Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issue with Junkware Removal Tool


  • Please log in to reply
76 replies to this topic

#1 Grinch23

Grinch23

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:10:02 PM

Posted 24 March 2014 - 01:41 PM

Hello everyone

 

I'm stuck right now at removing some spyware/hijackware stuff and I want to ask you if you could help me :S 

 

Here some details:

 

I just have downloaded a Mod for Minecraft from Minecraftdl . com.

In this package were some other things in it, too. For example a software called Uniblue, or Removal and Optimizing software (Haven't made use of them). Then I just noticed, that my Computer was starting to be slower and slower. The Internet connection was really bad, while playing a minigame on a server, I lagged so hard that people thought I was hacking... 

Now, after a little research I found out that uniblue stuff is hijackware/spyware. 

I was looking for a Tutorial, how to remove it and found one, so I just followed them steps. 

At first, I uninstalled all these software. Then I was running Adwcleaner and removed everything it found. 

 

After that, it means I should use Junkware Removal Tool, and here is the issue.

 

I was able to download it, but then, while I was trying to run it, a window opened and closed instantly. I tried different Versions of this JRT, I turned off avast! and Firewall and I tried to run it in safe mode al with administrative rights, but still, JRT doesn't let me open it, I'm afraid that something could be broken in my system. I tried to google for this issue but have found nothing. 

 

So I just skipped this step and then I used Malwarebytes and removed the rest it found. 

It still feels like, I'm having some issues on my system. Of course it is old and slow, but it feels slower than usually or maybe I'm just imagining that. I'm not really sure if I'm safe from this hijackware stuff. 

 

Is it still recommended to use JRT or similiar software? Do you know what could cause this open and closing window of JRT? I don't really know what to do now :(

 

PS: I was experiencing Screen freezing for no reason, I was able to move the mouse but everything else freezed. Then sometimes, it was like the explorer.exe has been turned off, so the symbols and taskbar disappered for some seconds. Now, after running Adwcleaner and Malwarebytes it's gone. But I'm still afraid of being infected.

 

I'm using Windows Vista 32bit

 

I'm really, really sorry for my bad english, but I hope you understand, what I want to focus on.

 

If you have questions or need more information, please just ask. I would be glad for every help I can get.

 

Best regards,

 

Grinch23


Edited by Grinch23, 24 March 2014 - 02:39 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:02 PM

Posted 24 March 2014 - 04:34 PM

Yes JRT is still a good tool to use along with AdwCleaner. I have advised the developer in regards to your issue with it opening and closing.

In the meantime, if you need individual assistance with this malware infection, you can start a new topic in the Am I infected? What do I do? forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:02 PM

Posted 24 March 2014 - 07:27 PM

thisisu asked if you could download and try running this debug version of JRT (JRT_Debug.exe) which will allow him to get a better idea of when the tool is quitting.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Grinch23

Grinch23
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:10:02 PM

Posted 25 March 2014 - 11:17 AM

Hello quietman7

 

Thank you very much!

 

I will prepare and start a new topic at the Am I infected? What do I do?  Forum

 

I tried the debug version you have posted, but no window is opening if I try to open, is that normal in the debug version?

 

Edit: I can see a process in the Task-Manager: JRT_Debug.exe / 7z Setup SFX

I can see the process of normal JRT, too and there are also cmd processes


Edited by Grinch23, 25 March 2014 - 11:23 AM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:02 PM

Posted 25 March 2014 - 11:35 AM

You're welcome.

I tried the debug version you have posted, but no window is opening if I try to open, is that normal in the debug version?
 
Edit: I can see a process in the Task-Manager: JRT_Debug.exe / 7z Setup SFX
I can see the process of normal JRT, too and there are also cmd processes

Again I will advise the developer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:02 PM

Posted 25 March 2014 - 02:08 PM

Hello Grinch23,

 

Can you tell me if the following exists on your computer after attempting to run JRT_Debug.exe : C:\Users\<YourUsername>\AppData\Local\Temp\jrt

 

You will have to have View hidden files and folders ON in order to navigate through the AppData folder. Read here if you need assistance with turning that option on. 


Edited by thisisu, 25 March 2014 - 02:11 PM.


#7 Grinch23

Grinch23
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:10:02 PM

Posted 25 March 2014 - 03:07 PM

Hello thisisu

 

I have found the JRT.exe file in the Temp folder, next to it a .jpg of JRT. ~1 Minute after opening the Temp folder, a jrt folder appeared in it.



#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:02 PM

Posted 25 March 2014 - 03:40 PM

 ~1 Minute after opening the Temp folder, a jrt folder appeared in it.

 

Hrm, 1 minute after? That's odd. Is the jrt folder empty? If not, try to run the "get.bat" file inside of it. Let me know what happens.



#9 Grinch23

Grinch23
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:10:02 PM

Posted 25 March 2014 - 04:10 PM

Hehe I don't know if it was there before, I just focused on the jrt.exe, then I have noticed that more folders appeared in the temp folder a little time after (using two monitors). But the jrt folder wasn't there before so far I have seen.

 

I tried now to run the get.bat, nothing happened for some seconds, then I was only able to move the mouse, the taskbar and some windows were freezed, when I moved the mouse over it, there only was the "loading" cursor. After some minutes, I did shutdown the computer manually and then I tried it again.

I did run the get.bat file and a window opened and closed, just like the normal JRT did. Then I started the JRT Debugger and it created a text document on the desktop (JRT_Debug.txt)

 

It contains (german):

 

Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 8A99-E2A2
 
 Verzeichnis von C:\Windows\system32
 
11.10.2013  01:35           135.168 cscript.exe
               1 Datei(en),        135.168 Bytes
               0 Verzeichnis(se), 77.913.694.208 Bytes frei
 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 8A99-E2A2
 
 Verzeichnis von C:\Windows\system32
 
19.01.2008  08:33            55.296 fsutil.exe
               1 Datei(en),         55.296 Bytes
               0 Verzeichnis(se), 77.913.763.840 Bytes frei
 
 
Now I tried to run get.bat again with active JRT_Debug (In Taskmanager) again, and it happens again that a window is opening and closing.
 
 
Edit: Could it be that my cmd is broken? Sometimes I tried to run some commands and sometimes it said that these commands are unknown.
 
Edit2: Sorry I forgot to mention: The jrt folder is full of stuff, has a lot of DAT;CFG;Registry;Textdocument files and folders in it, also VBScript and Windows Batch files

Edited by Grinch23, 25 March 2014 - 04:38 PM.


#10 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:02 PM

Posted 25 March 2014 - 04:45 PM

 

Edit: Could it be that my cmd is broken? Sometimes I tried to run some commands and sometimes it said that these commands are unknown.

 

 

Looks fine to me, it worked properly for some of the commands. Delete the "jrt" folder and then download and run this updated copy of JRT_Debug.exe

Let me know what issues you come across (if any different than before)


Edited by thisisu, 25 March 2014 - 04:46 PM.


#11 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:02 PM

Posted 25 March 2014 - 04:47 PM

 

Edit2: Sorry I forgot to mention: The jrt folder is full of stuff, has a lot of DAT;CFG;Registry;Textdocument files and folders in it, also VBScript and Windows Batch files

 

 

No worries. Yes these are all parts of the tool.



#12 Grinch23

Grinch23
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:10:02 PM

Posted 25 March 2014 - 05:00 PM

Okay now something else happened :) 

 

I deleted the jrt folder, downloaded the updated JRT Debug.exe and ran it.

 

Then the Junkware removal Tool window opened (saving Registry backup) and then I had to agree Ernet.exe or something like that, I just agreed it, then something loaded with two bars in a new window and then both windows have been closed. 



#13 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:02 PM

Posted 25 March 2014 - 05:21 PM

Ok, and did anything else happen after the ERUNT window closed?



#14 Grinch23

Grinch23
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Switzerland
  • Local time:10:02 PM

Posted 25 March 2014 - 05:29 PM

(Ah sorry have misread the Erunt.exe)

 

Nope, the Erunt window just has saved with two bars, until in total from 9 of 9 files have been saved from the registry backup saving. After this, the ERUNT window and JRT window just both have  been closed automatically.

 

There is now a JRT folder again in the Temp folder. Also no JRT entry in the Task Manager.


Edited by Grinch23, 25 March 2014 - 05:32 PM.


#15 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:02 PM

Posted 25 March 2014 - 06:09 PM

Ok, I updated JRT_Debug.exe again. :) Please download and run. Post contents of JRT_Debug.txt when finished.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users