Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing remnants of Zip Opener (Speedial)


  • Please log in to reply
13 replies to this topic

#1 fluffyfluff

fluffyfluff

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 05 June 2014 - 01:48 PM

Hi, I recently downloaded Zip Opener by accident (darn banner ads) and ran a number of problems to remove it (Junkware Remover, Malwarebytes, HitmanPro, AdwCleaner).  The program is no longer on my control panel list of programs, but every time I run a scan (Malwarebytes or AdwCleaner) - The Speedial remnants pop up!

 

PLEASE Help!! Thank you so much!

 

Some details below: 

 

Malwarebytes: needs to clean pup.optional.speeddial.a 

 

AdCleaner:
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bz87arq3.default\prefs.js ]
 
Line Found : user_pref("browser.search.selectedEngine", "Speedial");
 
[ File : C:\Users\cpan\AppData\Roaming\Mozilla\Firefox\Profiles\bz87arq3.default\prefs.js ]
 
Line Found : user_pref("browser.search.selectedEngine", "Speedial");
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites04_14_23_ch&cd=2XzuyEtN2Y1L1QzutDtDtByC0Bzy0BtAzy0AtAzyzy0C0CtDtN0D0Tzu0SzzzzyDtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyC0FtBtD0EtByEtGtD0EyDtBtG0AyEzzyBtG0D0EtB0DtGyDzyzzyE0D0ByCzy0EtDtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyByE0A0DtAyCzztG0CtCzzzztG0EtA0FyEtGyC0BtA0FtGtAtC0C0Bzzzz0D0FyD0DtCtC2Q&cr=1600644332&ir=
 
[ File : C:\Users\cpan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Startup_urls] : hxxp://speedial.com/?f=1&a=spd_dsites04_14_23_ch&cd=2XzuyEtN2Y1L1QzutDtDtByC0Bzy0BtAzy0AtAzyzy0C0CtDtN0D0Tzu0SzzzzyDtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyC0FtBtD0EtByEtGtD0EyDtBtG0AyEzzyBtG0D0EtB0DtGyDzyzzyE0D0ByCzy0EtDtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyByE0A0DtAyCzztG0CtCzzzztG0EtA0FyEtGyC0BtA0FtGtAtC0C0Bzzzz0D0FyD0DtCtC2Q&cr=1600644332&ir=
 
*************************


BC AdBot (Login to Remove)

 


m

#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:04:10 PM

Posted 05 June 2014 - 04:22 PM

 What's the problem with telling Malwarebytes to remove it?  If that IS a problem, try the Revo uninstaller - it works for me when nothing else will.

 

Good luck.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 fluffyfluff

fluffyfluff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 05 June 2014 - 04:33 PM

Malwarebytes will remove it. But it comes up again when I scan the computer. AdwCleaner also removes it, but it reappears again when I scan the computer again!

 

Zip opener doesn't show up in my program list or in Revo uninstaller, so I'm assuming it's the remnants of it? 



#4 JohnC_21

JohnC_21

  • Members
  • 21,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 05 June 2014 - 04:42 PM

You can reset firefox. I would backup your bookmarks even though mozilla says they would be safe. This creates a new profile. Extensions would have to be downloaded again.

 

https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

 

I would also reset IE and also save your bookmarks first. I would select delete personal settings also.

 

http://www.sevenforums.com/tutorials/1222-internet-explorer-reset.html

 

I made a mistake. It looks like IE is unaffected but Chrome also has the problem.

 

Reset Chrome.

 

https://support.google.com/chrome/answer/3296214?hl=en


Edited by JohnC_21, 05 June 2014 - 04:45 PM.


#5 fluffyfluff

fluffyfluff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 05 June 2014 - 06:12 PM

I reset both chrome and firefox but the malware is still showing up in my scans.. :(((

Any other tips or suggestions?



#6 JohnC_21

JohnC_21

  • Members
  • 21,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 05 June 2014 - 06:41 PM

Edit: When you did the rescan, does a different profile name for firefox show in the scans? If it does, disregard the following and go directly to the Rkill download.

 

For Firefox go to

 

C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\

 

C:\Users\cpan\AppData\Roaming\Mozilla\Firefox\Profiles\

 

There should now be more than one profile there as you created a new profile with the reset. If there are more than one, delete

 

bz87arq3.default

 

If only the one profile is shown post back what the profile name is.

 

You may have to show hidden files and folders in Windows.

 

If that does not work, download and run Rkill. It will terminate any processes it finds. Do not reboot. After Rkill finishes do another scan with Malwarebytes.


Edited by JohnC_21, 05 June 2014 - 06:43 PM.


#7 fluffyfluff

fluffyfluff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 05 June 2014 - 08:26 PM

There's only one profile in firefox.  I also ran Rkill, but malwarebytes is still picking up the malware that is continuously being deleted. What else can I do?

 

 
Program started at: 06/05/2014 08:35:43 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.


#8 JohnC_21

JohnC_21

  • Members
  • 21,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 05 June 2014 - 09:56 PM

Sorry, I am out of ideas on this. If somebody else does not respond to your problem in three days click the link at the top of this "Am I infected forum" Post a reference to this thread; A person from the Malware Removal Forum should help.

 

If you have not received help after three days, please post a link to your topic HERE.



#9 jasher

jasher

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 06 June 2014 - 05:29 AM

I found this topic via google and made an account just to confirm what fluffyfluff is seeing.

 

I see it too.

 

Remove speedial and it just comes back.

 

This tells me that speedial is more than just onetime browser  redirect and hijacker and has installed something malicious.  It is a real virus.

 

 



#10 fluffyfluff

fluffyfluff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:10 PM

Posted 06 June 2014 - 09:50 AM

And I'm also receiving weird emails. Should I stop using my computer?

Please help. :(

#11 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:04:10 PM

Posted 06 June 2014 - 10:17 AM

Malwarebytes will remove it. But it comes up again when I scan the computer. AdwCleaner also removes it, but it reappears again when I scan the computer again!

 

Zip opener doesn't show up in my program list or in Revo uninstaller, so I'm assuming it's the remnants of it? 

 Have you tried running these in Safe Mode?  Some malware can hide itself in normal mode.

 

Good luck.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#12 JohnC_21

JohnC_21

  • Members
  • 21,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 06 June 2014 - 11:06 AM

See this link. Delete the pref.js file in the locations shown in your previous post. For chrome go to the preferences folder and look for those two http links to speedial. Delete those. On your Chrome shortcut, also look for any other urls that are related to speedial.
 

 

(1) Hijacked program shortcut

Right-click the icon you use to start Firefox > Properties > Shortcut tab

The Target line should not have any URLs on it, just:

  • 32-bit Windows: "C:\Program Files\Mozilla Firefox\firefox.exe"
  • 64-bit Windows: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

(2) user.js file

This file, often created/updated by external software, will override your settings at every startup. This article describes how to track down and remove the file: How to fix preferences that won't save.

 


Edited by JohnC_21, 06 June 2014 - 11:09 AM.


#13 jasher

jasher

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 06 June 2014 - 11:40 AM

However it's doing it, it's not via the shortcut.

 

I can completely uninstall Chrome, nothing left, and certainly not the taskbar shortcut, reinstall it, and it's back.



#14 JohnC_21

JohnC_21

  • Members
  • 21,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 06 June 2014 - 12:04 PM

However it's doing it, it's not via the shortcut.

 

I can completely uninstall Chrome, nothing left, and certainly not the taskbar shortcut, reinstall it, and it's back.

In these kind of cases, it would be best to post with the required attached logs in the Malware Removal Forum after reading the stickies.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users