Jump to content
Kaspersky Support Forum

Trojan Multi DNS Changer in System memory, advanced disinfection stuck at 1% problem

naba23

By naba23
in Kaspersky Total Security

 Share

Recommended Posts

naba23

naba23

Posted
  • Author
Posted

Advanced disinfection stuck at 1% and 0 files scanned. Other scan like quick scan just keeps loading.

naba23

naba23

Posted
  • Author
Posted

I restarted my laptop and it eventually disappeared. But this is the file that is being detected and every time I click disinfect and restart the computer, the “advanced disinfection stuck at 1% and 0 files scanned” appears and it is just stuck there.

Berny

Berny

Posted
Posted

@naba23

Please download and run AdwCleaner as ADMIN.
1)  ⚠ Don’t fix eventual detections ⚠
2)  Please attach the TXT Log in your next post

Berny

Berny

Posted
Posted

@naba23 Here are some suspicious PUP entries

***** [ Registry ] *****PUP.Optional.DNSUnlocker        HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220EPUP.Optional.DNSUnlocker        HKLM\Software\Wow6432Node\\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220EPUP.Optional.DNSUnlocker.ACMB2  HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.comPUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.comPUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.comPUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.comPUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.comPUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.comPUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.comPUP.Optional.TheBrightTag       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.comPUP.Optional.Wajam              HKCU\Software\WajIEnhancePUP.Optional.Wajam              HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9PUP.Optional.Wajam              HKLM\Software\SrcAAAesom Browser EnhancerPUP.Optional.Wajam              HKLM\Software\Wow6432Node\SrcAAAesom Browser EnhancerPUP.Optional.Wajam              HKLM\Software\Wow6432Node\\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
  • Please take care to backup your registry ⚠
  • Run AdwCleaner as ADMIN
  • Clear only above entries ⚠
  • Don’t clear the preinstalled entries ⚠
  • Reboot
 
naba23

naba23

Posted
  • Author
Posted

Hi, do I have to backup my registry first before deleting those? I don’t know how to backup registry. Thanks.

Berny

Berny

Posted
Posted

@naba23 Please follow these steps :

  • Run “REGEDIT”
  • Select “File”
  • Select “Export”
naba23

naba23

Posted
  • Author
Posted

Hi, i followed the instructions on deleting the PUP entries. There is one left. Here is my updated TXT log.

naba23

naba23

Posted
  • Author
Posted

It is all cleaned thank you. What do I do next?

naba23

naba23

Posted
  • Author
Posted

thank you so much! lastly, what do I do with the quarantined files on the adwcleaner do i delete them?

Berny

Berny

Posted
Posted

@naba23 The quarantined malicious files will not harm your system , please keep them temporary before trashing.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...