1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Malware putting shortcuts on desktop

Discussion in 'Malware Removal Help' started by Ronald McClurg, Apr 16, 2015.

  1. Ronald McClurg

    Ronald McClurg

    Joined:
    Apr 16, 2015
    Messages:
    2
    Operating System:
    Windows 7
    Ok so every time I turn on my computer, I literally get about 50 download wizard popups trying to download something to my computer. They also put shortcuts on my desktop, it gets filled with them. I have run spyhunter, bought it. It gets rid of the pop ups but not the shortcuts. When i restart my computer, the popups and short cuts come back. Have also downloaded and ran spyware blaster. Each time, they find stuff on my computer and quarantine and get rid of it (supposedly) but when I turn my computer back on, there it is. Same stuff.
     
  2. allheart55 (Cindy E)

    allheart55 (Cindy E) Administrator Administrator

    Joined:
    Jun 11, 2009
    Messages:
    10,495
    Location:
    Pennsylvania
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    ASUS M4A77TD AM3 AMD 770 ATX AMD
    CPU:
    AMD Phenom II X6 1090T-Thuban 3.2GHz
    Memory:
    Crucial-DDR3 SDRAM 1333-8GB
    Hard Drive:
    WD Caviar Black SE HDD 640 GB - WD Caviar Black SE HDD 500 GB
    Graphics Card:
    Sapphire Radeon HD-7870 2GB
    Power Supply:
    CORSAIR CMPSU-750W
  3. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Ronald.

    In my opinion SpyHunter is a dubious program which is not very effective compared to others with a proven track record and I would not trust all the detections provided by its scanning engine.
    SpyHunter by Enigma Software Group (ESG) is a program that was previously listed as a rogue product on the Rogue/Suspect Anti-Spyware Products List because of the company's history of employing aggressive and deceptive advertising. It has since been delisted but Enigma still engages in deceptive advertising which violates several consumer protection laws in many states.

    AV-Test has not been able to include SpyHunter in their comprehensive testing analysis which would reveal how SpyHunter compares to anti-spyware competitors in terms of protection, detection, repair and usability. The reason for this is that the publisher, Enigma Software, has not been cooperative in submitting SpyHunter for testing at AV-Test...most likely due to the program's ineffectiveness and high rate of false positives.

    You may want to read some of the user comments posted on the: Complaints Board: Enigma Software Group Spyhunter Complaints & Reviews

    I'd recommend uninstalling this program.... there are much better programs out there.
     
    allheart55 (Cindy E) likes this.
  4. Ronald McClurg

    Ronald McClurg

    Joined:
    Apr 16, 2015
    Messages:
    2
    Operating System:
    Windows 7
    ok finally was able to run the softwares and get the logs. It keeps bogging down my computer and crashing it. Heres the logs. I uploaded the files. Is this what yall wanted?
     

    Attached Files:

  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Ronald,

    Thanks for the reports... let's get to work.

    Why are you still running a very out dated version of IE ?

    Step 1
    Please download the attached fixlist.txt file (bottom of this post) and save it to D:\Downloads.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.



    Step 2
    Download Combofix from any of the links below. Please rename it before saving it. Save it to your desktop.

    Link 1
    Link 2

    43c570796652d991e1e20da3e3b6dbf8.gif


    800cf471fe28906ff16e98b15f499276.gif

    This is an example, you may rename ComboFix to anything you want.

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
      For more information read:
      How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

      Then:

      Double click on Combo-Fix.exe & follow the prompts.

      Vista/Win7 users should right click on the icon and select Run as Administrator.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

      If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    26e77460a9cbaa26ac39f09f454a3e72.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    da265dcd8e88403401ae34d7ec7d9943.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    In your next reply, please submit:
    Fixlog.txt
    Combofix.txt


    Thanks.
     

    Attached Files:

Share This Page