Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't use Sync nor Xmarks Firefox 22.0 after malware removal


  • Please log in to reply
10 replies to this topic

#1 j54ams

j54ams

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 04 August 2013 - 09:09 AM

I helped someone remove the snap do browser hijacker using these two programs I found when researching the problem. Snap do had repeatedly returned for her. Programs were,
Junkware Removal Too

AdwCleaner

Ran them in safe mode as instructed and when going back to normal mode, the Xmarks gives error message that it cannot connect to server. So, tried the Firefox Sync Now and got same message. Also tried to import bookmarks and password from Firefox to Chrome and would say successful but none where transferred. Can anyone help me out to get this fixed for them? Would be much appreciated.


Edited by hamluis, 04 August 2013 - 12:40 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:04 AM

Posted 04 August 2013 - 09:45 AM

To be sure that the Snap.do redirect is gone please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
  • Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

     

     
    Have you tried uninstalling Xmarks and then reinstalling it?

    Edited by dc3, 04 August 2013 - 09:46 AM.

    Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #3 j54ams

    j54ams
    • Topic Starter

    • Members
    • 137 posts
    • OFFLINE
    •  
    • Local time:02:04 PM

    Posted 04 August 2013 - 12:18 PM

    Yes, I reinstalled over top of xmarks. Didn't uninstall first though. Should I do that?

    Here is MBAM log:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.07.29.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16614
    Becky :: BECKY-HP [administrator]

    8/4/2013 12:50:52 PM
    mbam-log-2013-08-04 (12-50-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 223208
    Time elapsed: 5 minute(s), 26 second(s)

    Memory Processes Detected: 2
    C:\Users\Becky\AppData\Roaming\Web Cake\WEBCAKEDESKTOP.EXE (PUP.WebCake.A) -> 2352 -> Delete on reboot.
    C:\Program Files (x86)\Web Cake\WEBCAKEDESKTOP.UPDATER.EXE (PUP.Optional.WebCake.A) -> 2540 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 12
    HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (PUP.WebCake) -> Quarantined and deleted successfully.
    HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (PUP.WebCake) -> Quarantined and deleted successfully.
    HKCR\WebCakeIEClient.Layers.1 (PUP.WebCake) -> Quarantined and deleted successfully.
    HKCR\WebCakeIEClient.Layers (PUP.WebCake) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\WebCakeUpdater (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
    HKCR\WebCakeIEClient.Api (PUP.WebCake) -> Quarantined and deleted successfully.
    HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> Quarantined and deleted successfully.
    HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake.A) -> Data: "C:\Users\Becky\AppData\Roaming\Web Cake\WebCakeDesktop.exe" -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 6
    C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Web Cake (PUP.Optional.WebCake.A) -> Delete on reboot.
    C:\ProgramData\TARMA INSTALLER (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

    Files Detected: 22
    C:\Users\Becky\AppData\Roaming\Web Cake\WEBCAKEDESKTOP.EXE (PUP.WebCake.A) -> Delete on reboot.
    C:\Program Files (x86)\Web Cake\WEBCAKEIECLIENT.DLL (PUP.WebCake) -> Quarantined and deleted successfully.
    C:\$RECYCLE.BIN\S-1-5-21-4116492764-2712210220-710440253-1001\$RRK4Z09.exe (PUP.Adware.DomaIQ) -> Quarantined and deleted successfully.
    C:\Users\Becky\AppData\Local\Temp\DM\google-chrome.exe\3JMc0fA0UCRk5bp\google-chrome.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
    C:\Users\Becky\AppData\Local\Temp\DM\google-chrome.exe\3JMc0fA0UCRk5bp\installer.exe (PUP.Adware.DomaIQ) -> Quarantined and deleted successfully.
    C:\Users\Becky\Local Settings\Temporary Internet Files\Content.IE5\FZG5H7FR\WebCakesetup[1].exe (PUP.Optional.Yontoo) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.WebCake) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Web Cake\WEBCAKEDESKTOP.UPDATER.INSTALLSTATE (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Web Cake\OptChrome.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Web Cake\optimizer.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Web Cake\sqlite3.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe (PUP.Optional.WebCake.A) -> Delete on reboot.
    C:\Program Files (x86)\Web Cake\WebCakeLayers.crx (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

    (end)
     



    #4 dc3

    dc3

      Bleeping Treehugger


    • Members
    • 30,464 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Sierra Foothills of Northern Ca.
    • Local time:11:04 AM

    Posted 04 August 2013 - 12:38 PM

    I'm going to see if I can get this topic moved to the Am I Infected? forum where there are other members who are more knowledgeable about helping with this type of problem.

     

    Just out of curiosity, did removing these items with Malwarybytes resolve any of your problems?


    Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #5 j54ams

    j54ams
    • Topic Starter

    • Members
    • 137 posts
    • OFFLINE
    •  
    • Local time:02:04 PM

    Posted 04 August 2013 - 12:46 PM

    No, it did not.



    #6 dc3

    dc3

      Bleeping Treehugger


    • Members
    • 30,464 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Sierra Foothills of Northern Ca.
    • Local time:11:04 AM

    Posted 04 August 2013 - 12:57 PM

    Yes, I reinstalled over top of xmarks. Didn't uninstall first though. Should I do that?

     


     

     

    Yes.


    Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #7 j54ams

    j54ams
    • Topic Starter

    • Members
    • 137 posts
    • OFFLINE
    •  
    • Local time:02:04 PM

    Posted 04 August 2013 - 04:00 PM

    Will do that whaen I can. They had to go somewhere so, can't do it now. Thanks!!!!!!!!



    #8 dc3

    dc3

      Bleeping Treehugger


    • Members
    • 30,464 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Sierra Foothills of Northern Ca.
    • Local time:11:04 AM

    Posted 04 August 2013 - 04:17 PM

    :thumbup2:


    Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #9 j54ams

    j54ams
    • Topic Starter

    • Members
    • 137 posts
    • OFFLINE
    •  
    • Local time:02:04 PM

    Posted 05 August 2013 - 10:01 AM

    Tried uninstall and reinstall xmarks and still doesn't work but got Firfox Sync to work so just deleted xmarks. Still can't get Chrome to import bookmarks from Firefox.



    #10 dc3

    dc3

      Bleeping Treehugger


    • Members
    • 30,464 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Sierra Foothills of Northern Ca.
    • Local time:11:04 AM

    Posted 05 August 2013 - 10:22 AM

    I don't know how you are going about importing the bookmarks, but Google's support website suggests the following.

     

    1. Click the Chrome menu.
    2. Select Bookmarks.
    3. Select Import bookmarks and settings.
    4. Select the program that contains the bookmarks you'd like to import.
    5. Click Import.

    Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #11 j54ams

    j54ams
    • Topic Starter

    • Members
    • 137 posts
    • OFFLINE
    •  
    • Local time:02:04 PM

    Posted 05 August 2013 - 01:55 PM

    Yes, that's what I was doing but they would not go. So, I got them imported into Internet Explorer 10 and tried to import them from there and that worked. There is obviously a problem in Firefox. I may try uninstalling that and reinstalling. I tried setting up new profile in Firefox and that didn't work. May just leave it alone since I got it to Sync for her and got bookmarks in Chrome! Thanks for your help!






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users