Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

extendedunlimited.org/gameharbor virus, malware, adware


  • This topic is locked This topic is locked
10 replies to this topic

#1 krazyazian

krazyazian

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 16 September 2014 - 03:33 PM

Hi, this is my first time here on bleepingcomputer.com. My laptop recently started to have ad pop ups from extendedunlimted.org, it was annoying due to the fact that it pops up each time I turn on my laptop, the ad was also interfered by slowing down my laptop. So I google searched a fix for this and found this website, I found out that there are others that was facing the same problem as me. So here is the text files you guys need to fix my problem. Thanks for helping me out.

Attached Files



BC AdBot (Login to Remove)

 


#2 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:29 PM

Posted 21 September 2014 - 02:42 AM

Hello and welcome to BleepingComputer :)

 

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    start
    HKU\S-1-5-21-3949820843-3289878221-2282755290-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
    S3 X6va017; \??\C:\WINDOWS\SysWOW64\Drivers\X6va017 [X]
    S3 X6va022; \??\C:\WINDOWS\SysWOW64\Drivers\X6va022 [X]
    S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.



#3 krazyazian

krazyazian
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 21 September 2014 - 07:03 AM

Ok I did everything you have told me, have the restart the extendedunlimited ad hasn't pop up. Hopefully this is a permanent fix. Here is the fixlist.txt you have requested. Thanks for helping me out. 

Attached Files



#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:29 PM

Posted 21 September 2014 - 07:20 AM

Hi, 

 

I need the Fixlog.txt to review.



#5 krazyazian

krazyazian
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 21 September 2014 - 07:53 AM

Im sorry about that, heres the fixlog.txt

Attached Files



#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:29 PM

Posted 21 September 2014 - 03:59 PM

Step 1

 

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the program.
  • Launch the program and select Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply.


#7 krazyazian

krazyazian
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 22 September 2014 - 08:42 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/22/2014
Scan Time: 9:04:28 AM
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.22.02
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Kevin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385538
Time Elapsed: 30 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\QUIKNOWLEDGE, Quarantined, [7f068e61a9d249edcbf141f05da61ee2],

Registry Values: 1
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\QUIKNOWLEDGE|ie-ver, 11.0.9600.16659, Quarantined, [7f068e61a9d249edcbf141f05da61ee2]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:29 PM

Posted 22 September 2014 - 09:49 AM

Step 1

 

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 2

 

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Let me know how the computer is running once you have completed these steps.


Edited by thisisu, 22 September 2014 - 09:50 AM.


#9 krazyazian

krazyazian
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 22 September 2014 - 04:00 PM

Here's the two logs that you requested. Everything seems to be fine, no errors and no pop ups.

Attached Files



#10 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:29 PM

Posted 22 September 2014 - 04:11 PM

Great  :thumbup2:  Here are the final steps. Be safe.

 

1. Delete FRST

2. Delete the C:\FRST folder

3. Ensure you have the latest version the following applications if you use them. The outdated versions of these applications are commonly used to infect computers: 

  • Adobe Flash Player
  • Adobe Reader
  • Java
  • Microsoft Silverlight

4. No matter which browser you decide to use, I highly recommend this browser extension which effectively blocks annoying banners, pop-ups, and video ads - even on Facebook and YouTube: Adblock Plus

5. Another small yet very effective program I highly recommend is: SpywareBlaster

6. Finally, delete your old system restore points and create a new one. If you need help with this, click here



#11 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:29 PM

Posted 22 September 2014 - 04:11 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users