VIRUS REMOVAL

Question

Okay so i installed something called hampster zip archiver a while back. recently i notice tons of thinsg wrong with my pc, ie cannot download anything always corrupted. among plenty of other things. i have norton 360 and it never detected a thing! but when i got malwarebytes it found tons of malware and trojans.
i got messages like
-Log Details-
Protection Event Date: 6/12/21
Protection Event Time: 8:20 PM
Log File: 9beb0160-cbe5-11eb-8c27-309c23a095d2.json

-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1318
Update Package Version: 1.0.41655
License: Trial

-System Information-
OS: Windows 10 (Build 19042.1052)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Hamster Soft\Hamster ZIP Archiver\hamsterziparchiver.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain: ziparchiver.hamstersoft.com
IP Address: 144.76.52.30
Port: 80
Type: Outbound
File: C:\Program Files (x86)\Hamster Soft\Hamster ZIP Archiver\hamsterziparchiver.exe

i tried to uninstall and it "worked" but the folder is still there and its listed as containing 2 items but it only shows 1 and its a DLL.

when trying to delete it goes red and states "unable to install program is in use"
this tells me theres a hidden program still running thats infecting my pc. any ideas on how to remove? also googling hampstersoft and its programs you'll find it as "safe" from almost every website techradar, ect.. when checking with good ol' reddit ive found numerous users have had the exact same issues as me. how can i save my computer?

Answer 1

Hi M7f. I'm Greg, an Independent Advisor.

You've made some of the right moves to get rid of it, but let's do them in sequence which is important with a serious infection. But first let's get rid of Norton which is one of the worst things you can install and will complicate cleanup, may even be causing the problems itself. I'll give you all steps to get past this completely:

No expert in Forums - where we see the most cases, by the thousands - recommends Avast, AVG. Norton or McAfee, but we have solved many problems over the years by having them uninstalled.

I would uninstall any 3rd party antivirus in Settings > Apps > Apps & Features and try running only built-in Defender which gives adequate protection, best Windows performance, least issues, and is from Microsoft who knows how to protect their OS best.

After uninstalling run the cleanup tool for the AV here:

https://www.bitdefender.com/consumer/support/an...

Restart the PC, then type Security in Start Search, open Windows Defender and Firewall Settings, there and in Windows Defender Security Center fix anything that's flagged.

Next download, install and run a full scan with the best on-demand scanner Malwarebytes from https://www.malwarebytes.com/mwb-download/

In it's Settings > Protection > Scan Options enable Scan for Rootkits.

Then on Scan tab choose Threat Scan and Run Scan.

Clean up anything found, restart PC and then run again until it comes up clean.

Download, install and run a full scan with the AdwCleaner from http://www.bleepingcomputer.com/download/adwcle.... Clean up anything it finds and restart PC.

Next check for damaged System Files by running System File Checker from Step 10 in this checklist:

http://answers.microsoft.com/en-US/windows/wiki...

If this is not enough then move to Step 11 to do a Repair Install which saves your files, apps and settings while reinstalling Windows, solves most problems.

If you want to keep Malwarebytes as an on-demand scanner then you can disable its Real Time trial version in it's Settings > Accounts tab.

I hope this helps. Feel free to ask back any questions and keep me posted. If you will wait to choose if I resolved your problem, I will keep working with you until it's resolved.

________________________________________________________

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.

Answer 2

All that remains of that PUA is the context menu dll. It can't be removed because it is still in use in Windows Explorer memory.

To remove it, right click the Taskbar and open Task Manager

Scroll down to Windows Explorer and right click on Explorer and select Restart

Now you will be able to delete the Hamster Soft folder and files

Answer 3

I have given those steps tens of thousands of times in forums and not once have they caused further problems or failed to remove and repair the virus. If the virus was too serious to repair and requires wiping the drive to reinstall, it would not let you perform the steps I gave. But that almost never is the case.

It's important to follow the steps I gave exactly and in order. I would do them over now to be sure you're uninfected.

IF the infection is the rare one that can't be cleaned up using the method I gave above, then move your files to a USB drive for quarantine and don't reimport them later until they scan clean with Malwarebytes and AdwCleaner.

Then wipe the drive using Diskpart Clean Command while doing the gold standard Clean Install in this link which compiles the best possible Install of Windows which will stay that way as long as you stick with the tools and methods given, has zero reported problems, and is better than any amount of money could buy: http://answers.microsoft.com/en-us/windows/wiki...

To access the Command Prompt during Windows install, press Shift + F10 at the first screen, then follow these steps to Clean the disk:

https://www.tenforums.com/tutorials/85819-erase...

You will get and keep the best possible install to the exact extent you stick with the steps, tools and methods in the linked tutorial. It's a great learning experience that will make you the master of your PC because you will learn everything that works best and how to apply it with your own hands.

Keep me posted on your progress as I will be here to help until the case is resolved.

Answer 4

i have completed these steps and its not finding anything at the moment, but i did basically do those exact steps lastnight after i found someone on here with almost identical question/issues. and when i woke up this morning (with my pc disconnected from internet all night) there were more trojans and malware created by something that is remaining undetected, also at one point yesterday someone took control of my computer mouse and all and started doing stuff so i just shut down and removed the LAN card. im thinking this is a top tier RAT of sorts and it may be impossible to remove. BUT i hadn't done the recovery steps till today so i will wait to see if any more files are created. so for the next few hours ill have pc ON and disconnected from internet. thank you for your assistance

Answer 5

Yes i was able to find the process it was linked too and i killed it still didn't work as it moved to another process. i wound up starting in safeboot with cmd and manually finding and removing the files just fine. :)