Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware/Malware - ElectroLyrics.


  • Please log in to reply
5 replies to this topic

#1 PhtevenFella

PhtevenFella

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 10 November 2013 - 03:48 PM

Hello all, this morning I accidently deleted some files and in looking for recovery tools I found one that installed a lot more than just a utility to help recover my data. I tried my best to close and end processess and remove all I could, but still got some weird pop-ups that adblock kind of blocked (pop-up window without anything in it). Some of the pop-ups I see say ElectroLyrics.

 

I uninstalled something named ElectroLyrics-22 from the control panel but still got some pop-ups. I'd hate to miss anything that the nasty stuff might leave behind.. Can anyone recommend how to clean my PC thouroughly?

 

Thanks in advance.

 

Moderator edit: Moved from the Windows 7 forum to the Am I Infected forum.

Roger


Edited by rotor123, 10 November 2013 - 04:11 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:14 PM

Posted 10 November 2013 - 05:25 PM

Hello -

After you remove the item from Programs and Features, please clean up with these -

 

Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with a prompt to Reboot and let MBAM proceed with the disinfection process, if asked to Restart the computer, please do so immediatly.

 

 

Close all open programs as your computr will be rebooted ......

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -

Important: Do not reboot your computer until you complete the next step.

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Finally -

Please download TFC, or Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK to reboot your computer and finish the cleanup.

 

 

Thank You -



#3 PhtevenFella

PhtevenFella
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 10 November 2013 - 08:13 PM

Hi noknojon, thanks for the reply.

I installed Malwarebytes and ran a quick scan, it found 6 files and it prompted me to reboot, I ran the scan again afterwards and it didn't detect anything. Here's the log file it generated.

 

Thank you for your help!

 

Malewarebytes

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
MatCon :: MATCON-PC [administrator]

10/11/2013 8:58:07 PM
mbam-log-2013-11-10 (20-58-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224712
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\MatCon\AppData\Local\Temp\conduitchecker.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\MatCon\AppData\Local\Temp\ElectroLyrics_1060-4040_v122.exe (PUP.Optional.AdLyrics) -> Quarantined and deleted successfully.
C:\Users\MatCon\AppData\Local\Temp\GetCC.dll (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\MatCon\AppData\Local\Temp\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\MatCon\AppData\Local\Temp\vbmz17.exe (MSIL.Solimba) -> Quarantined and deleted successfully.
C:\Users\MatCon\AppData\Local\Temp\is1919606650\18323876_stp.EXE (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

(end)


RKill

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/10/2013 09:19:02 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\ASGT.exe (PID: 1996) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\MatCon\Desktop\rkill\rkill-11-10-2013-09-19-06.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 11/10/2013 09:19:43 PM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)

Adwcleaner

# AdwCleaner v3.011 - Report created 10/11/2013 at 21:22:59
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : MatCon - MATCON-PC
# Running from : C:\MatCon\PC Troubleshooting\Adware - Malware\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\MatCon\AppData\Roaming\Mozilla\Firefox\Profiles\hbnmprfq.default-1384114714070\prefs.js ]


*************************

AdwCleaner[R2].txt - [785 octets] - [10/11/2013 16:49:59]
AdwCleaner[R3].txt - [731 octets] - [10/11/2013 16:51:53]
AdwCleaner[R4].txt - [791 octets] - [10/11/2013 21:22:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [850 octets] ##########


Edited by PhtevenFella, 10 November 2013 - 08:24 PM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:14 PM

Posted 10 November 2013 - 09:12 PM

Temp\ElectroLyrics_1060-4040_v122.exe

Hi -

This may have got it, as it is the .exe of the program.

Do you have ElectroLyrics listed in Programs and Features at all (or any "odd" programs) ?

 

Have you still got the problem at all ??

 

Thanks -

EDIT - Open AdwCleaner and hit Clean and it may reboot your computer.

Next, re-open the program and hit the Uninstall button to clean out any items in quarantine and remove the program -


Edited by noknojon, 10 November 2013 - 09:18 PM.


#5 PhtevenFella

PhtevenFella
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 10 November 2013 - 10:45 PM

Yes, it seems to have removed everything. Nothing listed in Programs and Features, nothing odd in the list at all. I no longer see any strange ads everywhere. And everything seems to be working just fine.

 

Thanks again for the help!



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:14 PM

Posted 10 November 2013 - 11:20 PM

Fom the crew at B.C. you are welcome to any help that we can provide.

 

Please start a new topic if there are other problems that we can help with :)

 

Good Luck -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users