :

%ProgramFiles%\SupTab
%ProgramFiles%\XTab

Regarding the logs, it should not be present anymore.

Regards.

Just checked, there isn't any folder named like that on my program files, thanks.

60

RogueKiller / Re: svchost.exe process and a bunch of PUM

« on: August 19, 2015, 11:46:13 PM »

Hi Heantrad,

Oh, okay, I'm just throwing ideas without much sense, as maybe some of them are right, but however.

You are hungry for knowledge, this is clearly not a bad thing.

Also, AdwCleaner detected this after entering (and almost downloading something from it. thanks to safeweb Norton) Solvusoft (didn't know it was malicious until a pair of days ago) it was removed succefully, any idead of what could it be?

It was a BHO belonging to PUP SupTab.

Regards.

SupTab... didn't know about it. What does it do and in which folder does is normally (for precaution, to check if something is going wrong).