Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

seem to be infected..again


  • Please log in to reply
13 replies to this topic

#1 monkeymom

monkeymom

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 07 August 2013 - 04:15 PM

I am not sure WHY ...but, i again have crazy search engines. and pop ups everywhere. I am guessing webroot is not doing the job? I performed a scan, and it fixed what it found..but search engines still there. help! :) 

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:12 AM

Posted 07 August 2013 - 04:44 PM


Please download and perform a scan with AdwCleaner by Xplode.
This is a utility which will identity and remove any unknown Toolbars, adware and potential unwanted programs (PUP).
You can refer to these instructions: How To Use AdwCleaner

- A logfile (AdwCleaner.txt) will automatically open in Notepad after the scan has finished.
- The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
- Copy and paste the contents of that logfile in your next reply.


Please download Junkware Removal Tool thisisujrt.gif and save it to your Desktop.
  • Close all open programs and shut down any protection/security software now to avoid potential conflicts.
  • Double-click on JRT.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:12 AM

Posted 07 August 2013 - 04:46 PM

If after doing the above did not detect/remove everything to restore the browser to normal you can try manually changing the settings. You didn't say what browser so I'm posting how to's for the most common.

Search bar - Easily choose your favorite search engine
How to change default search engine in Internet Explorer, Firefox and Google Chrome
How to Change Your Default Search Engine in FireFox, Google Chrome and Internet Explorer

You can also reset your browser in case settings other than search were altered.

To reset or restore all browser settings in Internet Explorer, please refer to How to reset Internet Explorer settings (all versions) using fixit_logo.png to automatically reset registry keys and the browser back to default.

Note 1: Delete personal settings will reset the home page(s), search providers and Accelerators to their default values. It will also delete temporary Internet files, history, cookies, web form information information (passwords) and InPrivate Filtering data.

Note 2: Resetting Internet Explorer’s settings is not reversible. After a reset, all previous settings are lost and cannot be recovered. All add-ons and customizations are deleted, and you basically start with a fresh version of Internet Explorer.

-- If using Firefox or Google Chrome, please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 monkeymom

monkeymom
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 07 August 2013 - 06:47 PM

# AdwCleaner v2.306 - Logfile created 08/07/2013 at 20:45:24
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Royer Family - ROYER
# Boot Mode : Normal
# Running from : C:\Users\Royer Family\Downloads\AdwCleaner (1).exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\END
File Found : C:\Users\Royer Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Royer Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Users\Royer Family\AppData\LocalLow\Conduit
 
***** [Registry] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Royer Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Found [l.34] : icon_url = "hxxp://search.conduit.com/fav.ico",
Found [l.37] : keyword = "search.conduit.com",
Found [l.41] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN27004564592497149&ctid=CT3295942&UM=2",
Found [l.42] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN27004564592497149&UM=2"
Found [l.2385] : homepage = "hxxp://search.conduit.com/?ctid=CT3295942&SearchSource=48&CUI=UN27004564592497149&UM=2",
Found [l.3283] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3295942&SearchSource=48&CUI=UN27004564592497149&UM=2" ]
 
*************************
 
AdwCleaner[R1].txt - [2595 octets] - [07/08/2013 20:45:24]
AdwCleaner[S1].txt - [3023 octets] - [30/06/2013 01:35:21]
 
########## EOF - C:\AdwCleaner[R1].txt - [2715 octets] ##########


#5 monkeymom

monkeymom
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 07 August 2013 - 07:09 PM

sorry.. i think this may be the log you were asking for

# AdwCleaner v2.306 - Logfile created 08/07/2013 at 20:52:25
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Royer Family - ROYER
# Boot Mode : Normal
# Running from : C:\Users\Royer Family\Downloads\AdwCleaner (2).exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\END
File Deleted : C:\Users\Royer Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Royer Family\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Royer Family\AppData\LocalLow\Conduit
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Royer Family\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.34] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.37] : keyword = "search.conduit.com",
Deleted [l.41] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN27[...]
Deleted [l.42] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=U[...]
Deleted [l.2385] : homepage = "hxxp://search.conduit.com/?ctid=CT3295942&SearchSource=48&CUI=UN27004564592497149&UM[...]
Deleted [l.3294] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3295942&SearchSource=48&CUI[...]
 
*************************
 
AdwCleaner[R1].txt - [2784 octets] - [07/08/2013 20:45:24]
AdwCleaner[R2].txt - [2844 octets] - [07/08/2013 20:51:58]
AdwCleaner[S1].txt - [3023 octets] - [30/06/2013 01:35:21]
AdwCleaner[S2].txt - [2742 octets] - [07/08/2013 20:52:25]
 
########## EOF - C:\AdwCleaner[S2].txt - [2802 octets] ##########


#6 monkeymom

monkeymom
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 07 August 2013 - 07:20 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.8 (08.07.2013:4)
OS: Windows 7 Home Premium x64
Ran by Royer Family on Wed 08/07/2013 at 21:10:30.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-73266943-1805291363-105737061-1000\Software\SweetIM"
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/07/2013 at 21:16:38.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:12 AM

Posted 08 August 2013 - 08:54 AM

Did you need to manually change any browser settings or use instructions to reset things back to default?

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 monkeymom

monkeymom
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 08 August 2013 - 09:57 PM

Everything went back to default..but, although Chrome opens properly, once i search something..the search field will flash a conduit search, and then go to bing. 

I did not have to reset browser,...It di all that on its own. Something seems to still be hiding somewhere



webroot doesn't seem to catch/stop anything. Should I get mcafee?



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:12 AM

Posted 09 August 2013 - 07:57 AM

Most likely another setting needs fixing. See Google Chrome Search engine and other settings taken over by an unwanted program
 

webroot doesn't seem to catch/stop anything. Should I get mcafee?

Although McAfee is as good as any other well known anti-virus program, it requires numerous services and running processes that consume a lot of system resources and often results in complaints of high CPU usage. Anti-virus software components insert themselves deep into the operating systems core and create files/folders/registry entries in various locations. If you do a Google Search you will find there have been numerous complaints about it affecting system performance. Those issues plus the cost factor are the primary reason many folks look for a free alternative as a replacement. McAfee is better utilized in an Enterprise system environment protecting many client computers.

You may want to read Choosing an Anti-Virus Program
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:12 AM

Posted 09 August 2013 - 07:58 AM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator.
    To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
    • Click the green esetOnline.png button.
    • Read the End User License Agreement and check the box:
    • Check esetAcceptTerms.png.
    • Click the esetStart.png button.
    • Accept any security warnings from your browser and allow the download/installation of any require files.
    • Under scan settings, check esetScanArchives.png and check Remove found threats
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Click the Start button.
    • ESET will install itself, download virus signature database updates, and begin scanning your computer.
    • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
      If given the option (when threats are found), choose "Quarantine" instead of delete.
    • When the scan completes, push esetListThreats.png
    • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
    • Push the esetBack.png button, then Finish.
    • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.
    Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 monkeymom

monkeymom
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 09 August 2013 - 02:21 PM

C:\Users\Royer Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKANXS2Y\SPSetup[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\Royer Family\AppData\Local\Temp\is357113909\DeltaTB.exe a variant of Win32/Toolbar.Babylon.F application cleaned by deleting - quarantined
C:\Users\Royer Family\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application deleted - quarantined


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:12 AM

Posted 09 August 2013 - 04:19 PM

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 monkeymom

monkeymom
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 09 August 2013 - 05:43 PM

Much better!! THANK YOU!



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:12 AM

Posted 09 August 2013 - 07:23 PM

You're welcome.

:thumbup2: Tips to protect yourself against malware and reduce the potential for re-infection
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users