Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow PC - possible malware/virus - Installmate


  • Please log in to reply
2 replies to this topic

#1 bargy

bargy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 31 July 2014 - 04:16 PM

Hi,

 

My PC has been very slow lately. I was checking though programdata today and noticed some odd folder in there includes "InstallMate". 

 

I ran a full AVG scan, but no threats were detected.

 

Can you help me to clean up my pc please?



BC AdBot (Login to Remove)

 


#2 MrMatrixGuy

MrMatrixGuy

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 31 July 2014 - 05:19 PM

InstallMate is a Virus. (BrowserHijacker)

Run the Following Tools on your PC:
HitmanPro 30-Day Trial
(JRT) Junkware Removal Tool
AdwCleaner
Malwarebytes Anti-Malware

Once you run the Tools I Provided above your PC should he good to go.

If the Problem Continues or if you have any Questions feel free to Reply back to the Thread.

#3 bargy

bargy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 01 August 2014 - 07:19 AM

Hi MrMatrixGuy,

 

I've ran those 4 tools, and the logs are below.

 

Unfortunately IntallMate folder is still in programdata.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by Gary on 01/08/2014 at 12:37:08.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bhoclass.bho.bhoclass.bho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bhoclass.bho.bhoclass.bho.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1060933
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Users\Gary\appdata\locallow\codec-c"
Successfully deleted: [Folder] "C:\Users\Gary\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Gary\appdata\locallow\pricegong"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/08/2014 at 12:45:50.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
HitmanPro 3.7.9.221
www.hitmanpro.com
 
   Computer name . . . . : PC1
   Windows . . . . . . . : 6.0.0.6000.X86/2
   User name . . . . . . : PC1\Gary
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-08-01 12:28:12
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 19m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 13
 
   Objects scanned . . . : 1,557,657
   Files scanned . . . . : 43,211
   Remnants scanned  . . : 519,879 files / 994,567 keys
 
Potential Unwanted Programs _________________________________________________
 
   ask.com
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.directrev.com
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.velmedia.net
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.vikadsk.com
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 01/08/2014
Scan Time: 12:56:24
Logfile: Malware Bytes Log_20140801.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.01.01
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista
CPU: x86
File System: NTFS
User: Gary
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 279479
Time Elapsed: 18 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v3.302 - Report created 01/08/2014 at 12:53:15
# Updated 30/07/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium  (32 bits)
# Username : Gary - PC1
# Running from : C:\Users\Gary\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\AVG Nation toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Found : HKLM\Software\AVG Nation toolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18882
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1657 octets] - [01/08/2014 12:53:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1717 octets] ##########
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users