Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have some malware called SW-Sustainer 1.80 that I can not uninstall.


  • Please log in to reply
11 replies to this topic

#1 JudeOliver

JudeOliver

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 28 May 2014 - 05:10 PM

The error message when I try: 

RunDLL

There was a problem starting C:\PROGRA~2\SW-BOO~1\ASSIST~1.DLL

The specified module could not be found.

 

I've tried both Roguekiller and Malwarebytes anti-rootkit (MBAR).

I have a Windows 8.1 system.


Whats next?



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:23 PM

Posted 28 May 2014 - 06:16 PM

Hello JudeOliver -

 

Quoted from several sites = SW.Sustainer 1.80 is a software program developed by Certified Toolbar.

A majority of users end up uninstalling this less than a week of it being installed.

Please download avast! Browser Cleanup
This tool serves to delete pesky and unwanted toolbars and plug-ins from your browser(s). Simply download and run the Browser Cleanup utility. Once you run the utility, you will see a list of bad and good toolbars and plug-ins and be able to disable or to remove them.
More info here: http://www.avast.com/faq.php?article=AVKB115

 

Next -

Just to be sure - Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

Please copy / paste the small log produced back here.

 

Important: Do not reboot your computer until you complete the next step.

 

 

Please download AdwCleaner by Xplode and save to your Desktop.
NOTE : Please close or save all work, as the computer will be Rebooted
Double-click on AdwCleaner.exe to run the tool.
Vista / Windows 7 / 8 users right-click and select Run As Administrator.
Click on the Scan button. (only once)
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 
If you see any which you do not want removed, remove the check mark next to it. 
Next: Click on the Clean button (only once) to remove the selected items. 
You will receive a message telling you that all programs will be close so that the infections can be removed. 
Click on OK, and then OK again to confirm the reboot.
When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 
Please copy and the paste this log in your next post.

 

A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool



#3 JudeOliver

JudeOliver
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 29 May 2014 - 01:58 AM

Okay, give me some time I am falling asleep right now.



#4 JudeOliver

JudeOliver
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 29 May 2014 - 02:02 AM

Rkill info
 

Rkill 2.6.6 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/28/2014 09:00:37 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * MsKeyboardFilter [Missing Service]
 * CSC [Missing Service]
 * E1G60 [Missing Service]
 * kbldfltr [Missing Service]
 * storvsp [Missing Service]
 * Vid [Missing Service]
 * vmbusr [Missing Service]
 * vpcivsp [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/28/2014 09:02:12 PM
Execution time: 0 hours(s), 1 minute(s), and 35 seconds(s)


#5 JudeOliver

JudeOliver
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 29 May 2014 - 02:14 AM

Looks like we got it. What cha think?

# AdwCleaner v3.211 - Report created 28/05/2014 at 21:07:50
# Updated 26/05/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : julia - INTOTHEOCEAN
# Running from : C:\Users\julia\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : d0e87c27
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\saFewoeb
Folder Deleted : C:\ProgramData\Siearcih-NewTabe
Folder Deleted : C:\Program Files (x86)\SW-Booster
Folder Deleted : C:\Program Files (x86)\saFewoeb
Folder Deleted : C:\Program Files (x86)\Siearcih-NewTabe
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\julia\AppData\Local\SearchProtect
Folder Deleted : C:\Users\julia\AppData\Local\torch
Folder Deleted : C:\Users\julia\Documents\Optimizer Pro
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbfbpgljjdnbaddhbnhapggaamejjngn
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbfbpgljjdnbaddhbnhapggaamejjngn
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbfbpgljjdnbaddhbnhapggaamejjngn
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\emefmoplbijenoeldljncdfllgnldldo
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\emefmoplbijenoeldljncdfllgnldldo
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\emefmoplbijenoeldljncdfllgnldldo
Folder Deleted : C:\Users\julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\emefmoplbijenoeldljncdfllgnldldo
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\leonmlibmmmghgeeboeocdecebmgefgc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\leonmlibmmmghgeeboeocdecebmgefgc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\leonmlibmmmghgeeboeocdecebmgefgc
File Deleted : C:\END
File Deleted : C:\Users\julia\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\julia\AppData\Roaming\regsvr32.exe_log.txt
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\safeweab.safeweab
Key Deleted : HKLM\SOFTWARE\Classes\safeweab.safeweab.1.1
Key Deleted : HKLM\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker
Key Deleted : HKLM\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Seearch-NeewTabb.Seearch-NeewTabb
Key Deleted : HKLM\SOFTWARE\Classes\Seearch-NeewTabb.Seearch-NeewTabb.2.1
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4F50B424-C1EB-4324-B046-BB951DC96653}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{988B85F9-23A9-0A7B-C654-5B87BD3B3ECF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F2B972-0DB1-68ED-5277-E7D0B91DDDC7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4F50B424-C1EB-4324-B046-BB951DC96653}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{988B85F9-23A9-0A7B-C654-5B87BD3B3ECF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D0F2B972-0DB1-68ED-5277-E7D0B91DDDC7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SW-Booster
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\julia\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [6577 octets] - [28/05/2014 21:05:06]
AdwCleaner[S0].txt - [6167 octets] - [28/05/2014 21:07:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6227 octets] ##########


#6 JudeOliver

JudeOliver
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 29 May 2014 - 02:16 AM

Gone from the uninstall list in the control panel! Looks like victory.



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:23 PM

Posted 29 May 2014 - 03:54 AM

Yeah -

 

It looks like you pulled a lot of garbage out, but post back tomorrow if it comes back .......



#8 Annie~

Annie~

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 13 June 2014 - 07:45 PM

Hello, I only just signed up here to say Thank You!  I had the same program on my computer, and was unable to uninstall it as well. I only found out I had it after getting a pop-up in the bottom right hand corner of my screen, asking me to update my chrome. I clicked on it (it looked like a windows pop-up) and it took me to a website called "file.org". Instead of updating, I googled the site, and discovered file.org is some kind of malware. (no surprise there). 

 

So I did some searching about the file.org, checked my program files and discovered the SW-sustainer-180, and did a google search of that file name once I discovered I couldn't remove it for the same reason as the OP. 

 

I followed the instructions given by noknojon, and found I had a WHOLE pile of garbage in my computer that my malwarebytes nor anti-virus (avast) was not detecting, and I was amazed how fast my computer actually booted up...lol

 

So, thank you again. Now I know where to look when I run in to trouble. :) 

 

(I did save the log file from AdWcleaner  on the off-chance someone would like to review it)



#9 VidaStarr

VidaStarr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:23 PM

Posted 21 September 2014 - 11:35 AM

Just signed up so I can tell you thanks for this post and thanks to noknojon for the great answer. I too have been struggling with removing this program and constantly found myself removing malware from my browsers even though I had just removed them. Turns out this program was the source. So again thanks and I recommend anyone who googled and found this page like I did, follow the steps that were laid out here. 

Thanks again!



#10 vdciii

vdciii

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 25 January 2015 - 01:53 AM

hi just also signed up for the same thing. thank you for this post to noknojon especially for giving us the helpful answer. for anyone who googled. follow the simple steps above and it surely is worth the effort.



#11 eddythorpe7

eddythorpe7

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 04 February 2015 - 08:53 PM

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/04/2015 08:42:23 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Owner\AppData\Local\Temp\7zS7E84.tmp\BrowserCleanup.exe (PID: 6256) [T-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 02/04/2015 08:42:39 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)



#12 Kristof

Kristof

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 22 April 2015 - 11:15 AM

I have the same problem.

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/21/2015 08:28:03 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Active Proxy Server Detected

 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Backup Registry file created at:
 C:\Users\Sybren\Desktop\rkill\rkill-04-21-2015-08-28-08.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 04/21/2015 08:36:05 PM
Execution time: 0 hours(s), 8 minute(s), and 2 seconds(s)
 






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users