Windows 10: malware/ trojan attacking browsers

Yes, get some sleep. Thanks for the logs.

If this still exists on the system, please change the extension to "old" (i.e. abril.exe.old)

C:\Users\NEIL\AppData\Local\Apps\2.0\abril.exe

Open Services and stop/restart the following:

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

You posted a scan log for ADWCleaner. I need to know if you let it delete everything it found - that would be the clean log AdwCleaner[C1].txt or [C2] etc. ADWCleaner would have rebooted the machine to finish the cleaning.

Were you able to run the Sophos Remediation tool or no? Are you running Bitdefender on the system normally (instead of Windows Defender?)

 

If you can't get the Sophos Remediation tool running, please download and run FRST (be sure to choose the correct bit depth for your system, 32 or 64).
Farbar Recovery Scan Tool Download
Make sure the Addition.txt box is checked. Run the scan only. It will create 2 logs, please post them both.
FRST.txt and Addition.txt
These will be located in the same directory as the FRST application (usually Desktop). I'll have a look at those and see if we can't ferret out some of this manually.

 

phant0m2017,

IMO, You should run these two programs mentioned by Samuria in Post #2::
malware/ trojan attacking browsers - Windows 10 Forums

FRST, and also the Zoek tool.

They are excellent tools used in the Malware Removal arena.

 

Hi there ... I just gone into the app data file and there is no Abril.exe file . All that exists is Abril application. Abril .installlog , abril.installstate , abril.stt and installUtil.installLog + a file folder 76A16W2K.1VV. And a file folder named Data. And an STS file

 

I am now in services . In safe mode ! The windows firewall is already set on automatic . Also the DHCP client is also already set on automatic .

 

Running Zoek now . During the run script process a box has appeared . ipconfig.exe - system error box .....it says the program can't start because DNSAPl.dll is missing from your computer . Try reinstalling the program to fix this problem ???

 

i wasnt able to run the SOPHOS remediation tool as i cant get online. i dont have Bitdefender on my computer. i only made a bitdefender rescue CD when instructed to. with the ADWcleaner i did clean everything it found.

 

Based on what I am seeing in these logs, I'm sorry, but I have to bow out. I think you need to call in the big guns.
Am I infected? What do I do? Forum - BleepingComputer.com
Virus, Trojan, Spyware, and Malware Removal Logs Forum - BleepingComputer.com

Read the instructions here before posting:
Before You Post About A Problem - Am I infected? What do I do?

Create an account, start a new thread, wait for a trained expert to respond.

In the meantime, make sure your data is backed up, and remove the following programs:
Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering)
CCleaner 5.21.5700 (HKLM-x32\...\CCleaner 5.21.5700) (Version: 5.21.5700 - SandySeedings Team)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)

Note: If there is illegal/cracked software or keygens on the system, please remove that, or no legitimate help forum will assist.

 

Oh no !!! You got me worried now ........ ok I have deleted most but there is no body text feathering app (whatever that is)....also no HKLM showing up and also no B792 showing in programs and features. Do I have to delete every app that I have got through torrents eg. Adobe photoshop,microsoft office 2016 , nero 2016 etc... or just the keygens and files in my downliads folder ..?

 

(Body Text Feathering was showing in your installed programs. If you can't find it, they will get rid of it for you.)
Everything must be completely off the system. Torrents are notorious infection vectors, as are illegal software and keygens.

Follow the instructions here:
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help - Virus, Trojan, Spyware, and Malware Removal Logs
Post fresh FRST and Addition logs in your new thread. Be patient, as they are very busy, and all volunteers, just like us here.

 

Thanks for helping ... I deketed all the things I had on my computer that I had downloaded via torrents ....even though I cant get rid of afobe light room and bridge from the programs and features list ....and adobe creative cloud ......

 

Just one question..... what are addition logs ?

 

FRST creates 2 logs when you first run it - frst.txt and addition.txt. I believe the addition.txt will not be created on subsequent runs of the tool, unless you specifically check the box for it. They will need both logs from you.

 

AFAIK all of the reputable specialized computer disinfection fora (bleepingcomputer, malwaretips, malwarebytes, etc.) have strict anti-piracy policies.
Legalities and ethics of pirating licensed software aside, as @simrick pointed out, torrents, cracks, keygens and other illegally-obtained software poses a risk of ongoing and recurrent infection. And the system changes can interfere with cleanup. So, there's no point in the volunteer helpers devoting time to cleaning a machine that will most likely be reinfected, perhaps even during the cleanup process.

You'll need to fully uninstall all pirated/cracked/keygen software and any hosts files hacks, etc., in order to get help at the reputable disinfection fora.

MM

 

MoxieMomma,

You are On point!!

phant0m2017 MUST fully uninstall ALL pirated/cracked/keygen software, etc., to get help at the top ranked Malware Removal forums!!