Windows 10: Remove PUP application from DVD Drive (F:) CDROM

Oh dear, I'm not sure how you got that Reimage, but that's not something we want on your system. I hope Slartybart's posts were soon enough to get you out of that program. I looked at the Bleeping Computer link and I don't see any ads there for Reinage, even though I am not logged into the site, so I'm not sure what happened. *Sad

 

ReImage came from an ad on my link to SevenForums tutorial for TDSSkiller - myrnsterMash an I exchanged a few PMs and thankfully she was smart enough to only run only a scan - never pressed the repair button - phewwwww!

I also asked her to uninstall ReImage, will do.

I have a question for you simrick.

The Bleeping guide instructs the user to run the ESET single purpose cleaner and a few other on demand scans.
I deferred to your judgement but said at a minimum the ESET Poweliks cleaner should be run
I know what you're going to say, but since I already opened the can... Do you want myrnsterMash to run everything in the guide.

I'm fairly certain that myrnsterMash is already doing the recommendations and will post the logs when done.
She was a bit miffed by the click bait ReImage advert and understandably so. I told her to take a break, visit some friends, don't let this issue consume all of her time. Sooooo it might be a while before we know she hasn't fallen off the face of the earth *Wink

 

Ah - okay. You got her sorted, so thanks for that. *Wink I'm sorry - I had a bad situation yesterday and was not here much. Trying to clean someone's infected flash drives+computer; turned out, before I realized what I was dealing with, the worms traveled through my network and infected two of my computers before I could completely neutralize it. *Sad So, I've got 2 systems here which require an image restore; one is done and one is waiting for me. Learned my lesson. Next time all other systems will be shutdown, and the guest wifi will be used...I just wasn't expecting the severity I found.

I think she only needs to run the RKILL+ESET Poweliks remover tool (in that order). Chances are good that ESET will find nothing, but we need to be sure. Step #12 is the end - everything after that is for people who get an error that the ESET tool was unsuccessful.

Thanks!

p.s. I think ESET Online Scanner was stalling/having problems, so it may or may not work now, with Poweliks removed. They just recently updated everything on their scan site, and I've had 3 computers with similar issues with scanning, so I can't tell if it's their update or not. *Sad

 

simrick,

Sorry to hear you have worms *Wink

Focus on what you're battling - myrnsterMash and I will proceed with the plan (thanks for clarifying the bleeping guide)

We'll see if the ESET standalone exhibits any hangs - I don't expect it to - unlike the online scanner, it's a single purpose tool.

See ya when you get your machines all shiny again.

Bill
.

 

*What*Roflmao2*Roflmao2*Roflmao2

 

Myrna sent me a PM and said that ESET hung again when she followed the bleeping guide (similar to post# 32 I guess)

I recommended that Myrna post here on the thread so that other members can help when I'm not available (like tonight when I had a prior engagement)

I posted this recap to bring the thread up to date. Myrna will have to confirm what I posted is the correct status and provide logs of what has run so far.

Here's my reply:

I didn't include running Secunia PSI because I think Dism and SFC would perform the same function.

Right click the Windows icon

(aka Start button) on the Taskbar

Select Command Prompt (Admin)
Enter the following lines in the Command Prompt window:

Dism /Online /Cleanup-Image /RestoreHealth

SFC /ScanNow
If there are any errors on the screen after the commands run,
Navigate to C:\Windows\Logs
Right click the CBS folder
Select Send to > Compressed (zip) folder
answer yes to place on DesktopAttach the zip folder to your next post
Full tutorials:
Run DISM in Command Prompt
Run SFC /ScanNOW in Command Prompt

 

I thought posting the url for the Kaspersky link can understand the Reimage download:





https://adclick.g.doubleclick.net/pc...rl%253Dhttp://Online Computer Repair | Reimage PC Repair | Windows Repair | Reimageplus.com/includes/router_land.php?tracking=forum&lpx=slm

I clicked on the "Download Here" right under Kaspersky. Stupid me...heavy sigh

 

Thanks - that's what I thought. An ad looked like it was part of the tutorial.
Lots of people mistakenly click on an ad - it's not stupid, the advertisers are very clever.

So how far did you get with the bleeping guide after my PM reply?
How to remove the Poweliks Trojan (Removal Guide)
There were three things to do
1) Rkill
2) ESET Poweliks Cleaner<!> skip running ESET online scanner
3) HitmanPro<!> skip running Secunia PSI

If you ran those, please post the following logs
Desktop\ESETPoweliksCleaner.exe_<timestamp>.log
HitmanPro log

 

I wrote in my last post your link gave me a red flag of an infected site, so I googled RKill and went to Bleeping Computer's site and here is the snapshot:



Before I click on anything, it is the first link on the upper left out of the four choices, correct?

 

So, this is good, right?

RKill Download





So, do I use the download at the top of the page, or one of the links shown here?

 

Hi.
Top-left corner one should be fine - it will be rkill.exe; save to your desktop. The other three are exactly the same thing, only renamed, so to allow it to run if some infection is preventing the normally-named executable to run.

 

I have circled here what is the only real clue that this is an ad - very difficult to notice...*Sad

 

I'm glad you're asking these questions now - once bitten, twice shy and all that *Eek

One comment ... if a member points you to a guide - follow the guide. Google results can often take you places you don't want to go.
How to remove the Poweliks Trojan (Removal Guide)
Sometimes, it just requires a bit of reading - from the guide:
When at the download page, click on the Download Now button labeled iExplore.exe. When you are prompted where to save it, please save it on your desktop.




... and a little patience - wait for the download to begin without clicking anything else.
The download should begin on a new page shortly after hitting the button

I often just click on the link that says if your download doesn't automatically begin... - but that also might be cleverly obfuscated by an ad using similar language.
Direct download of Rkill renamed as iExplore.exe

It can get confusing, especially when tools protect themselves by a rename (Chameleon Mbam does a similar trick if malware prevents it from running).

Bottom line - ask. It's never a problem to double check Before *Cool

 

Just read simrick's post again.

I'm not contradicting her suggestion to download the standard Rkill.exe ... my post simply followed the guide where it said use the iExplore.exe download button.

I agree that any of the four Rkill download buttons, or even any of the renames in the Related Rkill downloads shown at the bottom of in your screen shot, would be fine.

Clear as mud?