Elektroda.com
Elektroda.com
X
Elektroda.com
Advanced Search
Elektroda.com

Gmaegames.pro Virus: Solve Redirect-from-Banner.html Chrome Issue on Windows Startup

Woocash21 3342 2
This content has been translated flag-pl » flag-en View the original version here.
| New topic
  • #1
    Woocash21
    Level 6  
    Hello
    A virus has appeared on your computer which, every time you start Windows, turns on the Chrome browser with the address gmaegames.pro/redirect-from-banner.html. I would ask for help on how to get rid of this virus. The attachment gives the files FRST.txt and Addition.txt. I think they should help solve the problem. Thanks in advance :D
    Attachments:
  • Helpful post
    #2
    Kolobos
    IT specialist
    Wykonaj Fixlist.txt dla FRST:
    Task: {10B2074A-1379-413B-A517-DD9382875D11} - System32\Tasks\SystemMaintanceService => C:\Users\Zalman\AppData\Roaming\FIFA.17.Eng.Repack\qyytomtd.exe
    Task: {D4367226-29DF-40A2-8CE7-C95AE111EDCD} - System32\Tasks\Zalman => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Zalman /t REG_SZ /d "explorer.exe hxxp://exinariuminix.info" explorer.exe hxxp://exinariuminix.info {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180621__yaie&p={searchTerms}
    FF NewTab: Mozilla\Firefox\Profiles\105z4ttc.default -> hxxps://pl.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180621__yaff
    FF SearchPlugin: C:\Users\Zalman\AppData\Roaming\Mozilla\Firefox\Profiles\105z4ttc.default\searchplugins\yahoo-lavasoft-ff59.xml [2018-08-04]
    CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> Default Search
    CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
    S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
    S3 WinRing0_1_2_0; \??\D:\Program Files (x86)\NZXT\CAM\CAM_V3.sys [X]
    2018-09-28 23:10 - 2018-10-13 12:28 - 000002612 _____ C:\WINDOWS\System32\Tasks\Zalman

    Po wykonaniu usun katalog C:\FRST i to wszystko.
  • #3
    Woocash21
    Level 6  
    No virus, thank you very much :D
| New topic