Solved How do I remove the hacker screen Don't mess with the Honk

Dell Inspiron desktop - 4gb memory - 500...
August 28, 2020 at 14:33:13
Specs: Windows 10, 4.0 GB - 64 bit OS
Screen" put in by the Hacker. Need help to remove it. Started with a bogus Amazon Billing for $2,009 for a supposedly ordered McIntosh delivered in another location. Went to Amazon billing, Customer Service website and a supposed Amazon employee showing a badge of Amazon. He symphatized and talked to and said he will remove the Hacker Screen and Billing. Turned out he wanted me to buy an App, Cisco NETWORK app for $899. When I refused, he cut me off and left me with the Hacker screen and a bogus Billing.

Need desperate help to remove the screen so I can use the Laptop. Thanks.


See More: How do I remove the hacker screen Dont mess with the Honk


✔ Best Answer
September 2, 2020 at 01:53:39
There is only 1 file to download, this is the file you should have downloaded.
https://www.softpedia.com/dyn-postd...

If that is the the same as you have downloaded & it needs updating, do so.



#1
August 28, 2020 at 15:30:38
Oh, boy.

It's hard for me to believe this ever really happens.

Like way too many other things.

-- Jeff, in Minneapolis


Reply ↓  Report •

#2
August 28, 2020 at 15:31:42
One for Johnw I think...

Lesson here... If you didn't buy something from Amazon or anywhere else prior to the "billing email" - don't respond to that email. Contact Amazon first in this case - over the phone... - using their online bona-fide "contact us" sequences.

If possible go via another computer on which you "haven't" opened/reacted to that email.

When you see a humungous bill (unexpectedly) regard it as fake; and delete the email immediately. Hackers and ransomeware trade on you being anxious to clear the situation... and thus they grab you.... If the email is genuine... it (the bill) will also show up on your credit card statements - whch you can check over the phone?

Likely when you opened the email you were redirected to the spoof/fake Amazon site and the rest is history.


Reply ↓  Report •

#3
August 28, 2020 at 15:49:15
Lets start here. Let me know if you can't use these tools this way.

Here are the first 2 steps, more steps will be needed, after I see the results of these logs.

Step 1: Run AdwCleaner
https://www.softpedia.com/get/Antiv...
https://www.bleepingcomputer.com/do...
https://www.malwarebytes.com/adwcle...
https://toolslib.net/downloads/view...
Close all open programs and internet browsers.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan Now
Click on Quarantine for all it finds.
Reboot.
Please Copy & Paste the contents of that logfile with your next reply.
https://i.imgur.com/qERgl4y.gif

Step 2: Run Malwarebytes Anti-Malware ( MBAM ) Use Threat Scan. Make sure Rootkit scan is on.
https://www.softpedia.com/get/Antiv...
https://www.freewarefiles.com/Malwa...
https://www.freewarefiles.com/scree...
https://www.malwarebytes.org/downlo...
Forum
https://www.malwarebytes.org/forums/
FAQ - Malwarebytes won't run or failed to resolve my issues
https://forums.malwarebytes.com/top...
Scanning, you will get something like this.
https://i.imgur.com/4NZ5Qw0.gif
https://i.imgur.com/rRfr1oD.gif
https://i.imgur.com/tShE6tQ.gif
https://i.imgur.com/iJZHDC0.gif
After a restart ( if required ) Copy & Paste the contents of the scan into your reply.
If too large, upload to a site of your choosing.
Follow these directions, until you get to Export.
https://support.malwarebytes.com/hc...

message edited by Johnw


Reply ↓  Report •

Related Solutions

#4
August 28, 2020 at 17:23:58
"Turned out he wanted me to buy an App, Cisco NETWORK app for $899. When I refused, he cut me off"

Did you contact Amazon directly or was their a number on your screen? Sounds a twist on Ransomware - Invoice Fraud. It's hit Amazon & several other online retailers lately. I highly doubt Amazon would have hung up on you unless you were being excessively belligerent & even if you were, they would probably try to talk you down off the ledge.
https://www.pymnts.com/news/b2b-pay...

message edited by riider


Reply ↓  Report •

#5
August 29, 2020 at 02:29:16
# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-29-2020
# Duration: 00:00:16
# OS: Windows 10 Pro
# Cleaned: 17
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\SecuritySuite
Deleted C:\ProgramData\TotalAV
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV

***** [ Files ] *****

Deleted C:\Users\cuadr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TotalAV.lnk
Deleted C:\Users\cuadr\Downloads\TOTALAV_SETUP.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant

***** [ Chromium (and derivatives) ] *****

Deleted Amazon Assistant for Chrome - pbjikboenpfhbbejgkoklgkhjpfogcam
Deleted Search Encrypt - gnlabkgljnlaidbnocfhgdeajcgmahml
Deleted Search Extension by Ask - jbldcomffojmkkjbblhcebeicbncmjpf
Deleted cmclajginlihohopoeofghddnhpplhom
Deleted dhhjmlmdpcpiojiffodbldlkgcnaeogp
Deleted djgojpphcoccgjoafgdhiomafpcopmfn
Deleted gjkpcnacdgdlpfejlgflolpaigoicibh
Deleted mppnoffgpafgpgbaigljliadgbnhljfl
Deleted nafaimnnclfjfedmmabolbppcngeolgf

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2655 octets] - [29/08/2020 01:59:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


Reply ↓  Report •

#6
August 29, 2020 at 02:43:41
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-29-2020
# Duration: 00:00:16
# OS: Windows 10 Pro
# Cleaned: 17
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\SecuritySuite
Deleted C:\ProgramData\TotalAV
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV

***** [ Files ] *****

Deleted C:\Users\cuadr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TotalAV.lnk
Deleted C:\Users\cuadr\Downloads\TOTALAV_SETUP.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\SSProtect
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant

***** [ Chromium (and derivatives) ] *****

Deleted Amazon Assistant for Chrome - pbjikboenpfhbbejgkoklgkhjpfogcam
Deleted Search Encrypt - gnlabkgljnlaidbnocfhgdeajcgmahml
Deleted Search Extension by Ask - jbldcomffojmkkjbblhcebeicbncmjpf
Deleted cmclajginlihohopoeofghddnhpplhom
Deleted dhhjmlmdpcpiojiffodbldlkgcnaeogp
Deleted djgojpphcoccgjoafgdhiomafpcopmfn
Deleted gjkpcnacdgdlpfejlgflolpaigoicibh
Deleted mppnoffgpafgpgbaigljliadgbnhljfl
Deleted nafaimnnclfjfedmmabolbppcngeolgf

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2655 octets] - [29/08/2020 01:59:12]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


Reply ↓  Report •

#7
August 29, 2020 at 02:45:19
# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-29-2020
# Duration: 00:00:27
# OS: Windows 10 Pro
# Scanned: 31837
# Detected: 17


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\ProgramData\TotalAV
PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite

***** [ Files ] *****

PUP.Optional.Legacy C:\Users\cuadr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TotalAV.lnk
PUP.Optional.TotalAV C:\Users\cuadr\Downloads\TOTALAV_SETUP.EXE

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.PCProtect HKCU\Software\SSProtect
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant

***** [ Chromium (and derivatives) ] *****

Adware.Mindspark Search Extension by Ask - jbldcomffojmkkjbblhcebeicbncmjpf
PUP.Optional.AmazonBrowserBar Amazon Assistant for Chrome - pbjikboenpfhbbejgkoklgkhjpfogcam
PUP.Optional.HighLightly cmclajginlihohopoeofghddnhpplhom
PUP.Optional.Ilivid mppnoffgpafgpgbaigljliadgbnhljfl
PUP.Optional.Ilivid nafaimnnclfjfedmmabolbppcngeolgf
PUP.Optional.Legacy dhhjmlmdpcpiojiffodbldlkgcnaeogp
PUP.Optional.Legacy gjkpcnacdgdlpfejlgflolpaigoicibh
PUP.Optional.MyWordTool djgojpphcoccgjoafgdhiomafpcopmfn
PUP.Optional.SearchEncrypt Search Encrypt - gnlabkgljnlaidbnocfhgdeajcgmahml

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


Reply ↓  Report •

#8
August 29, 2020 at 02:53:30

# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-29-2020
# Duration: 00:00:27
# OS: Windows 10 Pro
# Scanned: 31837
# Detected: 17


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy C:\ProgramData\TotalAV
PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite

***** [ Files ] *****

PUP.Optional.Legacy C:\Users\cuadr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TotalAV.lnk
PUP.Optional.TotalAV C:\Users\cuadr\Downloads\TOTALAV_SETUP.EXE

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.PCProtect HKCU\Software\SSProtect
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant

***** [ Chromium (and derivatives) ] *****

Adware.Mindspark Search Extension by Ask - jbldcomffojmkkjbblhcebeicbncmjpf
PUP.Optional.AmazonBrowserBar Amazon Assistant for Chrome - pbjikboenpfhbbejgkoklgkhjpfogcam
PUP.Optional.HighLightly cmclajginlihohopoeofghddnhpplhom
PUP.Optional.Ilivid mppnoffgpafgpgbaigljliadgbnhljfl
PUP.Optional.Ilivid nafaimnnclfjfedmmabolbppcngeolgf
PUP.Optional.Legacy dhhjmlmdpcpiojiffodbldlkgcnaeogp
PUP.Optional.Legacy gjkpcnacdgdlpfejlgflolpaigoicibh
PUP.Optional.MyWordTool djgojpphcoccgjoafgdhiomafpcopmfn
PUP.Optional.SearchEncrypt Search Encrypt - gnlabkgljnlaidbnocfhgdeajcgmahml

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


Reply ↓  Report •

#9
August 29, 2020 at 03:01:16
Johnw, I copied, paste and sent the Logfile to you through Reply. Not sure if I did it right! What is this:
https://i.imgur.com ....... how do I use it? Also, I'm using another computer which is not infected by the hacker. When this is done, will my infected Laptop work as normal?

Its now 3 o'clock PT and I will complete Step two when I wake up.

Thanks.


Reply ↓  Report •

#10
August 29, 2020 at 03:34:27
"Not sure if I did it right!"
Yep, that is Ok Ray.

"What is this"
Did you click on that link & see what it shows? In other words, does it show what you wanted to show.

"When this is done, will my infected Laptop work as normal?"
That's the plan.

I'm here.
https://www.timeanddate.com/worldcl...

message edited by Johnw


Reply ↓  Report •

#11
August 29, 2020 at 09:42:07
Did you deliberately install TotalAV Security?

Reply ↓  Report •

#12
August 29, 2020 at 11:05:35
Hi riider: Yes, I bought that App and installed it deliberately in March 2020.

message edited by raycuadro


Reply ↓  Report •

#13
August 29, 2020 at 11:12:24
Hi Jeff Root,
Unfortunately, I was one of those $19 million victims this hacker trapped, just one of those non-savvy amateurs.

Reply ↓  Report •

#14
August 29, 2020 at 13:56:15
"I bought that App and installed it deliberately in March 2020"

It's complete garbage. Get rid of it ASAP. Win10's built-in AV software is perfectly adequate. It's very possible your system got infected because of the useless TotalAV software "protecting" it. The makers of TotalAV created numerous AV review sites & then rated their product #1. No legit AV review site ever includes TotalAV in their tests. Did you notice Malwarebytes flagged it & removed it?

https://www.logitheque.com/en/artic...


Reply ↓  Report •

#15
August 29, 2020 at 17:36:21
riider,

Per your recommendation, I uninstalled TotalAV today. Apparently, I cannot ask for a refund, hahaha

Thanks.


Reply ↓  Report •

#16
August 29, 2020 at 17:50:48
Johnw: Step 2 - freeware Files/Malwares

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/29/20
Scan Time: 5:07 PM
Log File: c9f9f930-ea54-11ea-9678-0025648b1fd5.json

-Software Information-
Version: 4.2.0.82
Components Version: 1.0.1025
Update Package Version: 1.0.29213
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1016)
CPU: x64
File System: NTFS
User: DESKTOP-ART4CPS\cuadr

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 257286
Threats Detected: 23
Threats Quarantined: 23
Time Elapsed: 4 min, 48 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
PUP.Optional.MindSpark, HKU\S-1-5-21-2209215530-3126902509-3200792082-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|jbldcomffojmkkjbblhcebeicbncmjpf, Delete-on-Reboot, 722, 848756, , , , , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.MindSpark, C:\USERS\CUADR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\jbldcomffojmkkjbblhcebeicbncmjpf, Delete-on-Reboot, 722, 848756, 1.0.29213, , ame, , ,
PUP.Optional.MaxWebSearch, C:\USERS\CUADR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Delete-on-Reboot, 369, 794066, , , , , ,

File: 20
PUP.Optional.MindSpark, C:\USERS\CUADR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 722, 848756, , , , , AD71B615B2801092531B5DA58A290ED4, 6AF0C26A18BCBF713A536C7F1B3E9C2DE6ECBA20F3310B2021884F5D222D8B91
PUP.Optional.MindSpark, C:\USERS\CUADR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 722, 848756, , , , , A0F0C6051364C36946CD928AB80F24D5, B17F8EC461611EA59A07BD0B3751A36E9F9C8FF0FA9A19DB1808F71739B54A0D
PUP.Optional.MindSpark.Generic, C:\USERS\CUADR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JBLDCOMFFOJMKKJBBLHCEBEICBNCMJPF\50.189.18.30281_1\MANIFEST.JSON, Delete-on-Reboot, 1818, 443122, 1.0.29213, , ame, , 1156C17F1A455A9D01A55296EF1E10CB, E6553A69B3A7B48E28E6A941267CAF103145027799854634C52EBEC01250F60A
PUP.Optional.TotalAV, C:\PROGRAM FILES (X86)\TOTALAV\TOTALAV.EXE, Delete-on-Reboot, 9104, 849702, 1.0.29213, , ame, , 38CD23DF533D566251A61B554821F3B7, D37D2E9A7DC8E520ABAC5B0CFE5791E53E5DCDAF9D32CFD32906F37EAFE9DB58
PUP.Optional.TotalAV, C:\PROGRAM FILES (X86)\TOTALAV\SECURITYSERVICE.EXE, Delete-on-Reboot, 9104, 849702, 1.0.29213, , ame, , 01307989F1BECED2C070B1BC4BBDB69E, 66A89E4D47D72C95D86E8369616AA69B4198942B92DC88F00EE99ABF82BD8080
PUP.Optional.TotalAV, C:\USERS\CUADR\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TOTALAV.LNK, Delete-on-Reboot, 9104, 795103, 1.0.29213, , ame, , 62E53017C7FE0826AA05874A0A36C6CB, 848D2C410E54BB98635AC7B391299F7AE99E0A0063D3C712A0ADCE289F0F7A7D
PUP.Optional.TotalAV, C:\USERS\CUADR\DOWNLOADS\TOTALAV_SETUP.EXE, Delete-on-Reboot, 9104, 849702, 1.0.29213, , ame, , BBF692903122965672CEA367627E42F4, 87A63647E7FAD88EFBE394348784EDCA3F9F5AEB006CB15909793F477767D503
PUP.Optional.TotalAV, C:\PROGRAM FILES (X86)\TOTALAV\PASSWORDEXTENSION.WIN.EXE, Delete-on-Reboot, 9104, 849702, 1.0.29213, , ame, , 86BA53F403253988ED1F0092C46E6069, 2BF1747BC9C9014CCEA61F9DC8738C220EDDBA7053C8D83178A5D4F2A6199BF7
PUP.Optional.TotalAV, C:\USERS\PUBLIC\DESKTOP\TOTALAV.LNK, Delete-on-Reboot, 9104, 795103, 1.0.29213, , ame, , 0504FD0A75034497F26640C4B7300B67, 059AA94B2D5103146319D18E2975AA9EB524F720B6521C0E6F411EFDC3D6CB33
PUP.Optional.TotalAV, C:\USERS\CUADR\APPDATA\ROAMING\Microsoft\Windows\Recent\TotalAV.lnk#7712879751F6186D.lnk, Delete-on-Reboot, 9104, 795103, , , , , EFCA70A1C47108874E79D46733E28DFC, EBBD483AE6111ACBB98442D9978EFD3263CE2D3163A342454E6E9D9464568F7E
PUP.Optional.TotalAV, C:\ADWCLEANER\QUARANTINE\V1\20200829.020037\1\TOTALAV.LNK#7712879751F6186D, Delete-on-Reboot, 9104, 795103, 1.0.29213, , ame, , 7A13B04A925E3AAAEB8D7BE386B9D307, DCEE99FE6980F934B4FE8E60585F713B1777AE188FCFB010B1711A281298F3CA
PUP.Optional.MaxWebSearch, C:\Users\cuadr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Delete-on-Reboot, 369, 794066, , , , , C5F0B1B7DCF447D2849B668A5E8F5C49, D33A8CC7BD59FFA0C6A4F2829B3FF7E3D96F06891466BA2CCFED119E3F4E4621
PUP.Optional.MaxWebSearch, C:\Users\cuadr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000369.log, Delete-on-Reboot, 369, 794066, , , , , 9C08611F7DE678696FD16C6220C509DE, 2496528CFA8C2DB6CBE992E1B5582F41E6FA89D6D7F6648577ACD036DC5C384D
PUP.Optional.MaxWebSearch, C:\Users\cuadr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000371.ldb, Delete-on-Reboot, 369, 794066, , , , , CAEE59398E843C420C202676FB42C28C, AC4717C24DB6F4C346824500C043334F47F308A9DD07C7CE710B54887E9A08A9
PUP.Optional.MaxWebSearch, C:\Users\cuadr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Delete-on-Reboot, 369, 794066, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.MaxWebSearch, C:\Users\cuadr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Delete-on-Reboot, 369, 794066, , , , , ,
PUP.Optional.MaxWebSearch, C:\Users\cuadr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Delete-on-Reboot, 369, 794066, , , , , E5699FB8770A2E1212FAE57589343A6C, A253F10C1CF4034DD9683D06C5C27460958A297247444A1581CF77ED814B13AE
PUP.Optional.MaxWebSearch, C:\Users\cuadr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Delete-on-Reboot, 369, 794066, , , , , 46DDF5F8D04F8437599663E467567931, B5F4EA0D1F1B4F03F5AC9F13F185677FA9C29A237CE1903B4668F92AE9FF9F54
PUP.Optional.MaxWebSearch, C:\Users\cuadr\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Delete-on-Reboot, 369, 794066, , , , , E9EB68DF61AB04311834C388C5F607D3, 3C443A81A44CC1FF7741C5BA9001779AE87A345B62FBDFB3DDDDA6276DD1FCCF
PUP.Optional.MaxWebSearch, C:\USERS\CUADR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 369, 794066, 1.0.29213, , ame, , 22D527E016A2B18B3CF1C8E20BEF356C, 95418FBCF942319B3F073E14D6B180E469843556FC93596B9B574B7C4CFE78E3

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


Reply ↓  Report •

#17
August 29, 2020 at 18:27:44
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt) on the Desktop.
The logs are large, upload them using one of these. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
https://www.fileconvoy.com/ or, https://imgur.com/upload
https://i.imgur.com/7UiiqWr.gif
https://i.imgur.com/6N1gfOj.gif
http://www.filedropper.com/
https://go4up.com/

Reply ↓  Report •

#18
August 29, 2020 at 21:28:31
Johnw:
Did not have much luck downloading starting below:

https://www.malwarebytes.org/downlo...
Forum
https://www.malwarebytes.org/forums/
FAQ - Malwarebytes won't run or failed to resolve my issues

https://forums.malwarebytes.com/top...
Scanning, you will get something like this.
https://i.imgur.com/4NZ5Qw0.gif
https://i.imgur.com/rRfr1oD.gif
https://i.imgur.com/tShE6tQ.gif
https://i.imgur.com/iJZHDC0.gif
After a restart ( if required ) Copy & Paste the contents of the scan into your reply.
If too large, upload to a site of your choosing.
Follow these directions, until you get to Export.
https://support.malwarebytes.com/hc...


Reply ↓  Report •

#19
August 29, 2020 at 21:52:33
"Did not have much luck downloading starting below"
I don't understand Ray, you have already done an Malwarebytes scan & posted the log.

Reply ↓  Report •

#20
August 29, 2020 at 22:08:19
This 'hacker screen'--is it just the background screen? Is it just annoying or is it preventing full usage of the laptop? (You seem to be able to run malware scans.) I remember having a similar problem way back with windows 98. It turned out malware had replaced my background screen with one of its own, complete with its own error messages.

IF that's it and, by chance, you can get to SETTINGS--PERSONIZATION you can change it back to one of the stock pictures.


Reply ↓  Report •

#21
August 29, 2020 at 23:40:03
Johnw,

New Development - Need your Help!!

I unpluged my infected HP Laptop 2 days ago, 28th of August, and have not used it since then. I plugged the Laptop today and the "Hacker Screen" disappeared while there's an Advanced Password Manager Scanned Result showing 4 Categories: Passwords (353), Credit Card (0), Profiles (31) and Social Security Numbers (5). I tried to print the Summarized Results but Control + P won't do it. Can you suggest how to print this summary?

The Screen shows a Recommended Action: Create an Account to protect your identity. How do I do that?

Looks like this Advanced Password Manager was installed by the Hacker because there's an ICON for it.

Now, what do you suggest I do? I can hit the X botton on the upper right and this Summary disappears.
And, do you think I have to follow through with the steps you sent me earlier to remove the infections?



Reply ↓  Report •

#22
August 29, 2020 at 23:45:22
DAVEINCAPS, Thanks for your suggestion. You know, I would have tried but the "Hacker Screen" disappeared when I plug in my Laptop back this morning. Don't know how and why!

Reply ↓  Report •

#23
August 30, 2020 at 07:40:10
"there's an Advanced Password Manager Scanned Result showing 4 Categories"

Your system is still infected. Disable the wireless on the laptop until the system is infection free. Is "Advanced Password Manager" another program you deliberately installed? It's malware & should be uninstalled immediately.

"As soon as Advanced Password Manager is established, it performs an unauthorized scan immediately, flashing numerous privacy issues, such as endangered:

Passwords;
Credit Card details;
Profiles/phone numbers;
Social Security numbers.

Users will most likely see hundreds of such items displayed by the Advanced Password Manager, claiming that all of the information is endangered. As soon as they want to “fix” these issues, they are redirected to a registration page, where they find out that the service is not free. It is a common way to extort users' money illegally, and, unfortunately, those who agree to pay are liable for consequences themselves."



Reply ↓  Report •

#24
August 30, 2020 at 10:02:32
Johnw,

Will try Step 2 again today.


Reply ↓  Report •

#25
August 30, 2020 at 11:31:22
Just to add....I highly doubt Advanced Password Manager was installed by a "hacker". It's more likely that you installed some freebie program & Advanced Password Manager went along for the ride. It may have even been bundled with TotalAV. Regardless, I suspect your problems are self-inflicted, not the work of a hacker at all. You'll have to get rid of ALL that garbage software before going back online with the laptop.

Download CCleaner Portable & Revo Uninstaller portable using a different computer & then copy the programs to a USB jumpdrive. Insert the jumpdrive into a USB port on the laptop & run the programs directly from there. Starting with CCleaner, select Custom Clean, then run the Cleaner & remove everything it finds. You may want to check or uncheck boxes in the column to the left before running it. After that, click Registry, Scan for Issues, then fix all. No need to back up. Finally, click Tools > Startup. At the lower right, click "Save to text file..." & then post the contents of the file.
CCleaner Portable 5.70 Direct Download

Use Revo Uninstaller Portable to uninstall any suspicious programs. Pick a program from the list, right click & choose Uninstall. On the 1st screen you'll have the option to create a Restore Point (or not), the selected program's uninstaller will then run & after it's complete, the Revo window will remain. Be sure Advanced is checked, then click next. If anything is displayed on the next window, Select All, then Delete All.
Revo Uninstaller Portable Direct Download

After doing all that, reboot.

message edited by riider


Reply ↓  Report •

#26
August 30, 2020 at 16:10:18
riider,

I'll follow your latest instructions # 25 and not run # 3, Step 2 of the previous. Will also not run the Farbar Recovery Scan Tool #17.

I am just curious if the Hacker Screen just happened and disappeared later.

Will let you know what happened next after the Reboot.


Reply ↓  Report •

#27
August 30, 2020 at 16:39:12
"Will also not run the Farbar Recovery Scan Tool #17"

Lets see if this will run.

Download Dr.Web CureIt and save it to your Desktop. DO NOT perform a scan, until you get it on your desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
https://www.softpedia.com/get/Antiv...
http://filehippo.com/download_dr_we...
http://www.freedrweb.com/cureit//
http://www.freedrweb.com/cureit/?ln...
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Documentation
http://download.geo.drweb.com/pub/d...

Copy & Paste the contents of the log into a text file & upload it.
Upload it using one of these. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
https://www.fileconvoy.com/ or, https://imgur.com/upload
https://i.imgur.com/7UiiqWr.gif
https://i.imgur.com/6N1gfOj.gif
http://www.filedropper.com/
https://go4up.com/

message edited by Johnw


Reply ↓  Report •

#28
August 30, 2020 at 17:06:11
"Will try Step 2 again today"
Malwarebytes did not find/quarantine Advance Password Manager the first time, because it is an Microsoft app.
https://www.microsoft.com/en-au/p/a...

Whenever you see a $ sign or a Free trial, forget it, there are plenty of Free programs for virtually everything.


Reply ↓  Report •

#29
August 30, 2020 at 23:23:02
Johnw and Riider,

I'm getting help and instructions from Riider on #23 (Aug 30) and #25 (Aug 30).Thanks Riider but I am following Johnw's instruction so it will not get complicated.

Johnw,

I'll run #27, Dr Web and #28 and will send you the results. Do you want me to Run #17, Farber Recovery Scan Tool. What do you say?


Reply ↓  Report •

#30
August 31, 2020 at 00:02:12
"What do you say?"
I'll let you know when, run Dr.web next.

message edited by Johnw


Reply ↓  Report •

#31
August 31, 2020 at 15:08:01
Johnw:

"Download Dr.Web CureIt and save it to your Desktop. DO NOT perform a scan, until you get it on your desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop."

Downloaded all to DESKTOP. How do I SCAN all of these Dr Curelt apps?
Will run the other half after I scan all of the downloaded apps.
Will Copy & Paste the contents of the log into a text file & upload it.
Upload it using one of these. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
https://www.fileconvoy.com/ or, https://imgur.com/upload
https://i.imgur.com/7UiiqWr.gif
https://i.imgur.com/6N1gfOj.gif
http://www.filedropper.com/
https://go4up.com/

message edited by raycuadro


Reply ↓  Report •

#32
August 31, 2020 at 23:01:14
Free File Sharing Services
Use it now!!! No registration required

File upload form

1. A first time user, read this.
2. Choose the file(s) to send

3. Options
I wish to use e-mail notifications

Delete the file(s) in
5 days
4. Submit the form
Check if you have read the terms of use (mandatory).


Why should you use this service instead of others?
Files are often too large to be sent by e-mail
Most of the time, e-mail is used to send files over the Internet. Nevertheless, most e-mail services have size restrictions related to the attachments. These restrictions are usually below a few megabytes. FTP can be an option however it is more complicated to use and requires additional infrastructure such as downloading, installing and configuring Client and Server software as well as Security. There is an easy to use alternative: FileConvoy.

Only a browser is required to send large files
This site lets you send or share files without size limitations using only your browser. The supported browser versions are listed into the FAQ section. Simply select your files and click on the button "Upload". When the upload is finished, links (url) will be displayed. These links will be used by the recipients to retrieve the files you sent. Copy them and send them to the desired recipients.

Optionally, you can use the e-mail notification option. In this case, the recipients will be notified by e-mail that you sent them some files. This e-mail will include a link required to retrieve them. You will receive e-mails to confirm your upload as well as a notification that the recipients have downloaded the files.

This service is FREE - You can use it NOW!
This service is free and you can use it right now. No registration is required. The form to upload a file is at the top of this page. Optionally, you can use the email notification right away. You can test the notification option by sending a file to yourself! The whole process will take less time than it took you to read the above text.

If you like this service, bookmark this page.

Anyone can use this service
We believe that this service is valuable for every type of user: from corporate to individuals. Please, talk about us! You can use the Tell a friend page to do so.

We care about your privacy
The information you supply will only be used to provide this service. We will not sell, share or give it to third parties or use it for others purposes. Refer to our Privacy Statement and Terms of Use for more details.


Contact Us | First Time Users | Privacy Statement | Terms of Use | Site map© 2007-2019, File Convoy


Reply ↓  Report •

#33
August 31, 2020 at 23:11:54
Johnw,

Completely I don't know what I am doing now, Can you get back and check what I have to do NEXT to
continue.

Thanks.


Reply ↓  Report •

#34
August 31, 2020 at 23:49:24
Have you run Dr.Web & got the log Ray?
If you have run Dr.Web, the log should be on your Desktop.
If not, where is it?


Reply ↓  Report •

#35
September 1, 2020 at 11:53:00

https://www51.zippyshare.com/v/R5tO...


message edited by raycuadro


Reply ↓  Report •

#36
September 1, 2020 at 15:37:14
I stopped using Zippyshare years ago Ray, it became full of Adware, nothing has changed, I did not download the Farbar file named FRST that you have uploaded..

Reply ↓  Report •

#37
September 1, 2020 at 21:37:56

I downloaded Dr Web and got 4 apps which I cannot open. It gave me a blank screen - licensed and "Updates and a warning that the Virus databases are out of order" .

What's my next step?


Reply ↓  Report •

#38
September 2, 2020 at 01:53:39
✔ Best Answer
There is only 1 file to download, this is the file you should have downloaded.
https://www.softpedia.com/dyn-postd...

If that is the the same as you have downloaded & it needs updating, do so.


Reply ↓  Report •

#39
September 2, 2020 at 18:25:51
Johnw,

First, let me tell an ironic story - - I told my son who lives in Manhattan, New York that I got hacked last Friday, Aug 28. and, immediately, he advised me not to use my Laptop. I unplugged the Infected Laptop and used my Dell if I need to use a computer.
I did not tell him I am working with you, Computing.net, for that problem.

I did not know he contacted one of his friends who is in the business and this morning he called me and said his friend fixed my infected Laptop.

Johnw, let me tell you I'm grateful for the help you extended me, the time and the patience you afforded.

Thanks again. You might not remember but you gave me help in 2016, I think, when I was stuck with a problem.

Ray Cuadro


Reply ↓  Report •

#40
September 2, 2020 at 18:39:17
I also wondered if you remembered Ray.

You are still making the same mistakes as you did previously.
Google evrything, particually programs you are not sure of, then to give yourself extra protection, use Unchecky. which is listed in this post.
https://www.computing.net/answers/s...


Reply ↓  Report •

#41
September 2, 2020 at 19:26:02
Johnw,

I went back for the date you helped me - 2014, 6 yrs ago! Wow!

Need more explanations - Are you telling me NOT to use Google so I won't expose my self to unwanted apps? And Unchecky? Is it in "https://www.computing.net/answers/s...
when I open it? What does unchecky do? I have not opened the program yet. Cautious!


Reply ↓  Report •

#42
September 2, 2020 at 19:45:13
"Are you telling me NOT to use Google"
Exact opposite, google everything you are not sure of & want more info.

Unchecky will help prevent pup's. When you install a program with pup's, it hopefully will prevent them being installed.
After being infected, now is not the time to be cautious, when you are being steered to something that will help.

message edited by Johnw


Reply ↓  Report •

#43
September 2, 2020 at 19:49:58
For future reference, it'd be helpful if we know what he did to fix it.

Reply ↓  Report •

#44
September 3, 2020 at 10:49:04
DAVEINCAPS,

Sorry, my son just told me the Infected Laptop was fixed, I did not know how it was done.


Reply ↓  Report •

#45
September 3, 2020 at 12:25:41
Perhaps he can tell you (with a little prompting) - and then you tell us?

Reply ↓  Report •

Ask Question