Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cleanup after the cleanup


  • Please log in to reply
10 replies to this topic

#1 millipede

millipede

  • Members
  • 614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:outer space
  • Local time:01:06 AM

Posted 03 February 2014 - 03:04 PM

Is there a best or just recommended program for cleaning up what gets left behind after adware is removed? 

I was cleaning up a windows 8 laptop and thought I had all the garbage removed.  Conduit is just one but it was the one I was searching for at the time I discovered something.  I had fully updated and ran avast and malwarebytes.  Everything looks good.  Ran a quick online scan with bitdefender, nothing found. 
But checking out startup entries and more in CCleaner I found another instance of conduit still hiding.  I realize that little bits and pieces of programs get left behind ALL the time...  I ran the registry cleanup with CCleaner and it didn't find all of it. 
I decided to look in regedit and I found a few folders for conduit along with several other programs that are no longer on the machine, some of which were uninstalled quite properly...  The traces remain though... and I figure, it's always nice to remove it all if possible.
But, I don't want to just delete folders from the registry without some caution.  So I got to thinking... I'm pretty sure there are some good cleanup programs for this sort of thing...  My memory just doesn't help me as often as I'd like it to.  ha.  Well, that's not funny really as I'm not that old yet.  :(
Got some errands to do and thought I'd ask before I go out... and I'll be looking some more myself when I get back later.
If you have a recommendation I'd appreciate it.  Thanks.

Sorry if this is not the correct section...  Some topics I just don't know where to put them.



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 03 February 2014 - 04:17 PM


Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
4. As a final step, download and scan with Malwarebytes Anti-Malware.
  • When done, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 millipede

millipede
  • Topic Starter

  • Members
  • 614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:outer space
  • Local time:01:06 AM

Posted 03 February 2014 - 08:21 PM

I think I was in a rush earlier, but I definitely wasn't sure which section to post in.  I'm thinking this is not the one I wanted.
I just want to be clear, I wasn't looking for help finding out if the computer is infected.  Programs I removed(some using the proper uninstall in add/remove) left traces behind in the registry.  They're no longer running and active programs... the programs themselves don't exist any longer... just a few folders and trace keys left in the registry.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 03 February 2014 - 08:27 PM

AdwCleaner and Junkware Removal Tool will remove remnants of files, folders and registry keys. That plus the fact you were dealing with Conduit, a PUP not a malware infection, is why I recommended using them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 millipede

millipede
  • Topic Starter

  • Members
  • 614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:outer space
  • Local time:01:06 AM

Posted 03 February 2014 - 09:02 PM

Thanks.  I will check those out.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 03 February 2014 - 09:03 PM

You're welcome.

 

BTW if you are comfortable doing this on your own....then you don't need to post the logs.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 millipede

millipede
  • Topic Starter

  • Members
  • 614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:outer space
  • Local time:01:06 AM

Posted 04 February 2014 - 01:39 AM

Fairly comfortable...  The adwcleaner got all those folders I was seeing in the registry earlier.  :)
There were also a LOT of entries in the firefox tab...  At least a few were definitely leftover from conduit.
Only thing that didn't work perfectly was JRT was unable to delete 4 registry keys.  I'm not sure if they're a problem.  I looked up caphyon and didn't find anything bad with it.
Rkill found nothing to kill...  malwarebyes on full scan didn't find anything either.  Other than these 4 entries, I'm pretty happy with how it's looking.  :)
 

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\caphyon
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 04 February 2014 - 09:09 AM

Great.

I will provide those registry keys to the developer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 04 February 2014 - 06:48 PM

thisisu advised he didn't know why but JRT seems to have issues deleting many keys when running on Windows 8 or 8.1. He said those keys are minor traces and shouldn't affect your browsers. However he does have a registry patch to remove the last traces of Supreme Savings if you are concerned about it.

The Caphyon keys are no longer removed as of JRT in v6.1.1 because it was a false positive in most cases.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 millipede

millipede
  • Topic Starter

  • Members
  • 614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:outer space
  • Local time:01:06 AM

Posted 04 February 2014 - 10:36 PM

Thanks a lot.  I'm not too worried about it. 
Those tools were quite helpful and I will be using them some more in the future I'm sure. 



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:06 AM

Posted 05 February 2014 - 07:01 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users