Problems with Sophos antivirus.

Started by Thyh0lm, January 09, 2021, 05:40:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Thyh0lm

Hi. Earlier i downloaded Sophos antivirus. Now i cant delete it. It tells me that the ''tamper protection'' is on even tho it is off inside the program. I have tried everything on their guide even their own tool to uninstalling but without luck. If i go in my directory or files and try to uninstall it it says i need permission or acces from moderators. I have tried several programs that helps me unlock or uninstall it but with absolutely 0 luck. I have now followed ''Computer Hope Virus and Spyware section Guidelines'' and here i am posting my logs:)

I talked to Quantos on Mibbit and he told me to go in here and make a post, so here i am. I really hope someone can help me :)

Side note: This also resulted in my battle net looping a scanning of my game files for warzone. Im 99% sure it has to do with it.


STEP 2

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2021-01-06.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-10-2021
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  20
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted       C:\Windows\restoro.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Local AppWizard-Generated Applications\Restoro
Deleted       HKCU\Software\PRODUCTSETUP
Deleted       HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G
Deleted       HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
Deleted       HKCU\Software\Restoro
Deleted       HKCU\Software\csastats
Deleted       HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
Deleted       HKLM\Software\Classes\CLSID\{AE198C69-7358-4856-9029-F4C0FAD524C1}
Deleted       HKLM\Software\Classes\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}
Deleted       HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Classes\Restoro.Engine
Deleted       HKLM\Software\Restoro
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Wow6432Node\\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E

***** [ Chromium (and derivatives) ] *****

Deleted       poohjpljfecljomfhhimjhddddlidhdd

***** [ Chromium URLs ] *****

Deleted       https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2CU3QAZGgEmeN1ZHOpLU3BXeJsEAsmE95MTIIIRNokoPDKK4H6MsbpcWTtqv1rtUh6UMvfNfLp6Wppg09tKqtbGpZsS7ZDzNwmHH3jc50vUoNnVUooDII2Z-9OQxC-MvB5xPrsrXNQavL0i-RwBw5abRFSec9uZaUuAiU1wyL-
Deleted       https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2CU3QAZGgEmeN1ZHOpLU3BXeJsEAsmE95MTIIIRNokoPDKK4H6MsbpcWTtqv1rtUh6UMvfNfLp6Wppg09tKqtbGpZsS7ZDzNwmHH3jc50vUoNnVUooDII2Z-9OQxC-MvB5xPrsrXNQavL0i-RwBw5abRFSec9uZaUuAiU1wyL-
Not Deleted   WebSearch

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

  • Delete Tracing Keys
  • Reset Winsock

    *************************

    AdwCleaner[S00].txt - [2158 octets] - [15/09/2018 17:12:55]
    AdwCleaner[S01].txt - [3630 octets] - [10/01/2021 01:04:34]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
















    STEP 3

    Malwarebytes
    www.malwarebytes.com

    -Logoplysninger-
    Scanningsdato: 10.01.2021
    Scanningstidspunkt: 01.09
    Logfil: 0bedd03c-52d8-11eb-a93d-5cf370907fc4.json

    -Softwareoplysninger-
    Version: 4.3.0.98
    Komponentversion: 1.0.1130
    Opdatér pakkeversion: 1.0.35483
    Licens: Prøveversion

    -Systemoplysninger-
    OS: Windows 10 (Build 18362.1198)
    CPU: x64
    Filsystem: NTFS
    Bruger: DESKTOP-4734QO1\Christian M\u00c3\u00b8ller

    -Scanningsoversigt-
    Scanningstype: Trusselsscanning
    Scanning started af: Manuel
    Resultat: Fuldført
    Scannede objekter: 335007
    Registrerede trusler: 4
    Trusler i karantæne: 0
    Forløbet tid: 1 min, 11 sek.

    -Scanningsindstillinger-
    Hukommelse: Aktiveret
    Start: Aktiveret
    Filsystem: Aktiveret
    Arkiver: Aktiveret
    Rootkits: Deaktiveret
    Heuristik: Aktiveret
    PUP: Registrér
    PUM: Registrér

    -Scanningsoplysninger-
    Proces: 0
    (Ingen skadelige elementer registreret)

    Modul: 0
    (Ingen skadelige elementer registreret)

    Registreringsnøgle: 1
    PUP.Optional.Restoro, HKLM\SOFTWARE\CLASSES\Restoro.Engine.1, Ingen handling for bruger, 11315, 551619, 1.0.35483, , ame, , ,

    Registreringsværdi: 1
    PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PATHS|C:\WINDOWS\SYSWOW64\DHUXUPXY, Ingen handling for bruger, 5467, 692398, 1.0.35483, , ame, , ,

    Registreringsdata: 0
    (Ingen skadelige elementer registreret)

    Datastrøm: 0
    (Ingen skadelige elementer registreret)

    Mappe: 0
    (Ingen skadelige elementer registreret)

    Fil: 2
    PUP.Optional.SonicSearch, C:\USERS\CHRISTIAN MøLLER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Web Data, Ingen handling for bruger, 6029, 519968, 1.0.35483, , ame, , E967B8716F0B8D4A3275D0283604C5AD, CEF46670F4B4756C6A67D17C3F3E4425DD2CB170D35C03038FF834DD3484CD4D
    PUP.Optional.Linkury.Generic, C:\USERS\CHRISTIAN MøLLER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 2\Web Data, Ingen handling for bruger, 8691, 454805, 1.0.35483, , ame, , E967B8716F0B8D4A3275D0283604C5AD, CEF46670F4B4756C6A67D17C3F3E4425DD2CB170D35C03038FF834DD3484CD4D

    Fysisk sektor: 0
    (Ingen skadelige elementer registreret)

    WMI: 0
    (Ingen skadelige elementer registreret)


    (end)















    STEP 4

    Results of screen317's Security Check version 1.014 --- 12/23/15 
       x64 (UAC is enabled) 
    Internet Explorer 11 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
    Windows Firewall Enabled! 
    Sophos Home       
    Windows Defender   
    Malwarebytes       
    Antivirus up to date! 
    `````````Anti-malware/Other Utilities Check:`````````[/u]
    Java 8 Update 271 
    Java version 32-bit out of Date!
    Google Chrome (87.0.4280.141)
    Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````[/u] 
    Malwarebytes Anti-Malware mbamservice.exe 
    Malwarebytes Anti-Malware mbamtray.exe 
    `````````````````System Health check`````````````````[/u]
    Total Fragmentation on Drive C:  %
    ````````````````````End of Log``````````````````````[/u]

SuperDave

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Have you tried uninstalling it from Control Panel, Programs and Features?
Windows 8 and Windows 10 dual boot with two SSD's