Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A "Java" update, Search Conduit, adwcleaner.rar, Internet connectivity


  • Please log in to reply
8 replies to this topic

#1 xenokay

xenokay

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 28 February 2014 - 03:43 PM

On my desktop:
Windows 7 32bit (fully updated as of Feb.28 2014)
 
Thought I was downloading Java (updates) but it must have been something else. It also downloaded 3 or 4 programs like regcleanpro (which is legit) as well as a couple others that I immediately uninstalled via the control panel.
 
Began getting ads at the bottom of the Firefox window (on-top of the page) that remained when scrolling up and down a webpage.
 
Trying to remember what I did exactly... Looked at all my extensions in the Firefox settings and saw the Search Conduit as my default search I believe. It also was an Extension/Plugin/Add-on.
 
Deselected and removed them and did a Google search for 'Search Conduit Virus' using my laptop.
 
This problem (apparently) will infect Chrome, Firefox, and IE, all of which I have.
 
Deleted Chrome and Firefox entirely (left no bookmarks, extensions, etc)
 
Found this article using laptop: https://groups.google.com/forum/#!topic/chromebook-central/guGoXqgmhlQ
 
(Somewhat panicked now) I downloaded adwcleaner.rar as posted and mentioned in the thread. Users said it worked.
 
After moving it to my desktop, installing and running, adwcleaner "removed" Search Conduit but also downloaded BrowserSafeguard. I deleted the files/program manually (c, program files, selected folder, deleted as admin)
 
Installed Chrome and Firefox. Internet issues such as:
- SSL Connection Error in Chrome - so i made sure all proxy settings were Off
- Webpages loading extremely slow (images not loading)
 
Did research
 
Purchased StopZilla and ran a full system/deep scan which found a multitude of problems/infected files and I promptly purged/deleted them.
 
Rebooted. Ran StopZilla again. Found some cookies. Deleted them. Rebooted.
 
Installed Chrome and Firefox - slow internet/slow loading problem persisted
 
Removed Chrome and Firefox
 
Ran StopZilla. Found a multitude of inflected files all beginning with the words google then some weird extension* (eg: .me, .xx)
* these are not the actual extensions.
 
Purged all infected files. Rebooted.
 
Installed Chrome and Firefox
 
Downloaded and Ran TDSSKiller. Found nothing.
 
Firefox seems like it might be working (temporary?)
 
Downloaded OTL.exe (read a similar post from this site.)
 
Running StopZilla now...
 
Any further suggestions?

Thanks

Edit: Moved topic from Windows Vista to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 28 February 2014 - 10:14 PM

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and paste the result.

 

Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please paste  the JRT log.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please Download Emisoft Emergency Kit from here.
https://www.emsisoft.com/en/software/eek/
Save the file to your desktop.
Right click and run as administrator. (xp users double click)
Click Accept and Extract.
This file will appear on the desktop.

I7zpP8t.png
Right click it, select run as administrator. (xp users double click)
Select Emergency Kit Scanner.
rxYDlQ1.png
A pop up requesting an update will appear, select yes.
dQaKPnk.png
After the update select this option in the picture below.
ExN4ZjP.png
Now select Quarantine Detected Objects.
g5ojhHp.png
When the update has finshed, go to scan pc ,select deep scan.
5IOAvyw.png
This scan will take a long time this is normal, as it scans your entire hard drive.
Click on view report, save report to your desktop paste  here in your next reply.



#3 xenokay

xenokay
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 01 March 2014 - 12:13 AM

I see your reply and will go through it tomorrow. Jut got off work. Thanks for the reply. Looks very detailed. Good stuff.



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 01 March 2014 - 11:28 AM

No problem post when ready. :)



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:18 AM

Posted 01 March 2014 - 12:23 PM

 
Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.
 
 

Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  When the installation has finished, make sure you leave both of these checked:
 
    Update Malwarebytes' Anti-Malware
 
    Launch Malwarebytes' Anti-Malware
 
Then click on Finish.
 
3)  MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. 
 
4)  Click on perform Quick Scan, then click on the Scan button.
 
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
 
5)  The scan will now begin, this may take some time to complete so please be patient.
 
6)  When the scan is finished click on Show Results to display all objects found.
 
7)  Click OK to close the message box and continue with the removal process.
 
8)  Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
 
Make sure that every item shown in the results has a check mark in the box next to it, then click on Remove Selected.
 
9)  When removal is completed, a log will open in Notepad.
 
This log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of the log in your next post, then exit MBAM.
 
Important:  If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
 
Please copy the Malwarebytes log and paste it in your next post.
 
To locate this file right click on the Start orb and choose Open Windows Explorer, then click on C: drive.
 
When the C: drive opens click on the following:  ProgramData, Malwarebytes, Malwarebytes' Anti-Malware, Logs.  
 
If there is more than one log, choose the log with the date that you ran scan that I requested.
 
 
If there are a large number of items found you can go into Settings and click on Scanner Settings to change the setting in Action for potentially unwanted programs (PUP) to Show in results list and check for removal.
 
Malwarebytessettings_zpsb9b50638.png

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 xenokay

xenokay
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 04 March 2014 - 01:14 PM

adwcleaner that i had/used looked nothing like what is posted here, though it came from this website [suspicion]

 

The whole process of fixing this problem began from this url, found via a google search:
 
This was the first post I followed:
 
"No need to be going to regedit etc, and malware bytes wont remove it, I know from experience. Just download a free cleaner, run it and it will open a notepad file, then just hit delete and the conduit hijacker will be removed, the cleaner is called adwcleaner you can download it here.
Adwcleaner also removes the hijacker from hidden files.
I also attached adwcleaner to this reply, enjoy."
 
This thing only hurt my PC further, though it came from this website... [very suspicious]
 
I'm going to need some convincing before I do anything. Was the download I got a fake redirect? I mean, in my OP you can read that i downloaded and ran adwcleaner and wrote what became of doing that...

Edited by xenokay, 04 March 2014 - 01:20 PM.


#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:07:18 AM

Posted 04 March 2014 - 02:42 PM

Let's see if we can get back to the start of this.

 

Do a System Restore, choose a restore point prior to this.

 

Click on the Start orb.
 
In the Search programs and files box type System Restore.
 
Under Programs right click on System Restore, then click on Run as administrator
 
When System Restore opens click on Next
 
You should now see your restore points listed by time and date, click on a restore point prior to the time your problem started, then click on Next.
 
Click on Finish to initiate the restore.

Edited by dc3, 04 March 2014 - 02:44 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:18 PM

Posted 04 March 2014 - 03:09 PM

Hi,

 

You mention an "adwcleaner.rar", adwcleaner is normally in the form of an exe file so that is quite weird. Are you sure you didn't click on any ads? The real AdwCleaner cleans BrowserSafeguard, and it is used by many security forums and paid techs. It's perfectly safe, as are any of our tools we use here (otherwise they would not be allowed to be used in this forum).

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 xenokay

xenokay
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 04 March 2014 - 03:25 PM

Okay. Be back later.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users