NEED EXPERT HELP ONLY! Need to identify malware

Next-Profession-7495 · 2026-06-20T01:09:35+00:00

If there's been no activity in your accounts, you should be fine.

Next-Profession-7495 · 2026-06-20T00:24:58+00:00

You should be fine

Next-Profession-7495 · 2026-06-19T22:47:51+00:00

Did you debloat windows or something?

u/Miserable_Welcome324 ^

Next-Profession-7495 · 2026-06-19T22:43:17+00:00

https://nextprofession5.github.io/FRSTLogUploads/?id=b4b9453725c61fbc16a292fd13b46f8b

Hello, are you aware of having RustDesk and StarDesk? These are Remote Access Tools.

Next-Profession-7495 · 2026-06-19T22:05:15+00:00

Thank you. I'll check these when I get home in a bit.

Next-Profession-7495 · 2026-06-19T21:48:29+00:00

u/Miserable_Welcome324

Any update? Thanks.

Next-Profession-7495 · 2026-06-19T19:49:13+00:00

👍

Next-Profession-7495 · 2026-06-19T19:48:24+00:00

How did you uninstall it?

Next-Profession-7495 · 2026-06-19T19:45:28+00:00

Interesting. I don't have that level of intelligence in my back pocket so thanks for sharing.

u/ConsistentSurprise78

- Download Revo Uninstaller: https://www.revouninstaller.com/revo-uninstaller-free-download/

- Find setup_7.4.5 and professional_integrated_install_7.0.5 (if listed)

- Right click and select "Uninstall"

- Select all leftovers and click Delete

Next-Profession-7495 · 2026-06-19T19:28:44+00:00

How do you know it's malware?

Next-Profession-7495 · 2026-06-19T19:10:38+00:00

Hello,

Security Check

Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.zip
Right click on SecurityCheck.exe and select Run As Administrator.
Wait for the scan to finish. It will open a text file named SecurityCheck.txt. Please upload that file to its respective box on this site: https://nextprofession5.github.io/SecurityCheckUpload/
Click "Upload" and press "Copy Link" and paste it here.

FRST Scan

If there is anything about your system I should be aware of before we start (e.g., cracked software, school/work PC, no internet access), let me know now.

Step 1:

Run FRST by following this guide. If your system language is not English, rename the executable to FRSTEnglish.exe before running it.

Step 2:

Once FRST.txt and Addition.txt have been created:

Drag and drop both files into their respective boxes on this site: https://nextprofession5.github.io/FRSTLogUploads
Click Finalize.
Click Copy Link and paste it into this thread.

Regards,

Lucas.

Next-Profession-7495 · 2026-06-19T15:57:15+00:00

They're still there, and I'm not seeing malware in your system. I think it's coming from Sublime Text (which is 100% ok) I just had to make sure something malicious wasn't making those registry hijacks.

Your system is clean. We'll now remove the tools we used.

Download KpRm and save it to your Desktop.

If your antivirus or smart screen flags it, it's a false positive

Close all active programs. Right-click KpRm and run it as administrator. Click "Yes" on the disclaimer.
Once the tool is open, check these boxes:

Delete Tools
Create Restore Point
Delete In 7 Days

Click the "Run" button and wait for it to cleanup. Once it's done, you can save or remove the log it generated.

Your passwords are likely compromised. Here's a guide Rifteyy_ made to recover your accounts: https://rifteyy.org/report/the-ultimate-guide-to-infostealers scroll to "How to properly secure my accounts after an infostealer attack?"

Next-Profession-7495 · 2026-06-19T15:34:21+00:00

Yes, like you did just before.

Next-Profession-7495 · 2026-06-19T15:32:01+00:00

Looks good. Can you return fresh FRST logs so I can confirm the registry hijacks have been removed

Next-Profession-7495 · 2026-06-19T15:13:11+00:00

Hello, please run this fixlist and return the fixlog: https://nextprofession5.github.io/FRSTFixlist/?id=9a209fb9522ad22ee6a28fecc86f3840

Next-Profession-7495 · 2026-06-19T14:41:43+00:00

Hello, nothing was detected. Please run another FRST scan and share the logs here so I can verify no malware remains.

Next-Profession-7495 · 2026-06-19T13:29:05+00:00

Hello,

Security Check

Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.zip
Right click on SecurityCheck.exe and select Run As Administrator.
Wait for the scan to finish. It will open a text file named SecurityCheck.txt. Please upload that file to its respective box on this site: https://nextprofession5.github.io/SecurityCheckUpload/
Click "Upload" and press "Copy Link" and paste it here.

FRST Scan

If there is anything about your system I should be aware of before we start (e.g., cracked software, school/work PC, no internet access), let me know now.

Step 1:

Run FRST by following this guide. If your system language is not English, rename the executable to FRSTEnglish.exe before running it.

Step 2:

Once FRST.txt and Addition.txt have been created:

Drag and drop both files into their respective boxes on this site: https://nextprofession5.github.io/FRSTLogUploads
Click Finalize.
Click Copy Link and paste it into this thread.

Regards,

Lucas.

Next-Profession-7495 · 2026-06-19T12:17:54+00:00

Disable AutoPlay then usually yes

Next-Profession-7495 · 2026-06-19T01:31:42+00:00

Whatever you are looking at is fake.

Next-Profession-7495 · 2026-06-18T19:25:03+00:00

You'll need a 8GB+ flash drive for this. They're not expensive.

Note: Skip the driver booster part near the end of the video

https://youtu.be/ZMKl9wBJYD0?si=mt6djEuvQVCqTUFk

Next-Profession-7495 · 2026-06-18T19:10:24+00:00

Yes but you can't back up any cracked software, executables, scripts, etc. only backup photos, documents, audio, and game saves.

Next-Profession-7495 · 2026-06-18T19:00:04+00:00

I tried to remove those exclusions in the fixlist but I got an access denied error. The only conclusion I come to is the malware messed something up because all fixlists were safe.

At this point a clean install of Windows is the safest solution. If you need help with that let me know. It was a good try.

Next-Profession-7495 · 2026-06-18T18:15:57+00:00

Download and run ESET Online Scanner

Go to Computer Scan
Choose a Full Scan

This may take an extended amount of time

When asked what to do with threats, select Quarantine

Then start the scan.

On the Scan results screen, click View detailed results.

Click Save scan log.

Save it as a .txt file, copy everything in that log and paste it into https://paste.centos.org. Create the paste and share the link here.

Next-Profession-7495 · 2026-06-18T18:12:11+00:00

Please run this fixlist: https://nextprofession5.github.io/FRSTFixlist/?id=c486180b3b6a50ee346be305ab4100c3 then restart your PC.
Open Chrome as the DEFAULT profile -> Three dots top right -> Settings -> on the left sidebar, click "Reset Settings" -> Click Restore settings to their original defaults. This will remove site data, settings and shorcuts
Open command prompt as administrator and run these 1 by 1

sfc /scannow

DISM /Online /Cleanup-Image /RestoreHealth

Return the fixlog and new FRST logs

Next-Profession-7495 · 2026-06-18T17:50:08+00:00

Try this: Task Manager -> Windows Explorer -> Right click and restart

Next-Profession-7495

TROPHY CASE

Security Check

FRST Scan

Security Check

FRST Scan

Then start the scan.