PUP.Optional.PCPerformer.A found?

Viruses and worms
1

I did a weekly scan of malwarebytes this afternoon (all updated and everything) and it discovered a file named PUP.Optional.PCPerformer.A. It’s location is: c:/windows/system32/roboot64.exe.

Is this a false positive or am I infected?

2

Please follow the instructions and attach the logs to your next post:
http://forum.avast.com/index.php?topic=53253.0

3

Monitoring :slight_smile:

4

FInally! Sorry it took so long. I had trouble finding the files. :stuck_out_tongue:

5

Hi,

You have been run both OTL and aswMBR two times. There is no need for that … :slight_smile:

Logs looks clean but we shall preform additional junk cleaning with zoek. This one here, run only one time!

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:


Uninstall-List;
C:\Windows\SysWow64\shortcut_ex.dat;i
EmptyCLSID;
C:\ProgramData\*.tmp;f
AutoClean;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

6

I had some trouble with Zoek and getting it to run so I have no idea if I did this right.

7

Hi,

Yes you did it good. :wink:

We need to run zoek one more time.
Disable antivirus and re-run Zoek tool as you did before but use this script:

ResetWMI;
Reboot;

After the restart please post me the fresh created zoek log.

8

Okay, great! :slight_smile: I’m glad I did it right.

Here is the log. I attached two because I wasn’t sure which one was the new one. Sorry, I am terrible with computers!

9

Magna is in bed now.

Its 2am here soon.

Check back later the day :slight_smile:

10

Okay, thank you!

11

Hi,

How is the computer behavior now? Is the problem solved now?

Only if problem still exists, post me the fresh OTL.txt logreport.

12

It’s working fine now. I did another scan with malwarebyes and it was clean. :slight_smile:

Thank you!

13

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

14

Allright done! :slight_smile: Do I need to attach the delfix log?

15

No, delete delfix.

16

Hi Desiree859,

No need for DelFix log and DelFix tool delete itself upon execution. :slight_smile: