C
ChintanKapasi
Split from this thread.
Hi Kosh,
I am facing the exact same issue what Shubham has faced, probably the same malware. I do not know what is the malware called, but it changed my homepage to "Trotux". I followed all the procedure mentioned in your post, still I am not able to delete those leftover exclusions from windows defender.
I ran a scan through AdwCleaner, below is the log:
# AdwCleaner v6.020 - Logfile created 24/09/2016 at 18:56:40
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-23.1 [Server]
# Operating System : Windows 10 Home Single Language (X64)
# Username : Chintan Kapasi - CHINTAN
# Running from : C:\Users\Chintan Kapasi\Desktop\adwcleaner_6.020.exe
# Mode: Clean
# Support : https://toolslib.net/forum
***** [ Services ] *****
[-] Service deleted: WindowsSecurity
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Chintan Kapasi\AppData\Local\DriverToolkit
[-] Folder deleted: C:\ProgramData\Windows Security
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Windows Security
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: DRIVERTOOLKIT AUTORUN
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Key deleted: HKU\S-1-5-21-2231193980-1093313517-1164154735-1001\Software\DriverToolkit
[-] Key deleted: HKU\S-1-5-21-2231193980-1093313517-1164154735-1001\Software\Softonic
[#] Key deleted on reboot: HKCU\Software\DriverToolkit
[#] Key deleted on reboot: HKCU\Software\Softonic
[-] Key deleted: HKLM\SOFTWARE\SkypeUpdateEx
[#] Key deleted on reboot: [x64] HKCU\Software\DriverToolkit
[#] Key deleted on reboot: [x64] HKCU\Software\Softonic
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [2927 Bytes] - [24/09/2016 18:56:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [4332 Bytes] - [24/09/2016 18:28:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [3110 Bytes] - [24/09/2016 18:50:55]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3146 Bytes] ##########
Continue reading...