Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

about shorter cleaner


  • Please log in to reply
6 replies to this topic

#1 Malekal_morte

Malekal_morte

  • Security Colleague
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:01:29 AM

Posted 27 January 2014 - 04:27 AM

Hello,

 

I dont know where to post that, if wrong topic, sorry and please move it 

 

Im trying to make use Shorter Cleaner in French removal forums. We have big attack from an hijacker AwesomeHP (it's a variant of Nation Zoom / Do-Search).

 

Browser Shortcurts are changed and the url of AweShomeHP is added to get it open at Browser Startup.

Shorter Cleaner doest not clean it.

 

My question is, is-there any URL filter in Shorter Cleaner, and so, AwesomeHP.com need to be added in it ?

 

Best Regards,



BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,591 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:29 PM

Posted 27 January 2014 - 08:05 AM

Hi Malekal,

 

Will get it added immediately.  Can you submit a sample of the installer to http://www.bleepingcomputer.com/submit-malware.php?channel=3?

 

Thanks



#3 Malekal_morte

Malekal_morte
  • Topic Starter

  • Security Colleague
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:01:29 AM

Posted 27 January 2014 - 08:08 AM

yup, SOMOTO sh...t should do the work :

 

gonna submit it.


Edited by Grinler, 27 January 2014 - 10:32 AM.
Remvoed link. Got it via pm


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,591 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:29 PM

Posted 27 January 2014 - 07:07 PM

Shortcut Cleaner is updated for the awesomehp.com domain. I couldn't get the installer, but still looking.

#5 Malekal_morte

Malekal_morte
  • Topic Starter

  • Security Colleague
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:01:29 AM

Posted 28 January 2014 - 02:21 AM

The installer is probably geoip, need a FR IPs.
I notice, you dont have any awesomehp topic here !
 
~~
 
Seems better :)
 

Shortcut Cleaner 1.2.7 by Lawrence Abrams (Grinler)
 

http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 http://www.bleepingcomputer.com/download/shortcut-cleaner/
 
Windows Version: Microsoft Windows XP Service Pack 2
Program started at: 01/28/2014 08:19:08 AM.
 
Scanning for registry hijacks:
 
 * No issues found in the Registry.
 
Searching for Hijacked Shortcuts:
 
Searching C:\Documents and Settings\Mak\Menu Démarrer\
 
  * Shortcut Cleaned: C:\Documents and Settings\Mak\Menu Démarrer\Programmes\Accessoires\Outils système\Internet Explorer (sans module complémentaire).lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1390893167&from=air&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001
 
  * Shortcut Cleaned: C:\Documents and Settings\Mak\Menu Démarrer\Programmes\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1390893167&from=air&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001
 
Searching C:\Documents and Settings\All Users\Menu Démarrer\
 
  * Shortcut Cleaned: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox.lnk => C:\Program Files\Mozilla Firefox\firefox.exe http://www.awesomehp.com/?type=sc&ts=1390893167&from=air&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001
 
Searching C:\Documents and Settings\Mak\Application Data\Microsoft\Internet Explorer\Quick Launch\
 
  * Shortcut Cleaned: C:\Documents and Settings\Mak\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1390893167&from=air&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001
 
  * Shortcut Cleaned: C:\Documents and Settings\Mak\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk => C:\Program Files\Mozilla Firefox\firefox.exe http://www.awesomehp.com/?type=sc&ts=1390893167&from=air&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001
 
Searching C:\Documents and Settings\All Users\Bureau\
 
  * Shortcut Cleaned: C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk => C:\Program Files\Mozilla Firefox\firefox.exe http://www.awesomehp.com/?type=sc&ts=1390893167&from=air&uid=VMwareXVirtualXIDEXHardXDrive_00000000000000000001
 
Searching C:\Documents and Settings\Mak\Bureau

6 bad shortcuts found.

Program finished at: 01/28/2014 08:19:10 AM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)
 
 
Thank you very much.
Please follow this topic, because the URL of the hijacker will probably change in on mouths, so if shorter cleaner need to be update, i will give you the new URLs in thi topic !
 
Thanks!

Edited by Malekal_morte, 28 January 2014 - 02:34 AM.


#6 Malekal_morte

Malekal_morte
  • Topic Starter

  • Security Colleague
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:01:29 AM

Posted 28 January 2014 - 03:30 AM

confirmed : http://www.commentcamarche.net/forum/affich-29595328-impossible-de-supprimer-awesomehp#3

 

nice  :bounce:



#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,591 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:29 PM

Posted 28 January 2014 - 08:18 AM

Thanks for the installer and confirming. Tried from a french ip, but still had no luck. Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users