Default tab - Search Results, LLC

  I've recently been noticing odd, tacky looking ads on sites I go to regularly that were never their before. I looked under My Control panel > Programs to see if any new unwanted programs had surfaced. Sure enough their is a new one that refuses to be uninstalled.

It's under the name: Default tab

By publisher: Search Results, LLC

 

  When I try uninstalling it, this message pops up: "Please close Chrome before uninstalling Default Tab"

 

 Also, when I open up a new tab off of Google now, a fake imitation Google page opens up in its place. All of my bookmarks are still their though.

 

The day I think this got onto my computer, I got a notification from my McAfee antivirus saying a Trojan Horse had been detected and blocked.

 

  Any assistance in removing it would be much appreciated.

• Please download TDSSKiller from here and save it to your Desktop
• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
  
  
  
  
  
• Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)
• If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
  
  
  
  
  
• Click Start Scan and allow the scan process to run
  
  
• If threats are detected select Skip for all of them unless I instruct you otherwise
• Click Continue
  
  
  
  
  
• Click Reboot computer
• Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply

===================================================


aswMBR

--------------------

• Download aswMBR and save it to your desktop.
  
• Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
• If you need help to disable your protection programs see here and here.
• Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
• Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.
  
  
  
  
• When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
  
  
  
  
• Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
• Click the   button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  
  

  

• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under scan settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  
  
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
• Click the Back button.
• Click the Finish button.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment.

• TDSSKiller log
• aswMBR log
• ESET results

 

 Thank you BC, trying it now-

  The scan with the TDDSkiller found nothing at all. Moving onto the aswMBR now

 

 

 

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

• Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  For instructions with screenshots, please refer to this Guide.
• When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
• Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
• If an update is found, the program will automatically update itself. Press the OK button and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
• Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
• Click on the Scan button.
• When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked and then click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
• Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

• Please download MiniToolBox, save it to your desktop
• Please close any Firefox browsers you may have open
  
• Double click the icon to launch the program
  
• Make sure the following options are checked:
  
  
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
• Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
• Please copy and paste the contents in your reply

===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

• Make sure the following options are checked:
  
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

• Please download AdwCleaner by Xplode onto your desktop.
• Double click on AdwCleaner.exe, select OK, then Run
• Click on DELETE
• A logfile will automatically open after the scan has finished
• Copy and paste the contents in your reply
• You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================


Junkware Removal Tooll by thisisu

-------------------

• Please download Junkware Removal Tool and save it to your desktop.
• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
• Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
• Please allow the program time to run
• Once completed a Notepad document will open on your desktop
• Copy and paste the contents in your reply

===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

• Link 1
• Link 2
• Link 3
• Link 4

• In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.

• Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  
  • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
• An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
• Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
• If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================


Autoruns

--------------------

• Please download AutoRuns and save it to your desktop
• Double click the AutoRuns.zip folder
• Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
• Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
• Double click on the text file,copy and paste the contents in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment.

• Malwarebytes log
• MiniToolBox log
• Farbar's Service Scanner log
• AdwCleaner log
• Junkware Removal Tool log
• Rkill log
• Autoruns log

 

 

 

 

Disable your antivirus and download junkware tool.

 

Please run malwarebytes again and post the clean log.

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing

  Thank you very, very much BC.  I really appreciate it!  

I tried most of the items here and no luck. TDSS, malwarebytes etc. I finally just opened the registry editor and did a search for Search Results, LLC and found the uninstall path, see below. I ran it and the program appears to be gone and I have not had any further issues with it. If it returns I will update my post.

 

Here is the string: "C:\Users\{user}\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe"

I proceeded the instructions above till the Farbar's Service Cleaner and AdwCleaner AND the problem disappeared only at this point, so perhaps one of these two programs are the best solution to this annoying guy ;)