Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware.Softmate


  • Please log in to reply
32 replies to this topic

#1 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:32 AM

Posted 02 August 2011 - 11:58 AM

Here is the mbam log, it stopped half way through, I will do a full scan and post it later.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7357

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

8/2/2011 9:56:31 AM
mbam-log-2011-08-02 (09-56-31).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 55307
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I hardly ever use ie, nor do I install random programs that have adware. I really don't know where this came from.

Okay, here is the newly completed log of mbam.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7357

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

8/2/2011 10:53:16 AM
mbam-log-2011-08-02 (10-53-16).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 388051
Time elapsed: 54 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Zestypanda, 02 August 2011 - 01:10 PM.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:32 AM

Posted 02 August 2011 - 01:52 PM

Look in the Remove programs for a "Zuvio Toolbar" if there remove it.

Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:32 AM

Posted 02 August 2011 - 04:03 PM

Okay, I don't see the toolbar in program list, I will install sas and then run it.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:32 AM

Posted 02 August 2011 - 06:41 PM

Good, ley us know,
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:32 AM

Posted 02 August 2011 - 09:49 PM

Okay, um somethings came up so it might be some time before I have free time to run the scan, nothing computer related came up just social stuff.
Edit: I will probably be able to get around to it in either a few days or tomorrow, I will see. Just wanted to tell you so you know I'm not flaking out on you guys.

Edited by Zestypanda, 02 August 2011 - 09:50 PM.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:32 AM

Posted 02 August 2011 - 10:09 PM

Hey ,we are all volunteers here,, So we know Real life comes first. Thos topic will stay open.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:32 AM

Posted 03 August 2011 - 01:16 AM

Thanks guys. :thumbsup:

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#8 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:32 AM

Posted 03 August 2011 - 07:38 PM

Okay, here is a log, I accidently clicked quick scan, it found some tracking cookies, I will do a full scan next.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/03/2011 at 04:58 PM

Application Version : 5.0.1108

Core Rules Database Version : 7502
Trace Rules Database Version: 5314

Scan type : Quick Scan
Total Scan Time : 00:04:07

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 521
Memory threats detected : 0
Registry items scanned : 60090
Registry threats detected : 0
File items scanned : 11541
File threats detected : 4

Adware.Tracking Cookie
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\ryan@atdmt[2].txt
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\ryan@cts.metricsdirect[2].txt
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\ryan@cts.zroitracker[2].txt
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Cookies\ryan@doubleclick[2].txt

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:32 AM

Posted 03 August 2011 - 08:25 PM

It appears to be gone??
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:32 AM

Posted 03 August 2011 - 08:35 PM

Full scan, man something deep is going on, what do you suggest next?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/03/2011 at 06:30 PM

Application Version : 5.0.1108

Core Rules Database Version : 7502
Trace Rules Database Version: 5314

Scan type : Complete Scan
Total Scan Time : 00:49:58

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 539
Memory threats detected : 0
Registry items scanned : 71371
Registry threats detected : 0
File items scanned : 65311
File threats detected : 3

Adware.Tracking Cookie
media.heavy.com [ C:\USERS\RYAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V2YF7C74 ]
media1.break.com [ C:\USERS\RYAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V2YF7C74 ]
secure-us.imrworldwide.com [ C:\USERS\RYAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\V2YF7C74 ]

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#11 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:32 AM

Posted 03 August 2011 - 08:44 PM

Okay, this is strange, I scanned on the second with mbam, now today I go to update mbam and I find that it has been un installed, what's up? I am downloading mbam right now.

Edited by Zestypanda, 03 August 2011 - 08:46 PM.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:32 AM

Posted 03 August 2011 - 08:48 PM

Uggh I am suspecting this newest beauty
http://www.bleepingcomputer.com/forums/topic412702.html/page__pid__2358113#entry2358113

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:32 AM

Posted 03 August 2011 - 08:56 PM

Okay, before I run tdss I did get some flash error thing, not exactly as the one mentioned in the post, it was related to a youtube video downloader in Firefox, I'm running Firefox 6.0 beta and when ever I would go to youtube about half way through a video a windows would pop up with some weird flash run time error bs, I removed the plugin, and that seemed to make the error go away the plugin was clean last time I used it (in Firefox 4 and 5) and my flash and adobe is all up to date. Also, should I install mbam then run tdss or should I wait until tdss is done scanning and then commence the installation of mbam?

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#14 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:32 AM

Posted 03 August 2011 - 09:06 PM

Okay, the reason I did not edit my other post is because I don't want this to get mixed in, I looked in my add and remove programs list and it shows mbam as being installed but when I search in the start menu I don't see it there and the right click context menu link has been removed, you know "scan with malwarebytes" link when you right click on something.
Edit: okay, the right click context option had been turned off by something and it no longer shows up in the start menu, should I just install a fresh copy?

Edited by Zestypanda, 03 August 2011 - 09:10 PM.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#15 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:06:32 AM

Posted 03 August 2011 - 09:21 PM

Okay, I ran tdss it found nothing, now on to gmer?

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users