Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal of Websearch


  • Please log in to reply
14 replies to this topic

#1 MyPancreas

MyPancreas

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 04 August 2013 - 05:39 AM

I've had the problem of getting myself acquainted with Websearch and it's affiliate, sprotector.dll. Now I've downloaded UnHackMe and have run a few scans and reboots.

 

So far, I seemingly managed to remove the Web Search programe and whatnot, there are no more redirect adds in Mozilla and Chrome also doesn't mention any extension conflicts.

 

However I still am greeted with websearch.com or whatever if I open Chrome. I'd like to know if there's a way to get rid of this that someone as noobish as me could manage.

 

Thanks you for your time.

 

Regards, David


Edited by hamluis, 04 August 2013 - 09:15 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 04 August 2013 - 06:04 AM

Hi -

Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE :Your computer will be rebooted automatically, and a text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

Scan your machine with ESET OnlineScan
1.Hold down Control and click HERE to open ESET OnlineScan in a new window.
2.Click the ESET Online Scanner button.
3.NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • .Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.

  • .Double click on the ESET Online Scanner icon on your desktop.

 

 4.Check "YES, I accept the Terms of Use."
 5.Click the Start button.
 6.Accept any security warnings from your browser.
 7.Under scan settings, check "Scan Archives" and "Remove found threats"
8.Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual)
10.When the scan completes, click List Threats
11.Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12.Click the Back button.
13.Click the Finish button

 

 

Once completed - Please download TFC, or Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK to reboot your computer and finish the cleanup.

Note: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

 

Thank You -



#3 MyPancreas

MyPancreas
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 04 August 2013 - 06:59 AM

Thanks did the first thing so far. Attached copy I made of the log file.

Attached Files


Edited by MyPancreas, 04 August 2013 - 06:59 AM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 04 August 2013 - 07:43 AM

Well done so far -

Those AdwCleaner logs show quite a lot of minor infections removed -

 

Please now run the ESETscanner, but with this amount of infections, it will take quite a while to run.

If this is a Laptop, please be sure it is plugged into a power source, and not running off battery, and do not be surprised if the scan takes over 2 or 3 hours -

 

Thanks -



#5 MyPancreas

MyPancreas
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 04 August 2013 - 07:54 AM

The scan's at 26 % after 50 minutes.

 

So far 16 threats found. Am I to understand that I can remove these using the abovementioned TFC ?



#6 MyPancreas

MyPancreas
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 04 August 2013 - 09:06 AM

Finished, with the scan, will attach the report soon.

 

Wondering, should I click "delete quarantined files" ?

 

Edit: I also downloaded and ran TFC and then rebooted, however websearch still shows up as the default page when I open up Chrome.

Attached Files


Edited by MyPancreas, 04 August 2013 - 09:24 AM.


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 04 August 2013 - 04:52 PM

Wondering, should I click "delete quarantined files" ? < < They have been ........ cleaned by deleting - quarantined -

 

You have one bad infection called Win32/WhiteSmoke application.

I will see if I can remove this or if you need extra help ........

 

Back very soon -



#8 MyPancreas

MyPancreas
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 05 August 2013 - 01:43 AM

I didn't delete the quarantined files. So I guess that means those are backups in case there's something there that's not supposed to be deleted ?

 

Also thanks.

 

Edit: do you think the stuff mentioned here about uninstalling it is legit ?

 

http://howto-uninstall.windowsuninstaller.org/cant-remove-whitesmoke-uninstall-toolbartranslator/


Edited by MyPancreas, 05 August 2013 - 01:46 AM.


#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 05 August 2013 - 06:02 AM

Hi -
I know these advertised online fixes do look simple, but often they leave unwanted "bits" behind when you finish.

 

 

If you're running Firefox, this is a fix:
1.        At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
2.        In the Add-ons Manager tab, select the Extensions or Appearance or Plugins panel.
3.        Select the add-on you wish to disable.
4.        Click the Disable button.
5.        Click Restart now if it pops up. Your tabs will be saved and restored after the restart.

 

 

Chrome Version...
TO REMOVE WHITESMOKE FROM CHROME/WINDOW 7/XP....simple just go to SETTINGS (3stripe bars top-right corner), Hover mouse on TOOLS and slide left on EXTENSIONS, then UNCHECK & GARBAGE BIN any unwanted EXTENSIONS including whitesmoke tool bar....

 

Thanks -



#10 MyPancreas

MyPancreas
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 05 August 2013 - 08:12 AM

Thanks though I don't have a whitesmoke toolbar/toolbar extension and never remember having it.

 

Only extensions I have (in Chrome, I realise TMT down there probably gives it away but I just want to be sure)

 

AdBlock 2.6.4

DivX Plus Web Player HTML5

Quickrr TV & Video

Skype Extension

TooManyTabs for Chrome


Edited by MyPancreas, 05 August 2013 - 08:40 AM.


#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 05 August 2013 - 05:12 PM

Hi -

This is where I said that I was not sure about me removing White Smoke, and I also said Not to believe all those small Add-on Programs that may charge you or leave you with other infections - Some "work" and some do not.

 

Although it seems that we removed a lot of these similar infections, this one will not go.

 

Please read Preparation Guide and post a new topic in Virus, Trojan, Spyware, and Malware Removal Logs
 

Please post to the Malware Removal Logs area even if you are unable to produce the requested logs, and an Expert will assist you with removal of the problem -

 

 If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

 

NOTE : Please Copy / Paste all logs requested, and do not use Attach unless specifically asked -

 

Good luck and be very patient, as the area can get very busy.

 

 

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

 

Leave a link to this topic so the helper can read your original problem -

 

 

Thank You -



#12 MyPancreas

MyPancreas
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 08 August 2013 - 01:02 AM

A bit or a related question, the first time I downloaded UnHack me the Regis Reanimator thing didn't recquire a seperate install. But not it asks me to install it when I turn the machine on.

 

Should I seperately install it like this ?



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 08 August 2013 - 01:48 AM

Please do not install any more tools, as what you hit with ESET and AdwCleaner has now been fully removed

 

Please follow post #11 and an Expert will help remove the WhiteSmoke part of the infection.

 

Thank You -



#14 MyPancreas

MyPancreas
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 09 August 2013 - 08:07 AM

Another related question: UnHack Me told me that PCPitstop Scheduling might be suspicious, but I'm incapable of finding out a definite answer if it's harfmul or not.

 

I'm sorry for posting this here but it's (I hope) only a minor question, so I don't want to clutter up the section with too many threads.



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:40 AM

Posted 09 August 2013 - 05:03 PM

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size. 
Click Go and copy / paste the result (Result.txt).

 

Thanks -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users