Accidentally click on unknown exe

Started by hao, May 03, 2020, 07:19:10 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

hao

I accidentally click on an unknown exe file. Is it a virus/malware because after run it is delete and didnt do anything

hao


hao


SuperDave

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Please download AdwareCleaner onto your Desktop. AdwCleaner

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.

If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.

AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.

AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Please run MBAM again and, this time, remove the infections.
Windows 8 and Windows 10 dual boot with two SSD's

hao

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    05-04-2020
# Duration: 00:00:06
# OS:       Windows 10 Home Single Language
# Cleaned:  20
# Failed:   0


***** [ Services ] *****

Deleted       webshieldfilter

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\TotalAV
Deleted       C:\ProgramData\SecuritySuite
Deleted       C:\ProgramData\TotalAV
Deleted       C:\Users\Acer\Documents\TotalAV

***** [ Files ] *****

Deleted       C:\Windows\System32\drivers\webshieldfilter.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\SOFTWARE\73440db079f4429a4246be95efe17138
Deleted       HKCU\Software\SSProtect
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{02B3CD96-4770-4E37-89A1-05D758640838}C:\users\acer\appdata\roaming\baidu\baidunetdisk\baidunetdiskhost.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2C555542-5D4F-4AA0-A661-6C30568FD72E}C:\users\acer\appdata\roaming\baidu\baidunetdisk\baidunetdiskhost.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{30C596C7-73D9-4885-9B43-2EFF111EDB1F}C:\users\acer\appdata\roaming\baidu\baidunetdisk\baidunetdiskhost.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{90770926-64CB-46D0-B4EE-36FDA979153F}C:\users\acer\appdata\roaming\baidu\baidunetdisk\baidunetdiskhost.exe
Deleted       HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted       HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted       Amazon Assistant for Firefox - [email protected]

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

  • Delete Tracing Keys
  • Reset Winsock

    *************************

    AdwCleaner[S00].txt - [7809 octets] - [04/05/2020 03:44:05]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

SuperDave

I don't see all of the ADWcleaner log. Is your computer experiencing any strange symptoms?
Windows 8 and Windows 10 dual boot with two SSD's

hao

Should i clean it again or? Sometimes my laptop will suddenly very lag until mouse not able to move for few second. Some application will become very lag

hao

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-05-2020
# Duration: 00:00:13
# OS:       Windows 10 Home Single Language
# Scanned:  31802
# Detected: 33


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.AcerCareCenter   Folder   C:\Program Files (x86)\ACER\CARE CENTER
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52AE7942-5BAC-4140-A9E1-ABAC4FC5458A} 
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F6DB68E-834D-4A45-A38A-E2310CADCC66} 
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52AE7942-5BAC-4140-A9E1-ABAC4FC5458A} 
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Preinstalled.AcerCareCenter   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Preinstalled.AcerCareCenter   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AFB52E98-7597-4484-9202-58F0FD3512ED}
Preinstalled.AcerCareCenter   Task   C:\Windows\System32\Tasks\ACCAGENT
Preinstalled.AcerCareCenter   Task   C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Preinstalled.AcerConfigurationManager   Folder   C:\Program Files (x86)\ACER\AMUNDSEN\2.1.16258
Preinstalled.AcerConfigurationManager   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{548F9DA6-7601-4C29-989B-9ED714D6D5D7} 
Preinstalled.AcerConfigurationManager   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerCMUpdateTask2.1.16258
Preinstalled.AcerConfigurationManager   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{414D554E-4453-454E-0201-000000016258}
Preinstalled.AcerConfigurationManager   Task   C:\Windows\System32\Tasks\ACERCMUPDATETASK2.1.16258
Preinstalled.AcerJumpstart   Folder   C:\Program Files (x86)\ACER\ACER JUMPSTART
Preinstalled.AcerJumpstart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{353B4583-ED04-4DF2-A1D6-A5A3EF5C4EBF}
Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE253A4B-D9BE-4591-B2AD-D3C6E70C01F2} 
Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDDAFA3E-90C9-4E93-99CB-47C4718EF8BC} 
Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Power Button
Preinstalled.AcerQuickAccess   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access
Preinstalled.AcerQuickAccess   Task   C:\Windows\System32\Tasks\POWER BUTTON
Preinstalled.AcerQuickAccess   Task   C:\Windows\System32\Tasks\QUICK ACCESS
Preinstalled.AcerQuickAccessService   Folder   C:\Program Files\ACER\QUICK ACCESS SERVICE
Preinstalled.AcerQuickAccessService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB25551C-74EF-4BAB-9989-891517FCF9FF}
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77F93E4F-2392-4F71-8C62-98E852059183} 
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6EA9444-B5BC-470A-9A93-84F5F0E76482} 
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UEIPInvitation
Preinstalled.AcerUEIPFramework   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService
Preinstalled.AcerUEIPFramework   Task   C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE
Preinstalled.AcerUEIPFramework   Task   C:\Windows\System32\Tasks\UEIPINVITATION
Preinstalled.AcerUpdater   Folder   C:\ProgramData\ACER\ACER UPDATER
Preinstalled.UserExperienceImprovementProgramService   Folder   C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM SERVICE\FRAMEWORK
Preinstalled.UserExperienceImprovementProgramService   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9495FD3-F73D-4D33-A104-047F9E8BE6C7}


AdwCleaner[S00].txt - [7809 octets] - [04/05/2020 03:44:05]
AdwCleaner[C00].txt - [3498 octets] - [04/05/2020 03:44:56]
AdwCleaner[S01].txt - [5676 octets] - [05/05/2020 04:08:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

hao

WIndows always notify oawwrapper exe want to access my folder. Gaming Experience Notification by Windows always shown

SuperDave

Quote from: hao on May 04, 2020, 04:19:15 PM
WIndows always notify oawwrapper exe want to access my folder. Gaming Experience Notification by Windows always shown
Is this a problem for you? Do you have the Windows 10 disk(s)?
Windows 8 and Windows 10 dual boot with two SSD's


hao

Ignore previous comment.

So far yes, No

SuperDave

Just to get this correct: oawwrapper.exe is not a problem for you and you do have the OS disk(s).
Windows 8 and Windows 10 dual boot with two SSD's

hao

I thought you mean the real disk for windows 10......So any other things that i can do?

SuperDave

Quote from: hao on May 07, 2020, 10:41:20 AM
I thought you mean the real disk for windows 10......So any other things that i can do?
So you do have the Windows 10 disk?
Windows 8 and Windows 10 dual boot with two SSD's


SuperDave

Here is some information about that file. I would suggest using the SFC Scannow.
Windows 8 and Windows 10 dual boot with two SSD's

hao

after doing sfc scannow it gives me the following result

Windows Resource Protection found corrupt files but was unable to fix some of them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

SuperDave

Please try running SFC this way. It should ask for the Windows 10 disk or USB stick

To Run the SFC /SCANNOW Command in Windows 10
Click All Apps, select Windows Systems and select Command Prompt

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.

If it finds corrupted files it will ask for the Windows 10 Media. Insert your USB stick

B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.

5. When done, close the elevated command prompt.
Windows 8 and Windows 10 dual boot with two SSD's

hao

i cant see the screenshot... The result still the same after i put my windows drive

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection found corrupt files but was unable to fix some of them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.

SuperDave

At this point I would suggest that you try all the fixes that are suggested in the document I gave you in reply 13. It seems like oawwrapper is the one causing you all the problems. If it can't be resolved you may have to re-install Windows 10.
Windows 8 and Windows 10 dual boot with two SSD's

hao