Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DictionaryBoss advert link my new Gmail account homepage


  • This topic is locked This topic is locked
16 replies to this topic

#1 Frankiejob

Frankiejob

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 26 February 2013 - 12:34 AM

Yesterday, I thought we had my malware problem solved. I don't know if this related.
Today I opened a new Gmail account to assist in my job search. I noticed a very prominent link just above my inbox advertising a free spellcheck: DictionaryBoss toolbar. I figure Google is getting paid for hosting this add. I click the link and it takes me to a page that gives one choice only, and that is to download the setup file from "Mindspark Intersctive Network" So I double click the exe on my desktop but I can't find the toolbar anywhere in IE9. A search reveals that this malware and difficult to remove. At any rate, where is the toolbar? I should note that Norton Safe Web checker finds no issues. Once again, I thank all the people here whom are so generous with their time for a crucial cause.

BC AdBot (Login to Remove)

 


#2 Frankiejob

Frankiejob
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 28 February 2013 - 02:56 PM

Previous topic:
http://www.bleepingcomputer.com/forums/t/485927/shortcut-of-recycle-bin-created-on-desktop-after-yellow-uac-alert/

#3 Frankiejob

Frankiejob
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 28 February 2013 - 02:58 PM

Similiar problem on another forum:

http://www.fixya.com/support/t14039895-39_t_get_didtionaryboss_as_toolbar

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 AM

Posted 28 February 2013 - 08:06 PM

Hello, perhaps there is no toolbar only malware..

Here's a free safe spell check. tinySpell

 

We should scan if you already ran these run a new copy.

 

Junkware Removal Tool
  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 


Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.

 


>>>>

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Frankiejob

Frankiejob
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 01 March 2013 - 01:11 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gary on Thu 02/28/2013 at 22:15:25.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/28/2013 at 22:21:45.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

# AdwCleaner v2.113 - Logfile created 02/28/2013 at 22:26:19
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Gary - GARY-PC
# Boot Mode : Normal
# Running from : C:\Users\Gary\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8884 octets] - [06/02/2013 19:09:26]
AdwCleaner[S2].txt - [927 octets] - [22/02/2013 16:12:57]
AdwCleaner[S3].txt - [1342 octets] - [28/02/2013 22:26:19]

########## EOF - C:\AdwCleaner[S3].txt - [1402 octets] ##########

 

 

 

C:\Users\Gary\Desktop\DictionaryBoss\DictionaryBoss.exe Win32/AdInstaller application cleaned by deleting - quarantined
C:\Users\Gary\Downloads\DictionaryBoss.exe Win32/AdInstaller application cleaned by deleting - quarantined
 



#6 Frankiejob

Frankiejob
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 01 March 2013 - 01:24 AM

Thanks for the help!
If it is helpful, here is a screenshot of the link that was above my Gmail inbox. BTW, I saved the exe, which I had tested online - I forgot the name of the site, it starts with a V. It found stuff. Darn, I should saved the info.

ZOOMED_zpsf0bb5090.png

#7 Frankiejob

Frankiejob
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 01 March 2013 - 04:34 PM

Link to suspicious exe still present above my Gmail inbox.
Below is link to CNET forums. Users claim that Mindspark is malware but Mindspark defends, they provide detailed instructions for uninstall.

http://forums.cnet.com/7723-6132_102-378445/my-web-search/?tag=rb_content;contentMain

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 AM

Posted 01 March 2013 - 05:00 PM

Did you look in Control Panel>>Uninstall to saee if is there to remove.

Also look in your browser's Manage Add ons...

 

Also Please download TFC[/b] (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link

  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • [b]Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Frankiejob

Frankiejob
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 01 March 2013 - 06:15 PM

I can't find anything related to DictionaryBoss in uninstall programs, and don't see anything related on manage addons. I ran TFC, it asked for restart, reports 33mb removed. I didn't notice any changes to my browser, but should I?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 AM

Posted 01 March 2013 - 08:30 PM

Reboot and is the link still there?

 I didn't notice any changes to my browser, but should I?   

       No

 

Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Frankiejob

Frankiejob
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 01 March 2013 - 09:30 PM

My computer won't let download Mini Toolbar. The suspect link is still showing on Gmail account.

MiniToolBox_Blocked_zpse3ad26ac.png

#12 Frankiejob

Frankiejob
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 01 March 2013 - 09:37 PM

hmmm, it downloaded to my desktop anyway no matter that it was supposedly deleted



but I'll wait for your instruction before I run anything



#13 Frankiejob

Frankiejob
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 01 March 2013 - 09:51 PM

Oh, I actually did choose it to download, when I chose "don't run the program". I wait for your response. Thanks.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 AM

Posted 01 March 2013 - 09:58 PM

Well no need for MINI as we will need a deeper look as it is still there. We need a  new topic and stronger tools to get this.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.


Include this link back to here...

http://www.bleepingcomputer.com/forums/t/486718/dictionaryboss-advert-link-my-new-gmail-account-homepage/#entry2991740


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Frankiejob

Frankiejob
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 AM

Posted 02 March 2013 - 12:04 AM

Okay, i will post a new topic and link back here. Thanks very much.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users