My friend asked me for a clean up of his computer. I used avast to have a check. A few malware and junk is found.
Most are generic detection of the application “PPTV” (Win32:Malware-gen)
with Win32:Trojan-gen and Win32:GenMalicious-ANH [trj]
There is also an ugly warning about bad reputation pluggin in IE by avast.
Attached are picture showing the deep scan result and the pluggin warning
I know I need the scan log of MBAM and FRST, please wait, I will provide them in a few minutes
Edit: Oh boy! The link to download MBAM is hijacked to Chinese site ??? ???
Original: https://www.malwarebytes.org/getmbam
Now: htxp://malwarebytes-anti-malware.softonic.cn/download?ptn=malwarebytes
Is it safe?
Look like there IS a pluggin doing this. Did you guy heard of softonic?
Edit2: FRST download also failed. The page won’t even load, leaving a weird page layout. The attached picture “weird screen.jpg” show the half loaded webpage.
IE is flooded with weird download agent plugin which need remove.
Using a freshly installed Firefox, I am able to download MBAM and FRST. Log attached.
Weird there is google chrome entries even though chrome is not installed ???
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
I did a reset on IE, still get to softonic using https://www.malwarebytes.org/getmbam
Did a total clean up on the game (the computer is too slow, and this free up some 10GB from it) and QQ, Updated from IE8 to IE11 (you can see this computer is having very old set of software :-\ )
Though there is some leftover files:
C:\xuanfeng*
C:\Program Files (x86)\Garena Plus*
C:\Program Files (x86)\GarenaLoLTW*
C:\Program Files (x86)\Gunz2*
C:\Program Files (x86)\RC語音*
Edit: Now I know why pptv is not good! Even though I use the uninstaller, there is still a lot of folder leftover, especially the junk and adware in C:\Users\user\AppData\Roaming\PPlive. Software that is “Made in China” are usually rogue in this way
Edit: Sad new of this machine!! The harddisk suddenly beggin to produce sound and then all of a sudden I got a bsod of 0x0000007A. Since then I cannot boot successfully without a freeze or the message about not founding a boot media (guess it mean the harddisk). I guess this thread can end now.