Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jollywallet and passshow


  • Please log in to reply
3 replies to this topic

#1 miark

miark

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 23 December 2013 - 10:43 PM

I am constantly getting popus and banner adds that say jollywallet and passhow on them in interenet explorere I have ran a full scan with mcafee and with malwarebytes both show no infections and I am unable to get rid of these it I have checked in browser extension / addons an in add remove software they do not show there either to remove. please help I have screen shots of the popus but I can not figure out how to post pictures



BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 AM

Posted 24 December 2013 - 01:14 AM

 
 
 
 

G'day miark, and Welcome to BC !!

 

Open Internet Explorer,then click on the gear iconicongear.jpg (Tools for Windows XP users) at the top (far right), then  select Manage add-ons

From the Toolbars and Extensions tab, select JollyWallet and click on Disable.

Because JollyWallet is bundled with other additional programs, I recommend that you search and uninstall any other unwanted program from your computer..... also search for any program developed by JollyWallet or Yontoo in add/remove programs.

 

Then

 

Please Download  AdwCleaner
* Close all open programs and internet browsers.
* Double click on adwcleaner.exe to run the tool.
* Click on the Scan button.
* When the scan has finished click on the
Clean button.
* NOTE : Your computer will be
rebooted automatically. A text file will open after the restart.
* Please post the contents of that logfile with your next reply.
* You can find the logfile at C:\AdwCleaner.txt as well.
Once I OK the log, please click the Uninstall button to fully remove all items

 

 

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 
 
Do you have a program on your computer called ....PasShow.....

Edited by Condobloke, 24 December 2013 - 01:19 AM.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#3 miark

miark
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 24 December 2013 - 02:47 AM

I never was able to find a program called jollywallet or pasShow in brower add-ons and toolbars but after restarting the computer a few times passhow appeared in add remove programs I removed it from there and now the popups are no longer happening I am including the ADW and JRT info for you if you need it but so far the system seems to be running fine now

 

# AdwCleaner v3.016 - Report created 24/12/2013 at 00:24:41
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Miark - MIARK
# Running from : C:\Users\Miark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YE7N069T\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Miark\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1074 octets] - [23/12/2013 06:11:20]
AdwCleaner[R1].txt - [924 octets] - [24/12/2013 00:23:34]
AdwCleaner[S0].txt - [1149 octets] - [23/12/2013 06:14:56]
AdwCleaner[S1].txt - [846 octets] - [24/12/2013 00:24:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [905 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Miark on Tue 12/24/2013 at  0:30:35.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SherlockHolmes_TheHoundofTheBaskervilles-WT_RASAPI32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SherlockHolmes_TheHoundofTheBaskervilles-WT_RASAPI32

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/24/2013 at  0:42:15.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks for the quick reply



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:06 AM

Posted 24 December 2013 - 03:10 AM

 
 

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SherlockHolmes_TheHoundofTheBaskervilles-WT_RASAPI32

from your JRT scan...

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool,  If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by the infection when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that RKill can terminate the Infection that we are attempting to get rid of. So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again.


rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

 

 

Please download  Malwarebytes Anti-Rootkit(aka MBAM)
Do not install the Free Trial Version at this time .........
* Double-click MBAM -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be so it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Scan, then click Quick Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
If you are not sure of any items, post the log and ask if it should be removed.
Be sure to reboot the computer after you post the log.
 

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users