Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VisualBee V.1 Customized Web Search


  • Please log in to reply
58 replies to this topic

#46 Marper145

Marper145
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chesterfield UK
  • Local time:04:06 AM

Posted 06 September 2013 - 12:36 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Dave and Val Marper on Fri 09/06/2013 at 18:29:03.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Failed to stop: [Service] spamfighter update service
Failed to stop: [Service] suite service

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\commontoolkittray
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sfagent

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3287810
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{29830048-13CE-43EB-A220-DF1FB226BEF9}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\visualbee"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\fighters"
Failed to delete: [Folder] "C:\Documents and Settings\Dave and Val Marper\Application Data\fighters"
Successfully deleted: [Folder] "C:\Documents and Settings\Dave and Val Marper\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\Dave and Val Marper\Local Settings\Application Data\adawarebp"
Successfully deleted: [Folder] "C:\Documents and Settings\Dave and Val Marper\Local Settings\Application Data\filetypeassistant"
Successfully deleted: [Folder] "C:\Documents and Settings\Dave and Val Marper\Local Settings\Application Data\visualbeeexe"
Successfully deleted: [Folder] "C:\Program Files\fighters"
Failed to delete: [Folder] "C:\Program Files\webconnect"

 

~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Dave and Val Marper\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/06/2013 at 18:34:01.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~



BC AdBot (Login to Remove)

 


#47 Marper145

Marper145
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chesterfield UK
  • Local time:04:06 AM

Posted 06 September 2013 - 12:42 PM

It's gone again. It seems to be the JRT download that has killed it again. If it come back I'll just run JRT again. Where does it come from.  I keep getting pop ups telling me that there is a new update for programes and when I check the programe, there is no updates. Is that where these things come from. I don't use the pop ups and I have told all users not to use them.  Which of the downloads do you recommend I keep please.

David



#48 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:06 PM

Posted 06 September 2013 - 12:59 PM

Good news :)

You have to be more careful when you install browser addons.

 

As for that updater....uninstall File Type Assistant.

 

When done post fresh Security Check log.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#49 Marper145

Marper145
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chesterfield UK
  • Local time:04:06 AM

Posted 07 September 2013 - 06:29 AM

 File Type Assistant removed.  As for being careful with browser add ons, I do read the boxes carefully but I don't usually use them.  I go onto the site and see if there are any updates.  It may have been a grandchild that did it.

 

 

  Results of screen317's Security Check version 0.99.72 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 AVG 2012    
 AVG SafeGuard toolbar   
 AVG 2012    
 Ad-Aware Antivirus    
 AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Spybot - Search & Destroy
 Windows Defender   
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java 7 Update 25 
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 
 Adobe Reader XI 
 Google Chrome 29.0.1547.62 
 Google Chrome 29.0.1547.66 
````````Process Check: objlist.exe by Laurent```````` 
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 AVG avgwdsvc.exe
 AVG avgtray.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Ad-Aware Antivirus AdAwareService.exe  
 Ad-Aware Antivirus SBAMSvc.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 6%
[b][u]````````````````````End of Log``



#50 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:06 PM

Posted 07 September 2013 - 10:48 AM

I keep getting pop ups telling me that there is a new update for programes

Is the above gone?

 

Any other issues?

 

p22002970.gif You're running two AV programs, AVG and Lavasoft Ad-aware.

You must uninstall one of them.

I suggest Lavasoft goes.

 

p22002970.gif Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#51 Marper145

Marper145
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chesterfield UK
  • Local time:04:06 AM

Posted 10 September 2013 - 06:32 AM

Hello.

Sorry for delay.

Lavasoft Ad-wear removed, Adobe Flash Player updated.  VisualBee has gone now thank you.  I have one issue but I think it may be that my Broadband supplier has changed email service from Google to Yahoo. I get multiple emails from each email sender.  If there is an easy way to stop them I would be most gratefull, as I have been with all your help.  HAVE FORGOTTEN ANYTHING?

David



#52 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:06 PM

Posted 10 September 2013 - 05:29 PM

ISP doesn't force any email program on you.

You can use whatever you want.

I'm not sure if I clearly understand your problem.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#53 Marper145

Marper145
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chesterfield UK
  • Local time:04:06 AM

Posted 11 September 2013 - 07:31 AM

When someone sends an email to us we get 4 identical emails, all have the same date and time.



#54 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:06 PM

Posted 11 September 2013 - 10:40 AM

It's most likely email server issue.

You can try to contact your ISP.

Other than that there is not much you can do about it.

 

=================================

 

Your computer is clean p3879546.jpg

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
Windows 8: http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/#disable

2. Make sure Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

12. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#55 anthonycuk

anthonycuk

  • Banned Spammer
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 13 September 2013 - 04:37 AM

In fact, if it is just visualbee web search, it is easy to deal with, you may just remanage your browser settings.

 

  1. firefox: Go to Tools menu -> select Manage Add-ons -> check under Extensions tab and Plugins respectively and rectify those modified by dvisualbee
  2. google chrome: Click on ‘Customize and control’ Google Chrome icon -> select ‘Settings’ -> manage ‘Extension’ -> ‘manage search engine’
  3. IE: Go to Tools -> select ‘Manage Add-ons’ -> check under ‘Toolbars and Extensions’ and ‘Search Providers’ respectively -> click ‘Disable’/ ‘Remove’ to get rid of visualbee web search virus

you may not see visualbee web search again, I got a similar one and I tackled it down with the steps above.



#56 Marper145

Marper145
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chesterfield UK
  • Local time:04:06 AM

Posted 14 September 2013 - 10:11 AM

Done everything, (hopefully), but Secunia.com would not install. Got a pop up message that starts, Installer integrity check has failed.

 I will now be away again for 7 days from 15th Sept, back in the early hours of 22nd Sept.

If you know why it will not install, I will do what you say when I return. Many thanks for your help so far. Shall I deleat rkill, JRT ,mbam-setup, mbar-106, MicrosoftFix, esetsmartinstaller_enu?

David



#57 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:06 PM

Posted 14 September 2013 - 03:45 PM

Secunia is optional so we won't worry about it.

 

Yes you can delete all those.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#58 anthonycuk

anthonycuk

  • Banned Spammer
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 16 September 2013 - 03:56 AM

Done everything, (hopefully), but Secunia.com would not install. Got a pop up message that starts, Installer integrity check has failed.

 I will now be away again for 7 days from 15th Sept, back in the early hours of 22nd Sept.

If you know why it will not install, I will do what you say when I return. Many thanks for your help so far. Shall I deleat rkill, JRT ,mbam-setup, mbar-106, MicrosoftFix, esetsmartinstaller_enu?

David

You may need to uninstall Secunia software and reinstall it again. Such popup message can be the result of incomplete installation. If the method fails, you might lack the driver that empowers Secunia.

To guarantee a comparatively faster PC performance, I would suggest you uninstall all those things.

Anthony Cook



#59 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:06 PM

Posted 16 September 2013 - 06:05 PM

I suggest new topic at Secunia forum: http://secunia.com/community/forum/psi/


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users