Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.Adware.MagniPic removed?


  • Please log in to reply
13 replies to this topic

#1 TheMagicGurney

TheMagicGurney

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 26 April 2013 - 07:14 PM

Hey so a little less then 3 days after this little o'l thing got on my PC I went to unnstall it not yet knowing it was malicious but just something that wwas random, problkaly bad and just sitting there. So I know my PC like the back of my hand I knew I hadn't personally installed it so before clicking uninstal I just right clicked and pressed "change" wich was gretted by a screen telling my that this program was not uninstaslled correxctly leading me to beleave that it either tryed installing but it did not complete/not get far or someone/something already tried to remove this baddie without my knowledge (problaly just other security software when on a sceduled scan) So then I do click uninstall and it completes with out hassle. Just before i do uninstall then I go online just to see what it's about and vwala it's a trogan!!! Yay! Now i'm scared.

I go to task manager and check for either of the 2 processes running that would indicate it and find niether "ppppppppeeeeeeewwwwhhhhh"  only slightly releaved I scan with M bam and Windows Defender and they both pick it up. So I go through the whoel removal process with both of those programs and restart the system "as needed" Get back on and still no symptons of damage or danger!!!!

Happy now I manually go and search the WHOLE system for any file or process that may remain or be left and find just temp internet files and other things, Delete all of those, empty recycle bin. Double check thats good but than still worryied I use a removal guide and go throught the regestry and go to the ones each tutorial said it would be under and I search and search, find NOTHING. GOOOOOOD FOR ME!!!!! Still worried though cause I know how bad infections can get and how well they can hide them selfs but im like 90% sure it's gone as even for the 3 days it was on the machine I saw no symptoms/signs of infection from this.........thing. XD

SOOOOO I just wanna hear from an experts advise and doings to make sure and know that it's 100% GONE and cured. Please reply ASAP just cause I kinda get really paranod and scared when I know that like my computer or any computer is in danger or potential danger and it just has me kinda worried that I might have not done a therough enough job. Thanks in advance for any help!!!!
:tophat:

Edit for reading ease~~boopme

Edited by boopme, 30 April 2013 - 07:33 PM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 TheMagicGurney

TheMagicGurney
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 26 April 2013 - 10:56 PM

Sorry about the bump i am just still nervous.. :\


Edited by TheMagicGurney, 27 April 2013 - 03:49 PM.


#3 TheMagicGurney

TheMagicGurney
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 27 April 2013 - 02:48 PM

ummm any reply or advice to see if it is gone or not? Been waiting here! Thanks in advance to anyone that helps!



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 30 April 2013 - 07:35 PM

Hello. Let's do these.

Magipic Unistall <<-click

Do you also see PrivitizeVPN on here?

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.


  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 TheMagicGurney

TheMagicGurney
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 30 April 2013 - 10:38 PM

Heres Adwcleaner's log:

# AdwCleaner v2.300 - Logfile created 04/30/2013 at 21:32:28
# Updated 28/04/2013 by Xplode
# Operating system : Windows 8 Pro  (64 bits)
# User : Chippy - PYTHAGORAS
# Boot Mode : Normal
# Running from : C:\Users\Chippy\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Chippy\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\ProgramData\clsoft ltd
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\Users\Chippy\AppData\Local\Conduit
Folder Deleted : C:\Users\Chippy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Chippy\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\dorma_000\AppData\Roaming\Mozilla\Firefox\Profiles\afr72dgo.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={9EEEBBA8-B27E-4B61-8E02-0101956793C2}&mid=a756a4f9413547d09dd6057438cc8edb-929ee3c124c8c6f3b470f258bb8d628854da6bad&lang=en&ds=AVG&pr=fr&d=2012-12-25 23:36:13&v=14.0.2.14&pid=avg&sg=&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Chippy\AppData\Roaming\Mozilla\Firefox\Profiles\izbqnbuq.default\prefs.js

[OK] File is clean.

File : C:\Users\dorma_000\AppData\Roaming\Mozilla\Firefox\Profiles\afr72dgo.default\prefs.js

C:\Users\dorma_000\AppData\Roaming\Mozilla\Firefox\Profiles\afr72dgo.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.privitize.hpOld0", "hxxp://isearch.avg.com/?cid={9EEEBBA8-B27E-4B61-8E02-01019[...]
Deleted : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
Deleted : user_pref("browser.search.selectedEngine", "Search The Web (privitize)");
Deleted : user_pref("browser.search.order.1", "Search The Web (privitize)");

File : C:\Users\Grandpa Renee\AppData\Roaming\Mozilla\Firefox\Profiles\svntntu4.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.0.2.14")[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Chippy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\dorma_000\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Grandpa Renee\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2239] : homepage = "hxxp://isearch.avg.com/?cid={9EEEBBA8-B27E-4B61-8E02-0101956793C2}&mid=a756a4f941354[...]

*************************

AdwCleaner[R1].txt - [4069 octets] - [30/04/2013 21:30:53]
AdwCleaner[S1].txt - [3922 octets] - [30/04/2013 21:32:28]

########## EOF - C:\AdwCleaner[S1].txt - [3982 octets] ##########
 



#6 TheMagicGurney

TheMagicGurney
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 30 April 2013 - 10:40 PM

And Security Check's log:

 Results of screen317's Security Check version 0.99.63  
   x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 17  
 Java version out of Date!
 Adobe Flash Player     11.7.700.169  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1)
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Windows Defender MsMpEng.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#7 TheMagicGurney

TheMagicGurney
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 30 April 2013 - 10:43 PM

And also no, I never saw MagniPic or PirvitizeVPN as ad-on's in my browser at any point in time.



#8 TheMagicGurney

TheMagicGurney
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 30 April 2013 - 10:49 PM

Also updated Java to Update 21 (64 bit) Since this computer is running 64 bit Windows OS


Edited by TheMagicGurney, 30 April 2013 - 10:50 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 01 May 2013 - 10:32 AM

Run TFC after reboot see how it is.

 

Please download [url="http://oldtimer.geekstogo.com/TFC.exe"]TFC[/url] (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link

  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 TheMagicGurney

TheMagicGurney
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 01 May 2013 - 07:36 PM

Done, what next?


Edited by TheMagicGurney, 01 May 2013 - 07:37 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 02 May 2013 - 10:06 AM

If it still persists we need a

a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 TheMagicGurney

TheMagicGurney
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 03 May 2013 - 06:09 PM

ok by this point nothing else is there I have seen absolutley no signs or symptoms of infection. I reall think I am cured! OK! yay thats good right? Ok well i think it might be time to close this because all I was asking was for someone to help me make sure that I, when I tried, had removed it proberly and your tests and everything seem to show that I had. Still even from day 1 after trying and making sure that I alone removed it saw no signs of infection or symptoms of it soooooo. Okay! Done i guess, unless the logs show something I don't know about!



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:46 PM

Posted 03 May 2013 - 07:27 PM

You look good and are good to go..

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

 

Just uninstall Java 7 Update 17  

Reboot .

Install the  Windows Offline (64-bit)

 

Version 7 Update 21
 

 

 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 TheMagicGurney

TheMagicGurney
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 03 May 2013 - 11:21 PM

Already got that covered! Haha ok thanks for the help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users