Author Topic: Tough simplitec (Read 24272 times)

Johyn · « **on:** April 27, 2017, 07:05:16 PM »

Greets!

Just about an unremovable PUP: Simplitec, in programdata. Roguekiller locate it, and supress it, but to get them (there are two of them) back in next scan. That doesn't seem really nasty, got it since a couple of week, but that's still anoyin, eh.

Curson · « **Reply #1 on:** April 27, 2017, 07:11:21 PM »

Hi Johyn,

Thanks for your feedback.
Could you please attach RogueKiller deletion report with your next reply ?

Regards.

Johyn · « **Reply #2 on:** April 27, 2017, 07:33:35 PM »

Sorry, how do I get that report?

Curson · « **Reply #3 on:** April 27, 2017, 07:36:11 PM »

Hi Johyn,

To export a report, go to the "History" tab, then to the "Scan Reports" section.
There, do a right click on the first line, the click on the "Export json" button.

Please then attach this JSON report with your next reply.

Regards.

Johyn · « **Reply #4 on:** April 27, 2017, 07:39:52 PM »

Got only a 'supression' option...

Curson · « **Reply #5 on:** April 27, 2017, 07:51:15 PM »

Hi Johyn,

Could you please check the content of the following directory ?

Quote

C:\ProgramData\RogueKiller\Logs

Regards.

Johyn · « **Reply #6 on:** April 27, 2017, 08:04:53 PM »

no logs, only changelogs...

Curson · « **Reply #7 on:** April 27, 2017, 08:10:16 PM »

Hi Johyn,

That's not normal.
Could you please redo a scan and check if the option to save a log is available at the end of it ?

Regards.

Johyn · « **Reply #8 on:** April 28, 2017, 11:48:45 AM »

Ok, here it is.

Curson · « **Reply #9 on:** April 28, 2017, 07:25:45 PM »

Hi Johyn,

The report is not complete, but the [Suspicious.Path] detection is legit.

Regards.

Johyn · « **Reply #10 on:** April 28, 2017, 08:31:07 PM »

Ok, but what's lackin? I shouldn't mind the two 'simplitec'?

Curson · « **Reply #11 on:** April 28, 2017, 08:38:58 PM »

Hi Johyn,

Could you please do a screenshot of these detections ?

Regards.

Johyn · « **Reply #12 on:** April 29, 2017, 04:14:05 PM »

Is that ok?

Curson · « **Reply #13 on:** April 29, 2017, 06:00:45 PM »

Hi Johyn,

Yes, thats clearly PUP.
Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.

Regards.

Johyn · « **Reply #14 on:** April 29, 2017, 06:58:58 PM »

Author Topic: Tough simplitec (Read 24272 times)

Johyn

Tough simplitec

Curson

Re: Tough simplitec

Johyn

Re: Tough simplitec

Curson

Re: Tough simplitec

Johyn

Re: Tough simplitec

Curson

Re: Tough simplitec

Johyn

Re: Tough simplitec

Curson

Re: Tough simplitec

Johyn

Re: Tough simplitec

Curson

Re: Tough simplitec

Johyn

Re: Tough simplitec

Curson

Re: Tough simplitec

Johyn

Re: Tough simplitec

Curson

Re: Tough simplitec

Johyn

Re: Tough simplitec