Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i had to install java to run a program, now i have popus all over


  • Please log in to reply
23 replies to this topic

#1 epa100

epa100

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 24 April 2014 - 06:51 PM

i had to install java to run a program, now i have popus all over.

i already unistall java but did not solve.

i alredy runned

housecall launcher

tdsskiller

malwarebytes

 

and still have the problems.

appreciate all the help



BC AdBot (Login to Remove)

 


#2 OldPhil

OldPhil

    Doppleganger


  • Members
  • 4,130 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Long Island New York
  • Local time:03:17 PM

Posted 24 April 2014 - 08:27 PM

Not sure where you down loaded from, but even from the official site you have to be very careful not to the load the extra junk ware.  I know Ask and some other stuff was there.  Do you have Revo uninstaller?  Dumping Ask and anything else you recognize a newly added would be a good start, see what that does.


Honesty & Integrity Above All!


#3 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 24 April 2014 - 08:33 PM

i did that already.

i downloaded from the official site and without the extras.



#4 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:17 PM

Posted 24 April 2014 - 11:52 PM

Have you ran SuperAntiSpyware? This is a neat free app that hunts down all kinds of spyware, I have the Pro version of it & it runs every 2 hours. On my other computers, I update & run it before shutdown. Be sure to go slow & pay attention, as it may offer to install the Google Toolbar for IE & Google Chrome if you don't already have them.

 

http://www.filehippo.com/download_superantispyware

 

If you continue to have this issue, you may want to create a thread in the "Am I Infected" section of the Security forums.

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#5 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 25 April 2014 - 12:17 AM

thanks

i tried and still the same...

will open a new post

thanks



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:17 PM

Posted 25 April 2014 - 12:22 PM

 
Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 25 April 2014 - 06:27 PM

thank you for taking the time to help.

 

here is the report

 

AdwCleaner v3.202 - Report created 25/04/2014 at 16:24:16
# Updated 23/04/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Owner - OWNER-LAP
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files\myfree codec
Folder Deleted : C:\Users\Owner\.android

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v28.0 (pt-BR)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mniipqyz.default-1398055838477\prefs.js ]

Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylig[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app49074%22%3A%22app49[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.expiration", "Tue Apr 29 2014 17:05:06 GMT-0700 (Pacific Sta[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.expiration", "Fri Apr 25 2014 17:05:14 GMT-0700 (Pacific Standa[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A49074%2C%22appName%22%3A%22The%20weDo[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A479259%2C%22ver%22%3A1%2[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_resource_479259.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Deleted : user_pref("extensions.crossrider.bic", "1458be6599ce801e09c89c50930ef924");

*************************

AdwCleaner[R0].txt - [4432 octets] - [25/04/2014 16:18:27]
AdwCleaner[S0].txt - [4425 octets] - [25/04/2014 16:24:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4485 octets] ##########
 



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:17 PM

Posted 26 April 2014 - 08:26 AM

Are you still getting popups?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 26 April 2014 - 10:26 AM

yes

everytime i click on something 3/4 windows open, also lots of ads on any page and ads popups



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:12:17 PM

Posted 26 April 2014 - 12:06 PM

I'd like you to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.

  • Click the esetonlinebtn.png button.

  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.

    • Double click on the esetsmartinstaller_enu.png icon on your desktop.


  • Check "YES, I accept the Terms of Use."

  • Click the Start button.

  • Accept any security warnings from your browser.

  • Under scan settings, check "Scan Archives" and "Remove found threats"

  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications

    • Scan for potentially unsafe applications

    • Enable Anti-Stealth technology


  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  • When the scan completes, click List Threats

  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  • Click the Back button.

  • Click the Finish button.

 

Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 26 April 2014 - 07:01 PM

wow took some time indeed...

 

 

 

here are the logs

 

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\mniipqyz.default-1398055838477\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins\91.js    JS/Toolbar.Crossrider.B potentially unwanted application    deleted - quarantined
C:\Users\Owner\Desktop\Programas\Dados anteriores do Firefox\extensions\zyqohqtmml@zyqohqtmml.org.xpi    JS/Redirector.NBX trojan    deleted - quarantined
C:\Users\Owner\Documents\APNSetup.exe    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application    deleted - quarantined
C:\Users\Owner\Downloads\ccsetup328.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Owner\Downloads\ccsetup404.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Windows\Installer\MSI45C9.tmp    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application    deleted - quarantined
 

the malware did not found anything because i runed it before i started this post, so here is the log from that scan

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.23.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-LAP [administrator]

4/23/2014 5:07:34 PM
mbam-log-2014-04-23 (17-07-34).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 430338
Time elapsed: 1 hour(s), 53 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKCR\CLSID\{11111111-1111-1111-1111-110411901174} (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440444904474} (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550455905574} (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0049074.BHO.1 (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0049074.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0049074.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0049074.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\InstalledBrowserExtensions\21501 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\The weDownload Manager (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\weDownload (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\InstalledBrowserExtensions\21501 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKLM\Software\The weDownload Manager (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\The weDownload Manager (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.

Files Detected: 18
C:\Program Files\The weDownload Manager\ea727281-8281-467f-bafd-cf5fb6f1777a-2.exe (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\Program Files\The weDownload Manager\ea727281-8281-467f-bafd-cf5fb6f1777a-3.exe (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\Program Files\The weDownload Manager\ea727281-8281-467f-bafd-cf5fb6f1777a-4.exe (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\Program Files\The weDownload Manager\ea727281-8281-467f-bafd-cf5fb6f1777a-5.exe (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\Program Files\The weDownload Manager\The weDownload Manager-bg.exe (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\Program Files\The weDownload Manager\The weDownload Manager-bho.dll (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\Program Files\The weDownload Manager\The weDownload Manager-codedownloader.exe (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-1.job (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-2.job (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-3.job (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-4.job (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-5.job (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\Program Files\The weDownload Manager\49074.crx (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\Program Files\The weDownload Manager\49074.xpi (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\Program Files\The weDownload Manager\background.html (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\Program Files\The weDownload Manager\The weDownload Manager.ico (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\Program Files\The weDownload Manager\Uninstall.exe (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.
C:\Program Files\The weDownload Manager\utils.exe (PUP.Optional.weDownload.A) -> Quarantined and deleted successfully.

(end)
 



#12 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 26 April 2014 - 07:04 PM

it still the same thing after the scans...



#13 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:17 PM

Posted 26 April 2014 - 10:28 PM

I see that you have removed some infections so far. You're making progress.

 

Here's a tool that I've ran with success on several computers & run on my own monthly. Emsisoft Emergency Kit. This is a portable scanner, no installation required, it all opens & runs from a folder (or Flash drive to use on more than one). This will scan every file & registry key on your drive.

 

I was going to direct link the site, but see it's offered here at BC.

 

http://www.bleepingcomputer.com/download/emsisoft-emergency-kit/

 

Download it to the folder of your choice, you may need to extract it, create a subfolder. Open it & choose Emergency Kit Scanner (there will be a USB Start emblem). It'll take a few minutes to update & will prompt to reload afterwards. Choose "Deep Scan" (it's mormally default) & run it. This, like the ESET Online Scanner, will take some time, so if you have things to do, go ahead. Once it's up & scanning, you'll see a box "On scan's end". Click that, there's the option to quarantine all threats.

 

Cat


Edited by cat1092, 26 April 2014 - 10:31 PM.

Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#14 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 27 April 2014 - 01:08 AM

did that

here is the report

 

 

Emsisoft Emergency Kit - Version 4.0
Last update: 4/26/2014 8:49:44 PM
User account: Owner-Lap\Owner

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, D:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    4/26/2014 8:51:12 PM
C:\Users\Owner\AppData\Roaming\thinstall     detected: Application.AppInstall (A)
C:\Users\Owner\AppData\Local\thinstall     detected: Application.AppInstall (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    247747
Found    3

Scan end:    4/26/2014 11:05:41 PM
Scan time:    2:14:29

 

 

 

the following objects could not be removed:

C:\Users\Owner\AppData\Roaming\thinstall



#15 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:03:17 PM

Posted 27 April 2014 - 01:26 AM

Are your browsers still acting up? I'm running out of options on scanners.

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users