Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Text-Enhance Virus


  • Please log in to reply
3 replies to this topic

#1 TheProgramer

TheProgramer

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:07 AM

Posted 08 December 2013 - 05:09 PM

I have what I belive is called a Text-Enhance Virus.  It hyper-text-links words on websites and ocassionally will expand some ads on my browser (much like when you scroll over an ad it migh texpand, but with no ad to scroll over).  It also will create some links at the top of google results page no matter what I search.

 

THINGS TRIED: I ran malwarebytes and Spybot S&D.  Malewarybtes came up clean - by Spybot came up with some stuff.  No matter how many times it detects it and 'removes it' it always shows up in the next scan.  Please help, and thanks.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:07 PM

Posted 08 December 2013 - 06:19 PM

Hello -

This is just another Add-on that you installed with a recent download.

Always take care and read what you are downloading, as there are dozens of similar programs -

 

Look in Add / Remove or Programs and Features for the "TE" emblem, and uninstall it.

 

 

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully. At worst the tool will run for about 2 minutes

Important: Do not reboot your computer until you complete the next step.

 

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next -

Please download Junkware Removal Tool by thisisu and save it to your Desktop.
* Close all open programs and shut down any protection/security software now to avoid potential conflicts.
* Double-click on JRT.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
* Copy and paste the contents of JRT.txt in your next reply.
These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entires (values, keys)

 

See how these go - Thanks -



#3 TheProgramer

TheProgramer
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:09:07 AM

Posted 09 December 2013 - 01:05 AM

Found no entry with TE emblem.

 

jr9q3d.png

 

 

# AdwCleaner v3.014 - Report created 09/12/2013 at 00:54:33
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Caleb - THECARRIER
# Running from : C:\Users\Caleb\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\Sourf aand keep
Folder Deleted : C:\Program Files (x86)\YoutubeAdblocker
Folder Deleted : C:\Program Files (x86)\Sourf aand keep
Folder Deleted : C:\Users\Caleb\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\epuuc1xz.default\Extensions\xojq_eu@osss-pd.edu
Folder Deleted : C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\epuuc1xz.default\Extensions\znhh4tm2@d-vhs.com
File Deleted : C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\epuuc1xz.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\epuuc1xz.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchbomb.info/?pid=34&r=2013/11/28&hid=2765371813160254933&lg=EN&cc=US&unqvl=42&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.MuRignb.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script.t[...]
Line Deleted : user_pref("extensions.kP_Zk0BHyCo.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};new function(){var a=this;a.domain_storage=\"hxxp://xls.searchfun.in\";a.pre[...]
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchbomb.info/?pid=34&r=2013/11/28&hid=2765371813160254933&lg=EN&cc=US&unqvl=42&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R0].txt - [3890 octets] - [09/12/2013 00:51:20]
AdwCleaner[S0].txt - [3901 octets] - [09/12/2013 00:54:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3961 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Caleb on Mon 12/09/2013 at  0:57:44.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Caleb\AppData\Roaming\mozilla\firefox\profiles\epuuc1xz.default\prefs.js

user_pref("extensions.MuRignb.url", "hxxp://getjpiproxy.info/sync2/?q=hfZ9ofV9CShEAen0rHnMg708BNmGWj8lkGhGheDUojwHrjwGpdw5qjkGqchIC7n0rjrFrTa5rjCGqHw5tNhVCT94tMVKhd96pdCFqjsFp
Emptied folder: C:\Users\Caleb\AppData\Roaming\mozilla\firefox\profiles\epuuc1xz.default\minidumps [300 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/09/2013 at  1:02:08.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Thanks for the help.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:07 AM

Posted 09 December 2013 - 08:34 PM

For future reference, it's not only adds-on which can causes this: In-Text Ads Explained
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users