Remove PUP application from DVD Drive (F:) CDROM

Page 6 of 14 FirstFirst ... 45678 ... LastLast
  1. myrnsterMash's Avatar
    Posts : 60
    Windows 10 32-bit x 64 processor
    Thread Starter
       #51

    I thought posting the url for the Kaspersky link can understand the Reimage download:

    Remove PUP application from DVD Drive (F:) CDROM-screenhunter_15-aug.-17-22.37.gif

    https://adclick.g.doubleclick.net/pc...rl%253Dhttp://Online Computer Repair | Reimage PC Repair | Windows Repair | Reimageplus.com/includes/router_land.php?tracking=forum&lpx=slm

    I clicked on the "Download Here" right under Kaspersky. Stupid me...heavy sigh
      My Computer

  2. Slartybart's Avatar
    Posts : 3,502
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       #52

    Thanks - that's what I thought. An ad looked like it was part of the tutorial.
    Lots of people mistakenly click on an ad - it's not stupid, the advertisers are very clever.

    So how far did you get with the bleeping guide after my PM reply?

    There were three things to do
    1) Rkill
    2) ESET Poweliks Cleaner
    <!> skip running ESET online scanner
    3) HitmanPro
    <!> skip running Secunia PSI

    If you ran those, please post the following logs
    Desktop\ESETPoweliksCleaner.exe_<timestamp>.log
    HitmanPro log
    Last edited by Slartybart; 18 Aug 2016 at 01:55. Reason: add link to bleeping guide and skip Secunia PSI
      My Computer

  3. myrnsterMash's Avatar
    Posts : 60
    Windows 10 32-bit x 64 processor
    Thread Starter
       #53

    Slartybart said:
    So how far did you get with the bleeping guide after my PM reply?
    I wrote in my last post your link gave me a red flag of an infected site, so I googled RKill and went to Bleeping Computer's site and here is the snapshot:
    Remove PUP application from DVD Drive (F:) CDROM-screenhunter_16-aug.-18-08.48.gif
    Before I click on anything, it is the first link on the upper left out of the four choices, correct?
      My Computer

  4. myrnsterMash's Avatar
    Posts : 60
    Windows 10 32-bit x 64 processor
    Thread Starter
       #54

    So, this is good, right?

    RKill Download

    Remove PUP application from DVD Drive (F:) CDROM-screenhunter_17-aug.-18-09.12.gif

    So, do I use the download at the top of the page, or one of the links shown here?
      My Computer

  5. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #55

    Hi.
    Top-left corner one should be fine - it will be rkill.exe; save to your desktop. The other three are exactly the same thing, only renamed, so to allow it to run if some infection is preventing the normally-named executable to run.
      My Computer

  6. simrick's Avatar
    Posts : 16,108
    W10Prox64
       #56

    myrnsterMash said:
    I thought posting the url for the Kaspersky link can understand the Reimage download:

    Remove PUP application from DVD Drive (F:) CDROM-screenhunter_15-aug.-17-22.37.gif


    I clicked on the "Download Here" right under Kaspersky. Stupid me...heavy sigh

    I have circled here what is the only real clue that this is an ad - very difficult to notice...

    Remove PUP application from DVD Drive (F:) CDROM-ad.png
      My Computer

  7. Slartybart's Avatar
    Posts : 3,502
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       #57

    myrnsterMash said:
    I wrote in my last post your link gave me a red flag of an infected site, so I googled RKill and went to Bleeping Computer's site and here is the snapshot:

    Before I click on anything, it is the first link on the upper left out of the four choices, correct?
    I'm glad you're asking these questions now - once bitten, twice shy and all that

    One comment ... if a member points you to a guide - follow the guide. Google results can often take you places you don't want to go.

    Sometimes, it just requires a bit of reading - from the guide:
    When at the download page, click on the Download Now button labeled iExplore.exe. When you are prompted where to save it, please save it on your desktop.

    Remove PUP application from DVD Drive (F:) CDROM-x-screenhunter_16-aug.-18-08.48.gif

    ... and a little patience - wait for the download to begin without clicking anything else.
    The download should begin on a new page shortly after hitting the button

    I often just click on the link that says if your download doesn't automatically begin... - but that also might be cleverly obfuscated by an ad using similar language.
    Direct download of Rkill renamed as iExplore.exe

    It can get confusing, especially when tools protect themselves by a rename (Chameleon Mbam does a similar trick if malware prevents it from running).

    Bottom line - ask. It's never a problem to double check Before
      My Computer

  8. Slartybart's Avatar
    Posts : 3,502
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       #58

    Just read simrick's post again.

    I'm not contradicting her suggestion to download the standard Rkill.exe ... my post simply followed the guide where it said use the iExplore.exe download button.

    I agree that any of the four Rkill download buttons, or even any of the renames in the Related Rkill downloads shown at the bottom of in your screen shot, would be fine.

    Clear as mud?
      My Computer

  9. myrnsterMash's Avatar
    Posts : 60
    Windows 10 32-bit x 64 processor
    Thread Starter
       #59

    For, whatever reason you are missing the most crucial point in the past couple posts. Your link is a BAD link for the "Powerliks Trojan (Removal Guide) url: How to remove the Poweliks Trojan (Removal Guide) with all the bells and whistles.

    Who is to say this is part of the Trojan doing its nastiness, but my anti-virus blocks me from this "infected site," and why I went to Bleeping Computer's site using Google to get to the actual authored program. I have to ask if you have used your link, lately, for the "How to remove the Poweliks Trojan (Removal Guide)?
    It might provide for some additional info. to help others with if a clean system allows for this "safe" download, but an infected system blocks it as "malicious," right? I am curious about this, as well, and why I ask if you have tried the link in the past few days.
      My Computer

  10. myrnsterMash's Avatar
    Posts : 60
    Windows 10 32-bit x 64 processor
    Thread Starter
       #60

    Rkill 2.8.4 by Lawrence Abrams (Grinler)
    BleepingComputer.com - News, Reviews, and Technical Support
    Copyright 2008-2016 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesnt - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software

    Program started at: 08/18/2016 03:12:54 PM in x86 mode.
    Windows Version: Windows 10 Home

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * C:\Users\MyrnaZ\AppData\Local\Temp\{7E6122F0-DB5E-430A-A6AE-6F73E75D1A32}\{BCCE466F-5194-418B-B7A4-55A77A6E62F6}.exe (PID: 16284) [T-HEUR]

    1 proccess terminated!

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * b06bdrv [Missing Service]
    * ebdrv [Missing Service]
    * iaLPSSi_GPIO [Missing Service]
    * iaLPSSi_I2C [Missing Service]
    * ibbus [Missing Service]
    * ksthunk [Missing Service]
    * mlx4_bus [Missing Service]
    * ndfltr [Missing Service]
    * PerfHost [Missing Service]
    * vpci [Missing Service]
    * WinMad [Missing Service]
    * WinVerbs [Missing Service]

    * NetTcpPortSharing => %systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [Incorrect ImagePath]

    * PrintNotify => C:\WINDOWS\system32\spool\drivers\W32X86\3\PrintConfig.dll [Incorrect ServiceDLL]

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * No issues found.

    Program finished at: 08/18/2016 03:17:30 PM
    Execution time: 0 hours(s), 4 minute(s), and 35 seconds(s)
      My Computer


 
Page 6 of 14 FirstFirst ... 45678 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 03:17.
Find Us




Windows 10 Forums