Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lpcloudbox412.com infection, need help


  • Please log in to reply
5 replies to this topic

#1 MLLOWE

MLLOWE

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 30 April 2014 - 01:05 AM

I have a popup that keeps jumping up when I open any browser window at all. Even the ARC browser is not immune to the program. I have uninstalled and reinstalled most of my programs and no go. I have followed another program and run several adware removal tools and it still remains. So far, it has survived Malwarbytes, Avast, Junkware Removal Tool, HitmanPro and adwcleaner. I am avoiding anything that will compromise my banking, etc. But this is too much for my limited skill set. The popups demand fixing my graphics drivers, get a media player, etc. Any help will be appreciated. M

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:50 PM

Posted 30 April 2014 - 01:34 AM

Hello -

I hope we can shed some light on this troublesome pest

 

The Lpcloudbox412.com link may install on your computer potentially unwanted programs like: toolbars (Sweet-Page Toolbar, Delta Toolbar), adware (WebCake, EnhanceTronic, CouponBuddy).

These are included with other programs you have downloaded
First check Programs and Features for any of these listed programs, and Uninstall them from there, if you can.

 

Next -

Please download RKill by Grinler to desktop to run it.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

Please Copy and Paste the small log back here

 

Important: Do not reboot your computer until you complete the next step.

 

Now: Please download AdwCleaner by Xplode and save to your Desktop.
NOTE : Please close or save all work, as the computer will be Rebooted
Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button. (only once)
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 
If you see any which you do not want removed, remove the check mark next to it. 
Next: Click on the Clean button (only once) to remove the selected items. 
You will receive a message telling you that all programs will be close so that the infections can be removed. 
Click on OK, and then OK again to confirm the reboot.
When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 
Please copy and paste this log in your next post.

A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next -

Shut down your protection software now to avoid potential conflicts.
* How To Temporarily Disable Your Anti-virus
* Please download Junkware Removal Tool by thisisu to your desktop.
* Run the tool by double-clicking it.
* If you are using Windows Vista, 7, or 8, right click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

 

Include the 3 logs when you post your reply.

Please tell us if this has helped, and other current problems -



#3 MLLOWE

MLLOWE
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 30 April 2014 - 07:05 AM

Okay, here it goes. Followed instructions to the letter. Posts as follows: Rkill.txt Rkill 2.6.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 04/30/2014 07:18:02 AM in x64 mode. Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * Cannot edit the HOSTS file. * Permissions Fixed. Administrators can now edit the HOSTS file. * HOSTS file entries found: 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 20 out of 15492 HOSTS entries shown. Please review HOSTS file for further entries. Program finished at: 04/30/2014 07:18:53 AM Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s) AdwCleaner[s3].txt # AdwCleaner v3.205 - Report created 30/04/2014 at 07:24:14 # Updated 28/04/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Gorehound - HELLKENNEL # Running from : C:\Users\Gorehound\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Gorehound\AppData\Roaming\Mozilla\Firefox\Profiles\lfmwndnw.default\prefs.js ] [ File : C:\Users\Gorehound\AppData\Roaming\Mozilla\Firefox\Profiles\zu27fu0d.default-1398832138977\prefs.js ] -\\ Google Chrome v34.0.1847.131 [ File : C:\Users\Gorehound\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [2913 octets] - [29/04/2014 07:03:04] AdwCleaner[R1].txt - [1151 octets] - [29/04/2014 08:11:50] AdwCleaner[R2].txt - [1272 octets] - [29/04/2014 23:18:50] AdwCleaner[R3].txt - [1449 octets] - [30/04/2014 07:20:26] AdwCleaner[S0].txt - [2285 octets] - [29/04/2014 07:06:29] AdwCleaner[S1].txt - [1213 octets] - [29/04/2014 08:12:55] AdwCleaner[S2].txt - [1333 octets] - [29/04/2014 23:19:44] AdwCleaner[S3].txt - [1522 octets] - [30/04/2014 07:24:14] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1582 octets] ########## JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Professional x64 Ran by Gorehound on Wed 04/30/2014 at 7:31:31.33 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 04/30/2014 at 7:54:26.04 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ No joy. I just activated my ARC browser for a game I play and the popup appears. >.< "Error. A Media Player 12.3 update is Required to view this content."

#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:50 PM

Posted 03 May 2014 - 12:13 AM

Hi -

I am not able to find updates that relate to ARC browser, so what other browser do you use ??

 

There is a chance that I may find updates for Internet Explorer or other browsers -



#5 MLLOWE

MLLOWE
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 03 May 2014 - 05:38 AM

Firefox, Chrome, IE (rarely).

#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:50 PM

Posted 03 May 2014 - 05:52 PM

See below for accessing Extensions etc. ...............

I am not aware of the good or bad points of ARC browser as I use I.E. 99% of the time (without any problem)

 

F/fox -
1.At the top of the Firefox window, click the Firefox button, go over to the “Help” sub-menu, then select “Troubleshooting Information"
2.Click the “Reset Firefox” button in the upper-right corner of the “Troubleshooting
3.To continue, click on the “Reset Firefox” button in the new confirmation window that opens
4.Firefox will close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. Click on the “Finish“.

 

Chrome -
1.Click on the “Chrome menu button”  on the browser toolbar, select “Tools“, and then click on “Extensions“
2.In the “Extensions” tab, remove the HD-Total-Plus, SafeSaver, DP1815, Video Player, Convert Files for Free, Plus-HD 1.3, BetterSurf, Media Player 1.1, PassShow, LyricsBuddy-1, YLpcloudbox412.com 1.2, Media Player 1.1, Savings Bull, Feven Pro 1.1, Websteroids, Savings Bull, HD-Plus 3.5 any other unknown extensions by clicking the trash can  icon.

 

If the program is not listed in Add/Remove or Programs and Features, and there is no uninstaller in the program's folder, the next place to check is your browser extensions and add-ons/plug-ins.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users