Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nationzoom browser infection


  • This topic is locked This topic is locked
19 replies to this topic

#1 acerts04

acerts04

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 28 February 2014 - 11:57 AM

Hey everyone, i have been working on a pc that would barely boot it was so infected. I have gotten the pc to run smoothly, but having difficulty removing the nationzoom homepage browser hijiacker. Ive run junkware removal adwcleaner, malwarebytes and hitman pro. Anyway i can manually get rid of this? Or any input with someone who has experience with this before? Thank you

"In real life, the hardest aspect of the battle between good and evil is determining which is which."


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:42 PM

Posted 28 February 2014 - 01:03 PM

Have you looked in browser add ons and/or extensions for any references to it and delete or disable them?
Also in Control Panel Uninstall programs ..see if its there.
I don't know either of which you have to be more specific.

ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • [/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 acerts04

acerts04
  • Topic Starter

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 28 February 2014 - 04:27 PM

Boopme, thank you for the reply. I am sorry for not being specific enough, it is not located in control panels unistall menu, and also was not in extensions. Although in extensions there was scorpion saver which i deleted. I seem to have rid of nationzoon by resetting back to default in chromes settings menu. When i launch my browser it loads up to google homepage instead of nationzoom. What i am not sure of is if it is fully gone, or is going to pop back up. Like i said earlier i did run adwcleaner, junkware removal, hitman pro and malwarebytes which removed over 600 infections. I am now running malwatebytes via hirens boot cd and it has found more infections. After that is finished and if still necessary i will get the esetscan contents in my next post

"In real life, the hardest aspect of the battle between good and evil is determining which is which."


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:42 PM

Posted 28 February 2014 - 04:58 PM

Ok post that log and also run the ESET.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:42 PM

Posted 28 February 2014 - 07:06 PM

Resetting Chrome to default settings should have removed it from the browser.

You can double-check...click on the menu button (Chrome Menu). When the menu appears, click on the Settings menu option. When the Settings screen opens, click on the Set Pages link under the On Startup category to specify the pages that should start automatically when Chrome opens. Nationzoom should not be present.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 acerts04

acerts04
  • Topic Starter

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 28 February 2014 - 09:30 PM

boopme, i unfortunately closed everything off hirens boot cd before checking the forum  :( so i dont have logs for the malwarebytes i ran. it did detect 8 infections though. ones that were not detected inside windows. quietman, i followed your steps and unfortunately nationzoom is still there. so i guess it is not gone. it doesnt load up anymore when i launch chrome, but obviously it is not fully gone. i just ran the ESET scan and it found 10 threats. here are the logs. 

 

C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1239\uninstall.exe a variant of Win32/Amonetize.X potentially unwanted application deleted - quarantined
C:\Users\Pairo\AppData\Local\Temp\1C53A2B1-BAB0-7891-A66C-71299EDC9181\Latest\BabMaint.exe Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\Users\Pairo\AppData\Local\Temp\1C53A2B1-BAB0-7891-A66C-71299EDC9181\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application deleted - quarantined
C:\Users\Pairo\AppData\Local\Temp\1C53A2B1-BAB0-7891-A66C-71299EDC9181\Latest\Delta.crx a variant of Win32/Toolbar.Babylon.I potentially unwanted application deleted - quarantined
C:\Users\Pairo\AppData\Local\Temp\1C53A2B1-BAB0-7891-A66C-71299EDC9181\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application deleted - quarantined
C:\Users\Pairo\AppData\Local\Temp\1C53A2B1-BAB0-7891-A66C-71299EDC9181\Latest\MntrDLLInstall.dll a variant of Win32/Toolbar.Babylon.V potentially unwanted application deleted - quarantined
C:\Users\Pairo\AppData\Local\Temp\GC\Profiles\{2DA4FE7F-060D-40C0-B35A-19507511A968}\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn\3.5.0.0_0\background.html Win32/DealPly.E potentially unwanted application deleted - quarantined
C:\Users\Pairo\AppData\Local\Temp\GC\Profiles\{8325088E-24E0-426D-9E01-18160E4BC388}\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn\3.5.0.0_0\background.html Win32/DealPly.E potentially unwanted application deleted - quarantined
C:\Users\Pairo\AppData\Local\Temp\GC\Profiles\{860461C3-C16D-4504-9330-70D682DCE052}\Default\Extensions\ojcgaoafcmbadjkfdippkdddgkeaipbn\3.5.0.0_0\background.html Win32/DealPly.E potentially unwanted application deleted - quarantined
C:\Users\Pairo\AppData\Local\Temp\{E1B13924-5673-4DE7-A76E-CF5F782EDA13}\setup.exe multiple threats cleaned by deleting - quarantined

"In real life, the hardest aspect of the battle between good and evil is determining which is which."


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:42 PM

Posted 28 February 2014 - 09:45 PM

Step 2 in this removal guide includes instructions with screenshots for removing Nation Zoom from Internet Explorer, Firefox and Chrome.

boopme will review your log first chance he gets.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 acerts04

acerts04
  • Topic Starter

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 01 March 2014 - 12:44 AM

Thanks quietman, followed the steps, but nationzoom is still present under set pages. It doesnt seem to be affecting anything anymore because it doesnt cause any redirecting anymore, but i am very meticulous when i work on pc's and i dont like any trace of anything

"In real life, the hardest aspect of the battle between good and evil is determining which is which."


#9 acerts04

acerts04
  • Topic Starter

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 01 March 2014 - 04:24 PM

Something strange happened. I wanted to run temp file cleaner. It starts to run then a windows critical error window pops up and says it will restart in 1 min. This only happens when i use TFC. Something to do with the infection?

"In real life, the hardest aspect of the battle between good and evil is determining which is which."


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:42 PM

Posted 01 March 2014 - 04:42 PM

I doubt it. First of all Nationzoom is not an infection in the typical sense...it is a PUP and PUPS do not fall into the same infectious malware category as viruses, Trojans, worms, rootkits, bots, etc.

Second, TFC was last updated by OldTimer 6/23/12...that was version 3.1.9.0 which supported Windows XP/Vista/Windows 7. TFC has become outdated to some extent as the Windows operating system has continued to be updated with critical security patches. As time has passed, there have been more reports of various issues with running TFC to include unexpected freezing, hanging, unresponsiveness, etc.

After using TFC, you should reboot the computer anywat to ensure a complete clean of any in-use temp files. If you continue to have issues with it, then consider an alternative like CCleaner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 acerts04

acerts04
  • Topic Starter

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 01 March 2014 - 05:28 PM

Thanks quietman. Info is appreciated. Reason i ask is because other than nationzoom this pc was HEAVILY infected. Over 560 infections in malwarebytes. Hitman pro came up with quite a lot also. Along with 8 other infections running malwarbytes from hirens, adwcleaner, junkware removal and finally eset came up with issues as you see in the logs. I am running bitdefender rescue cd right now, but so far no infections besides some i/o errors. So i am feeling confident ive cleaned this computer well. Just dont want some hidden infections popping up down the line again

"In real life, the hardest aspect of the battle between good and evil is determining which is which."


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:42 PM

Posted 01 March 2014 - 05:46 PM

Without seeing all the logs, its difficult to say exactly what was initially on the computer. If you look closely at your ESET log you will note almost all the detections were PUPs. I suspect Malwarebytes found hundreds of PUPs as well. Anything found by AdwCleaner and JRT would also have been PUP related...that's essentially why those tools were created. Some of this junkware can install itself throughout the registry and your system. I have seen hundreds of such detections using the combo of MBAM, JRT & AdwCleaner. That amount of garbage can cause symptoms that appear viral when that is not always the case...so what you have been dealing with is not as uncommon as you think.

However, HitmanPro may have found and removed something more serious (unrelated to PUPs) when you initially ran it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 acerts04

acerts04
  • Topic Starter

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:42 PM

Posted 01 March 2014 - 06:23 PM

Thats my fault on not getting you guys the logs. Majority of everything were PUP's as you said. Hitman did find a couple trojans and some malware, but yes. Majority pup. Symptoms were definitely problematic. Pc would barely boot to desktop, but now everything is running much better. The owner of this pc had a lot of different gambling programs installed and i am guessing thats where the majority of this crap came from. As for next steps, is there anything you recommend i do? Or should we wait for boopme to respond?

"In real life, the hardest aspect of the battle between good and evil is determining which is which."


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:42 PM

Posted 01 March 2014 - 09:16 PM

boopme and I team up every now and then in this forum to work together. I'm sure he has been monitoring the topic but busy assisting other members since I jumped in to help too.

If everything is running ok, I'd say you're good to go.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:42 PM

Posted 01 March 2014 - 09:28 PM

Yes ,Thanks quietman. I was not able to get back here sooner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users