Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Adware


  • This topic is locked This topic is locked
4 replies to this topic

#1 Rashyz

Rashyz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 12 September 2014 - 11:05 PM

First of all hi im new, The problem happened a week ago. i wasnt downloading anything shady ofc, but when i startup my computer theres 2 google chrome windows opened, one is named untitled.exe and another one Extendedunlimited.org i heard from a friend that i needed to go to this website well ok im here now. I have scanned my system with: Malwarebytes, Avira, AVG, TDSSKiller and even Hitman Pro. and they didnt help at all. i started to read topics for awhile and found that i needed to install FRST, i scanned my pc with it and now... i think i needed a fixlist? idk. I also cleaned my Downloads File and Resetted Chrome.

Heres the log of the FRST.txt:

Spoiler

 

 

Help please.



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 13 September 2014 - 06:55 AM

Hi,

here's a fixlist for you:


Please download this attached Attached File  fixlist.txt   149bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 Rashyz

Rashyz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 13 September 2014 - 09:07 AM

Hi,

here's a fixlist for you:


Please download this attached attachicon.giffixlist.txt and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

Thank you aharonov, it works. thank you very much!

Heres my Fixlog.txt:

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Adeke at 2014-09-13 20:55:31 Run:1
Running from C:\Users\Adeke\Documents\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-973794808-3023372887-663912671-1003\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
EmptyTemp:
*****************
 
HKU\S-1-5-21-973794808-3023372887-663912671-1003\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
EmptyTemp: => Removed 1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
thank you very much!

Attached Files



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 13 September 2014 - 11:22 AM

You're welcome.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 19 September 2014 - 03:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users