Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do i remove the Tuvaro malware from Windows 7


  • Please log in to reply
4 replies to this topic

#1 Marz2020

Marz2020

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 12 September 2014 - 01:14 PM

I have already tried using Malware Bytes and SuperAntiSpyware  in SAFE mode and I can't rid my laptop of this nuisance.
 
Please help.
 
Thanks

Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:51 PM

Posted 12 September 2014 - 01:30 PM

In the Control Panel open Programs and Features, look for the Tuvaro and uninstall it if it is found.
 
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 
 

Please download Junkware Removal Tool.
 
Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.  
 
Click on Run to initiate the installation.
 
To avoid potential conflicts, temporarily disable your antivirus and firewall.  You will want to be offline when you do this.
 
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
 
The tool will open and start scanning your system.
 
Please be patient as this can take a while to complete depending on your system's specifications.
 
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.  Copy and this and then post this in your topic.
 
 
Remove Tuvaro from your browser/s.
 

Remove from Internet Explorer
 
Press Alt+T and click Internet Options.
Open the General tab.
Change the home page and click OK.
Press Alt+T and click Manage Add-ons.
Click Toolbars and Extensions and remove unwanted extension.
Click Search Providers and set a new default search engine.
 
Remove from Google Chrome
 
Press Alt+F and point to Tools.
Click Extensions.
Remove unwanted extensions.
Click Settings.
Under On startup, select the last option and click Set pages.
Set a new startup page.
Under Search, click Manage search engines and click enter the URL of your new default search provider. Click Ok.
 
Remove from Mozilla Firefox
 
Press Alt+T and click Options.
Open the General tab and change the home page.
Click OK.
Press Ctrl+Shift+A and click Extensions.
Remove unwanted extensions.
Close the tab.
Click the search engine icon next to the search box and select a new search provider.
 
 
Run RKill, once it has run, download and run Malwarebytes.
 

RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run the security application before the computer is rebooted.  
 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
Attention:  At this time you need to run Malwarebytes.
 
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run successfully you should reboot the computer to restore the processes and Windows Registry entries. 
 
 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
 
 
After this is finished run Temp File Cleaner.
 

Please download Temp File Cleaner by Old Timer and save it to your desktop.
 
1. Save any unsaved work. (TFC will close ALL open programs including your browser!)
 
2. Double-click on TFC.exe to run it. 
 
3. Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
 
tempfilecleaner1_zpsaaf9e118.png
 
4.  After Temp Flie Cleaner has run, click on Exit.
 
tempfilecleaner2_zpsdffa9226.png
 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Marz2020

Marz2020
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 12 September 2014 - 03:04 PM

"Please download AdwCleaner and install it."
"You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic."
 
I executed AdwCleaner and clicked on OK and the AdwCleaner program removed the items on the list and rebooted my PC.
 
The AdwCleaner log was NOT presented and I couldn't locate it during a C:/ drive search.
 
Please advise.
Thanks,
Marz2020 


#4 Marz2020

Marz2020
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 12 September 2014 - 07:54 PM

 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/12/2014
Scan Time: 5:43:34 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.12.08
Rootkit Database: v2014.09.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 472227
Time Elapsed: 1 hr, 2 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
 
Files: 23
PUP.Optional.RelevantKnowledge, C:\Users\Administrator.Perry-VAIO\AppData\Local\Temp\CSM24BA.tmp, Quarantined, [2d976389f5862e08297ef21116efd030], 
PUP.Optional.Goobzo, C:\Windows\Temp\Pac327E.tmp, Quarantined, [a0245696ed8e24125ebdc224f80c1ce4], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\resourceToolCommandLine.exe, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\SBIEBrowserHelperObject.dll, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\Search.lnk, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\sma.exe, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smci64.dll, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smei32.dll, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smei64.dll, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smfi32.dll, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smfi64.dll, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smoi32.dll, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smoi64.dll, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smri32.dll, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smri64.dll, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys, Quarantined, [ffc5a04ce5961026758db0452bd70df3], 
PUP.Optional.SearchNet.A, C:\Users\Perry Baty\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www-search.net/?s=E8Cyobryu02482,1d0c0c08-4681-409a-84c6-c62ec9f5da0c," ],), Replaced,[ffc529c3e695e84e5495e944ea1b54ac]
PUP.Optional.SearchNet.A, C:\Users\Perry Baty\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://www-search.net/?s=E8Cyobryu02482,1d0c0c08-4681-409a-84c6-c62ec9f5da0c,",), Replaced,[f5cf6983106b69cddb0f9499699c0af6]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
I ran ALL of the programs in 'Fix' message above.  The Tuvaro malware has been removed from my PC.
 
Thank you for the assistance.  I really appreciate it.
 
Marz2002 


#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:51 PM

Posted 13 September 2014 - 08:45 AM

You are welcome.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users