Now this thing is infecting my whole computer and I don’t know how can I stop it from infecting my PC.
I don’t know almost anything on how to remove this worm so any help is great.
Thanks in advance!
my Attachments
- Open Notepad (click Start button → type notepad.exe → press Enter)
- Copy text from code block below and paste it into Notepad
() [File not signed] C:\Program Files (x86)\UltraViewer\UltraViewer_Service.exe
() [File not signed] C:\Users\Admin\AppData\Local\Temp\Rar$EXa2636.23969\UniKeyNT.exe
() [File not signed] C:\Windows\Resources\svchost.exe
() [File not signed] C:\Windows\Resources\Themes\explorer.exe
HKLM-x32\...\Run: [EXPLORER] => c:\windows\resources\themes\explorer.exe [133728 2020-04-06] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-2463837420-4148112972-3298945490-1001\...\Run: [UniKey] => C:\Users\Admin\AppData\Local\Temp\Rar$EXa2636.23969\UniKeyNT.exe [521216 2014-08-23] () [File not signed] <==== ATTENTION
IFEO\UpdateAssistant.exe: [Debugger] ntsd -d
IFEO\UpdateAssistantCheck.exe: [Debugger] ntsd -d
IFEO\Windows10Upgrade.exe: [Debugger] ntsd -d
IFEO\Windows10Upgrade28602.exe: [Debugger] ntsd -d
IFEO\Windows10UpgraderApp.exe: [Debugger] ntsd -d
IFEO\WindowsUpdateBox.exe: [Debugger] ntsd -d
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
VirusTotal: C:\Users\Admin\AppData\Local\Temp\Rar$EXa2636.23969\UniKeyNT.exe;C:\Windows\Resources\svchost.exe;C:\Windows\Resources\Themes\explorer.exe
C:\Windows\Resources\Themes\explorer.exe
c:\windows\resources\themes\explorer.exe
EmptyTemp:
- Go to File → Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
I open FRST but viral infection. Not OPEN it !
After that I download FRST and save it NOT to my Desktop => FRST viral infection continue, not OPEN.
I download FRST continue , and save it to my Desktop, and OPEN FRST => file fixlog.txt
My fixlog.txt
What is system status now?
- Previously, avast constantly reported infected files. Not now.
- Previously, opening a folder, avast informed the files in the infected folder. Now no more.
- I try to open an .exe installation file, then install normally. Avast did not see any message.
- Previously, avast constantly reported infected files. Now no more.
- Previously, opening a folder, avast informed the files in the infected folder. Now no more.
- I open an .exe installation file, then install normally. Avast did not see any message.
Please rename FRST64 to uninstall. Run it and FRST should be uninstalled.
FRST program opens directly for use, no installation required.
What I need to do? (delete FRST? or …?)
Did you rename the FRST64.exe file to uninstall.exe ?
If not do that and then run the uninstall.exe file, it should remove/uninstall it for you.
I am done (after that, the computer reboots).
Next, what do I need to do?
I am done (after that, the computer reboots). Next, what do I need to do?Make coffe, use your computer and surf safe ;)
It also would be nice to say thank you to Sass Drake and DavidR.
Thank you for help me!
Please help me again!
There’s a new problem: I previously stupid added some files to the exception or allowed them to open (I set up in Avast).
Today, I take these files out of the exception (or cancel the “enable setting in Avast”) => these files are infected with the Win32: VB - OJB virus (these files have been Avast her found in the chest virus as soon as I try to open them).
I deleted those files from my hard drive and in reclybin (these files are characterized by the same symbol).
I don’t know where this virus is in the computer.
So what do I do now?
So what do I do now?Then you start from the beginning ... new fresh FRST logs and wait for @Sass Drake
Thanhk you!
tomorrow I will take steps from the beginning.
I have started from the beginning … new fresh FRST logs
My attachments here.
FRST.txt is not complete. Please rescan and post new FRST logs.
Before I rescaned (FRST, Malwarebyte), I scanned the system with Avast, some infected files were put into the chest virus.
Here are my attachments.
Thank you very much!