Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE hijacker 2 wks ago, now lg numer quarantined tracking cookies found daily


  • Please log in to reply
7 replies to this topic

#1 Ruthe

Ruthe

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NC, USA
  • Local time:12:18 PM

Posted 22 November 2013 - 10:34 AM

2 wks ago I started having problems with my home page being changed and then I was unable to go where I wanted to online.  I ran some scans with Superantispyware and MBAM and found I had a IE hijacker.  I thought I had gotten things cleared up but I'm still getting the quarantined type of tracking cookies every time I go online.  I think I must still have problems that need to be fixed.  Any help will be appreciated greatly.

Thanks



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:18 AM

Posted 22 November 2013 - 10:50 AM

You can block the install of Ad/ tracking 3rd party cookies from installing. See info in link below.

Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET

Once you have blocked the cookies from installing, scan again with Super Antispyware to remove the ones presently installed.

 

Use the programs below to scan for and remove unwanted adware, etc. Allow them to remove whatever they find.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Free ESET Online Antivirus Scanner

Post the log back here if it finds anything.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Ruthe

Ruthe
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NC, USA
  • Local time:12:18 PM

Posted 22 November 2013 - 12:55 PM

He# AdwCleaner v3.012 - Report created 22/11/2013 at 11:27:37
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Ruth - RUTH-PC
# Running from : C:\Users\Ruth\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v

[ File : C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R5].txt - [1975 octets] - [22/11/2013 11:26:55]
AdwCleaner[S3].txt - [1920 octets] - [22/11/2013 11:27:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1980 octets] ##########
re are the scans you requested....

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by Ruth on Fri 11/22/2013 at 11:33:15.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-316853977-1343218747-4080162085-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RoboTaskBarIcon_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RoboTaskBarIcon_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{505CA327-2554-4ADD-82F7-D60C22F0CA5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DA6230EF-BEF2-4579-9E95-E08BE7D85FBF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\driverupdate startup.job"
Successfully deleted: [File] "C:\Users\Ruth\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\ProgramData\pchealthboost"
Successfully deleted: [Folder] "C:\Users\Ruth\AppData\Roaming\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files\fileopenerpro"
Successfully deleted: [Folder] "C:\Program Files\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files\secure speed dial"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/22/2013 at 11:36:54.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


The ESET scan is clean. Thanks for your quick reply this a.m. All the scans have just now finished.

#4 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:18 AM

Posted 22 November 2013 - 01:31 PM

Use Ccleaner to cleanup temporary files, logs, etc. Use default settings. Avoid using the Registry cleaning tool as it may cause further problems.

Be sure to pay close attention while installing Ccleaner and UNcheck offer of any toolbars, etc. CCleaner - PC Optimization and Cleaning - Free Download

 

Check that Java (not Java script), Adobe products such as Reader and Flash and your Windows OS have the latest updates. Very important to avoid

exploits...malware.

 

Today, it is best to assume that every free program and add-ons come with adware. Always choose custom install when offered and watch for offers

of toolbars, search protectors, etc. and deny the offers. Sometimes you are not made aware of adware offers....foist ware.

 

Any problems?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Ruthe

Ruthe
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NC, USA
  • Local time:12:18 PM

Posted 22 November 2013 - 02:31 PM

I guess there is no way to post the Ccleaner files that were cleaned.  There was 704MB total....some of the most were 9,640 temp IE, 316 cookies, 135 temp system, 59 flash player, 18 silver light,

If I need to mention any others let me know.  I have checked and all the adobe products are up to date as well as my windows updates.

 

I have already learned the hard way about downloading things the custom way to uncheck for toolbars etc.  They are really sneaky anymore.



#6 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:18 AM

Posted 22 November 2013 - 03:11 PM

No need to post the Ccleaner log.......you should use Ccleaner often.

 

Any other problem?

 

Did you block the third party cookies per my first post?

 

There is a website that you can download many of the popular programs free of adware. It offers an updating service of those programs, too.

Ninite - Install or Update Multiple Apps at Once

That's another thing you have to watch for as some programs install adware disguised as updates or along with security updates.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Ruthe

Ruthe
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NC, USA
  • Local time:12:18 PM

Posted 22 November 2013 - 03:49 PM

yes, I did block the 3rd party cookies as you asked.  Hopefully this will take care of things and I will continue to do all the things you said to do.  Thanks so much for all your help.  I also book marked Ninite so I can use it as suggested as well.  I had never heard of that and am very glad to get it.



#8 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:18 AM

Posted 22 November 2013 - 04:34 PM

Glad to of helped....you are welcome

 

If you are a smart TV owner you may find this of interest....kind of related...

LG to Fix Unwanted Smart TV Data Collection | News & Opinion | PCMag.com


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users