Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome and IE hijacked


  • Please log in to reply
3 replies to this topic

#1 davidolson255

davidolson255

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:07 AM

Posted 17 May 2014 - 04:17 PM

After installing Adobe Reader last night, I'm finding issues with Chrome.

 

First noticed that my home page was changed, then found that there were proxy settings added (I don't use a proxy).  I took a look in Windows Explorer and found that I have a new directory called 002 under program files that contains one file called:  yewimmxqbs32.exe.

 

I'm getting popups in both Internet Explorer and Chrome and can't access any websites that I want to access.  I'm typing this forum post on my wifes laptop.

 

My computer:

- Dell Desktop PC

- Windows 7 Pro 32 bit

- Avast Pro Antivirus software

 

Any help will be most appreciated.

 

Thanks!



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:07 PM

Posted 17 May 2014 - 10:46 PM

Hello davidolson
Quite often this (yewimmxqbs32.exe) is related to a "Wrapper" from a download from Cnet. Read their conditions with downloads.

The site will make you agree to download a small "tracking program", but that is not how they describe it.

 

First -

Download Security Check from HERE or HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully. At most the tool will run for about 2 minutes

Please Copy / Paste the small log produced

 

Important: Do not reboot your computer until you complete the next step.

 

Now -

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

* Check mainly if there are any files you do not wish to delete.

NOW :
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.

* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
NOTE : Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

 

Next -

Please download Junkware Removal Tool by thisisu and save it to your Desktop.
* Close all open programs and  Temporarily Disable Your Anti-virus now to avoid potential conflicts.
* Double-click on JRT.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
* Copy and paste the contents of JRT.txt in your next reply.
These tools will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entires (values, keys)

 

 

Finally -

* Download Malwarebytes Anti-Malware Free and save it to your desktop

 

* (NOTE : If already installed, just click Update then Scan your computer )

* Double click the desktop icon, click Run, then OK
* Click Next
* Select I accept the agreement then continue to click Next then finally click Install
** Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
* If you are notified the Database is out of date click Update Now
* Click Scan Now >>

----------

** Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
* Click Start (Start, Search, All files and folders for Windows XP) then type mbam
* Double click one of the four following files (if one does not work try the next one, and so on) -

A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com
----------

** When completed click the down arrow on Export Log and select Text file (*.txt)
* Save the file to your desktop as MBAM
* Click Apply Actions then restart your computer if requested
* Copy and past the contents of MBAM.txt in your reply



#3 davidolson255

davidolson255
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:07 AM

Posted 18 May 2014 - 12:56 PM

 Results of screen317's Security Check version 0.99.83  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 SUPERAntiSpyware     

 VirusTotal Uploader 2.2   

 CCleaner     

 Adobe Reader XI  

 Google Chrome 34.0.1847.131  

 Google Chrome 34.0.1847.137  

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

 

 

 

 

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 05/18/2014 12:07:05 PM in x86 mode.

Windows Version: Windows 7 Professional Service Pack 1

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * No malware processes found to kill.

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * No issues found.

 

Checking Windows Service Integrity: 

 

 * No issues found.

 

Searching for Missing Digital Signatures: 

 

 * No issues found.

 

Checking HOSTS File: 

 

 * HOSTS file entries found: 

 

  127.0.0.1       localhost

 

Program finished at: 05/18/2014 12:07:17 PM

Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

 

 

 

 

 

 

 

 

# AdwCleaner v3.208 - Report created 18/05/2014 at 12:10:35

# Updated 11/05/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

# Username : Dave - DAVE-PC

# Running from : C:\Users\Dave\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

 

-\\ Google Chrome v34.0.1847.137

 

[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\merysta\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1453 octets] - [17/05/2014 20:44:56]

AdwCleaner[R1].txt - [770 octets] - [18/05/2014 12:10:35]

AdwCleaner[S0].txt - [1532 octets] - [17/05/2014 20:46:51]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [889 octets] ##########

 

 

 

 

 

# AdwCleaner v3.208 - Report created 18/05/2014 at 12:13:23

# Updated 11/05/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

# Username : Dave - DAVE-PC

# Running from : C:\Users\Dave\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

 

-\\ Google Chrome v34.0.1847.137

 

[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\merysta\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1453 octets] - [17/05/2014 20:44:56]

AdwCleaner[R1].txt - [968 octets] - [18/05/2014 12:10:35]

AdwCleaner[S0].txt - [1532 octets] - [17/05/2014 20:46:51]

AdwCleaner[S1].txt - [890 octets] - [18/05/2014 12:13:23]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [949 octets] ##########

 

 

 

 

 

 

 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Professional x86

Ran by Dave on Sun 05/18/2014 at 12:19:10.06

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 05/18/2014 at 12:21:22.77

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

 

 

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 5/18/2014

Scan Time: 1:51:23 PM

Logfile: mbam.txt

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.05.18.06

Rootkit Database: v2014.03.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x86

File System: NTFS

User: Dave

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 293777

Time Elapsed: 1 hr, 23 min, 48 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

PUP.Optional.CouponDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, , [bf1fe86adaa176c0c60e49dd1ce68e72], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:07 PM

Posted 18 May 2014 - 06:15 PM

This item "CouponDownloader.A" could have been your problem. It is a small adware Add-on.

 

Often this is not a severe problem, just an inconvience for you, and can be removed with simple tools.

 

If you wish to be sure, please use the online scanner listed below. But note that it often runs over 2 hours ........

 

 

Please perform a scan with Eset Online Anti-virus Scanner. (It is preferred to use Internet Explorer)
If using Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.

Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
Next follow How To Temporarily Disable Your Anti-virus to avoid conflicts

  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box:
  • Check .Yes I accept the Terms of Use
  • Click the Start  button.
  • Accept any security warnings from your browser and allow the download / installation of any required files.
  • Under scan settings, check Scan Archives and check Remove found threats
  • Click Advanced Settings and select the following:
    Scan potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push List Threats
  • Push Export to Desktop, and save the file to your desktop as ESETScan.txt.
  • Push the Back button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. ESET's detection rate is high and has included legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.

 

 

I have only included this if the detection above was not what we are looking for, and this is optional.

 

Re-open AdwCleaner and hit Uninstall to fully remove the program and any quarantined items.

Download a fresh copy only when needed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users