Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DealsFinderPro infested a relative's laptop


  • Please log in to reply
13 replies to this topic

#1 Drambit

Drambit

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 16 August 2014 - 04:43 PM

A relative of mine asked me to fix their laptop because it was infested with viruses, adware, and was in general running very slow. I took a look at it, ran malwarebytes, spybot search and destroy, CCleaner, and Windows defender scans, found a pile of trojans and stuff like that, removed them, and the computer started running way better and was pretty much clean except for this tricky bastard. No matter how many times you remove the extension from chrome, no matter how many times I run antivirus, no matter how many times I run adwcleaner, JST, etc, the damn adware just keeps coming back. It has no folder, no files, no entry in control panel, no exe that gets detected, no detectable registry keys, yet somehow always comes back every time I restart chrome. 
 
Googling the problem resulted in a massive list of guides posted by software companies trying to get you to use their software, and are usually written like: "Step 1: Download Anvisoft. Step 2: Download this other piece of crap software." The few topics I have actually found that involve someone having their problem solved have had very specific solutions tailored to their very specific case and were of no use to me whatsoever. 
 
I can get whatever logs are needed, please help.

Edited by Queen-Evie, 16 August 2014 - 06:27 PM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 16 August 2014 - 07:08 PM

G'day Drambit, and Welcome to BC

 

Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.


    Click the Chrome menu on the browser toolbar.

    Select Settings.

    Click Show advanced settings and find the "Reset browser settings” section.

    Click Reset browser settings.

    In the dialog that appears, click Reset.

 

 

Let me know how that goes


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#3 Drambit

Drambit
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 17 August 2014 - 02:39 PM

G'day Drambit, and Welcome to BC

 

Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.


    Click the Chrome menu on the browser toolbar.

    Select Settings.

    Click Show advanced settings and find the "Reset browser settings” section.

    Click Reset browser settings.

    In the dialog that appears, click Reset.

 

 

Let me know how that goes

That wouldn't change anything and doesn't.



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 17 August 2014 - 06:24 PM

Then I will assume you have followed my previous instruction without success.....

 

Please run the following for me, in the order listed..

 

 

 

  Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

 

Download MiniToolBox, save it to your desktop and run it.
    Checkmark the following checkboxes:
    Flush DNS
    Report IE Proxy Settings
    Reset IE Proxy Settings
    Report FF Proxy Settings
    Reset FF Proxy Settings
    List content of Hosts
    List IP configuration
    List Winsock Entries
    List last 10 Event Viewer log
    List Installed Programs
    List Users, Partitions and Memory size.
    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

 

 

 

Please download AdwCleaner by Xplode and save to your Desktop.
 * Double-click on AdwCleaner.exe to run the tool.
 * Vista / Windows 7 / 8 users right-click and select Run As Administrator.
 * Click on the Scan button (only once)
 * AdwCleaner will begin...be patient as the scan may take some time to complete.
 * After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Check the removals and see if you are OK with the list.

* Now
 * Click on the Clean button (only once)
 * Press OK when asked to close all programs and follow the onscreen prompts.
 * Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
 * After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 * Copy and Paste the contents of that logfile in your next reply.

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Please download Junkware Removal Toolby Thisisu

Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.

Click on Run to initiate the installation.

To avoid potential conflicts, Temporarily Disable your Antivirus

You may want to be offline when you do this.

Run the tool by double-clicking it.

If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste this in your next post..

 

 

Please download and runRKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.

 
RKill Download LinkDownload Now
@BleepingComputer

RKill Download LinkDownload Now
iExplore.exe

RKill Download LinkDownload Now
Rkill.com


Important: Do not reboot your computer until you complete the next step.

 

 

Download MalwareBytes Anti-Malware to your desktop.

    Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
    Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
    Click Scan at the top of the screen and hit Detection and Protection.
    Choose Custom Scan and click Scan Now.
    Check the box next to Scan for rootkits.
    MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
    Your computer is now being scanned, please do not use your computer during the scan.

    If no threats were found, click View detailed log.
        Click Export and save the log as a .txt file on your Desktop or another location.

    If the scan detected any threats, click Apply Actions.
        To complete any actions taken you will be prompted to restart your computer...click on Yes.
        After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
        Check the box next to Scan Log. Choose the most current scan and click View.
        Click Export and save the log as a .txt file on your Desktop or another location.

Providing the MalwareBytes' Anti-Malware log file

    Attach the log file you just saved to your next reply for further review.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#5 Drambit

Drambit
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 18 August 2014 - 12:49 AM

https://mega.co.nz/#F!11sDXLzA!Ug8xLsh20r5h8Bxm93lGvQ


Edited by Drambit, 18 August 2014 - 06:39 PM.


#6 Drambit

Drambit
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 18 August 2014 - 12:52 AM

.

Edited by Drambit, 18 August 2014 - 06:39 PM.


#7 Drambit

Drambit
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 18 August 2014 - 01:26 AM

.

Edited by Drambit, 18 August 2014 - 06:39 PM.


#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 18 August 2014 - 04:13 PM

Please run AdwCleaner again...

 

Now
 * Click on the Clean button (only once)
 * Press OK when asked to close all programs and follow the onscreen prompts.
 * Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
 * After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 * Copy and Paste the contents of that logfile in your next reply.

* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

There are many outdated programs installed...we will take care of them shortly..

 

 

 

 

Malwarebytes log ?.....just update the installation you already have...

 

 

 

and then run Eset....Be Aware....this scan will take quite some time...3 hours + is not unusual

 

Run the ESET Online Scanner.
    Hold down Control and click on this link link to open ESET OnlineScan in a new window.
   
    For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    Double click on the esetsmartinstaller_enu.png icon on your desktop.
    Check "YES, I accept the Terms of Use."
    Click the Start button.
    Accept any security warnings from your browser.
    Under scan settings, check "Scan Archives" and "Remove found threats"
    ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    When the scan completes, click List Threats
    Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Click the Back button.
    Click the Finish button.
    NOTE:Sometimes if ESET finds no infections it will not create a log.

 

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#9 Drambit

Drambit
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 18 August 2014 - 06:23 PM

I didn't do the malware bytes log because the scan is taking hours and I didn't want to stay up for it to finish. It's going now. Why do you want me to run Adw cleaner again, I've ran it probably 4 times since I downloaded it including one for the log.

 

Also sorry about the horrible formatting this forum as an unusual way of handling attachments and I have no idea how to use it. When I do I'll just edit all the posts and attach the notepad files.

 

EDIT: That is way better now. 


Edited by Drambit, 18 August 2014 - 06:40 PM.


#10 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 18 August 2014 - 07:02 PM

Please leave the logs in the post, it is much easier to read and access, and i do not wish to download anything to my PC from an unknown source......do not attach the logs...simply copy and paste them.

 

The Adwcleaner log contained  File Found : C:\Users\Tena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Tena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 ....

and these need to be removed. Therefore Click on CLEAN etc etc

 

MBAM (malwarebytes) running for hours indicates a problem. Keep me posted as to the length of time it takes, and the resulting log if in fact it finishes.

 

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#11 Drambit

Drambit
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 18 August 2014 - 07:20 PM

I find it kind of ironic that I downloaded 5 pieces of potentially destructive software from completely unknown sources on request but apparently linking to 1KB plain text files from the most well known file sharing website in the world is considered too sketchy. Whatever though I'll copy them back once the malwarebytes scan is done. I figured out that it was taking hours before because it got hung up on one file, so I restarted it. I'm not sure how the superfish things are still there on AdwCleaner I've left everything checked and cleaned multiple times. 



#12 Drambit

Drambit
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 18 August 2014 - 08:01 PM

Okay, here's something potentially interesting: The MBAM scan got stuck again, except this time it was one file previous to the one it stopped on last time. It's currently hanging on (my backslash key doesn't work) "C:/Windows/Web/Wallpaper/Scenes/img27.jpg" which is file 101871. The last time it got stuck it was stuck on img26 and file 101872. 

 

Could this mean something?

 

EDIT: Apparently enabling rootkit scanning on malwarebytes can cause it to hang on this specific set of files for quite a lot of people, but not having rootkit scanning defeats the purpose of a full scan. I'm not sure what to do now, Spybot?


Edited by Drambit, 18 August 2014 - 08:03 PM.


#13 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 18 August 2014 - 08:10 PM

There are obviously more deep seated issues here.

 

 

Please follow the instructions in the Preparation Guide For Requesting Help  starting at Step #6.

 

When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs   forum, NOT here, for assistance by the Malware Response Team Experts.

NOTE :If you are unable to complete any step, please just post the topic and leave a good description of your problems

Best of Luck !

 

 

 

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible.  I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#14 Drambit

Drambit
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:56 AM

Posted 18 August 2014 - 08:13 PM

Alright cool thanks. It's frankly baffling how aggressively deep this virus dug itself into the computer.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users