Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Torn tv


  • Please log in to reply
7 replies to this topic

#1 Turtleneck

Turtleneck

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 16 September 2014 - 11:41 PM

Hi,

I have given myself a TornTV problem

Thought I was downloading a book in pdf but I clicked too quick and didn't notice the exe file extension until too late- my dumb. :ranting:

MBAM, Avast and Windows defender. All returned a nothing found result. Avast was running at the time of infection.

Spy Hunter which found 600+ issues but required payment before removal. Not sure who's idea it was to ask for Cr card details on an infected machine. Not sure that entire process was legit or just part of the scam.

Kaspersky Pure 3.0 No items found. Took a really long time to download 7.7 million definitions and over two hours to run.

Avast was removed after Kaspersky was downloaded and was run offline, (modem unpluged)

Killing things in Hijackthis hasn't helped as I'm unsure of the role of many of the enties listed so my kill runs are incomplete.

 

(www).istartsurf.com/?type=sc&ts=1410846883&from=ild&uid=HitachiXHTS545050A7E380_TE85113RKMAL2RKMAL2RX

Actual home page (The hijack) I wonder what Hitachi has to do with it?

 

System - Windows 8

Browser - Firefox, latest. When I open the Firefox properties dialog box, under the shortcut tab, in the Target box, I found the iStart address tacked onto the mozilla address. Not sure what should be there. Message - "The name, xxxxxxx specified in the Target box is not valid.Make sure the path and file name are correct."

 

Apart from the browser hijack and some game that seems to have gone away, I've read references to Google Chrome, (which has been repeatedly removed from this system) when Kaspersky was installing and also a number of files ending in xxx/chrome.exe.

MS IE made an uninvited reappearance down on the task bar as well despite having been previously removed.

Neither GChrome nor IE appear in the Add/Remove list. Kinda wierd. I know MS and Google really persistant with trying to get people to use their browsers but malware use seems a stretch even for them.
 

Thanks for your help. Afraid I can't beat this one with out it.

Bryan


Edited by Turtleneck, 16 September 2014 - 11:56 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:24 PM

Posted 17 September 2014 - 12:22 AM

Hello -

 

First of all, you should know that Torn TV is not a virus. It is considered as add-on. Though harmful, it does not have the characteristics of computer virus.

So all of the Antivirus programs will not see it as an "Infection".

 

 

Many (read most) users who have Torn TV acquired the program by installing freeware (like you were).

It is normally bundled when you install free programs. In order to remove Torn TV from your computer, you may have success with these steps.

 

Uninstall Torn TV from Microsoft Windows
1. Open Windows Control Panel.
2. Choose Programs and Features (Uninstall a Program).
3. It will open a list of installed programs. You should find Torn TV or any related term and click on ‘Uninstall’.

 

 

How to remove Torn TV on Internet Explorer
1. Open Internet Explorer.
2. On top menu, go to Tools > Manage Add-ons. (if you do not see the menu, press ALT and you will see it)
3. On right panel look for a Torn TV entry and click on Disable button to stop the service.
4. You must now restart Internet Explorer.

Here is Internet Explorer’s frequently asked question (FAQ) for your reference:
http://windows.microsoft.com/en-US/windows-vista/Internet-Explorer-add-ons-frequently-asked-questions

 

 

How to Uninstall Torn TV in Google Chrome
1. Open Google Chrome Internet browser.
2. Click on Settings (three horizontal bars icon or wrench icon for old versions) or ‘Customize and Control Google Chrome’ button located on top right corner of the browser.
3. Click on Tools > Extensions from the drop-down list.
4. You can see Torn TV from the list of installed extensions; remove it by clicking on the ‘Trash’ icon.
5. Please restart Google Chrome.

If you cannot delete the extension, you can simply disable it. See how to manage Google Chrome Extension from this page:
http://support.google.com/chrome/bin/answer.py?hl=en&answer=187443

 

 

How to Remove Torn TV in Mozilla Firefox
1. Open Mozilla Firefox Internet browser.
2. On top menu, go to Tools > Add-ons.
3. Remove Torn TV from the list of installed add-ons.
4. Restart Mozilla Firefox.

 

NOTE : Always go back and Reset Your Normal Home Page after each attempt.

 

 

Try these ideas first, and then tell us how things went -

 

Thanks -

EDIT - Sorry that I did not notice this in the post , Spy Hunter and several other similar programs are 100% SCAMS -

Spy Hunter which found 600+ issues but required payment before removal.

Edited by noknojon, 17 September 2014 - 12:26 AM.


#3 Turtleneck

Turtleneck
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 17 September 2014 - 11:28 PM

Hi Noknojon,

Thanks for the super quick response. Edits below.

 

1. Uninstall Torn TV from Microsoft Windows

Done earlier.

 

2. How to remove Torn TV from Internet Explorer and Google Chrome

As mentioned Google Chrome and MS internet Explorer are not in the add/remove list.
Yet MSIE has made a new appearance on the task bar this morning. Weird.
Went searching the directory tree, found the IE folder and tried deleting that but noooooo. I need permission from Trusted Installer to delete anything.
Any ideas on who that is?

 

3. How to Remove Torn TV in Mozilla Firefox

I find no Torn TV add ons, extensions or services under Tools/Add ons.
Haven’t found anything useful any where in the directory tree.

 

4. What else I found and removed

Just found a Wisecaller file hiding in an old remnant MacAfee folder pretending to be a Wisecallera file so deleted that. Cleaned with CCleaner, rechecked the home page path but still redirected to istartsurf.

Optimiser Pro folder. Deleted. Also prefetch entry deleted.

I was getting a redirection to a gay porn site from one of my bookmarks but that seems to have stopped now.


Any ideas on how to lose this istartsurf hijack?

And MSIE?

 

Bryan

PS  Just deleted Chrome.exe from two spots. Seems to have killed the istartsurf redirection.


Edited by Turtleneck, 17 September 2014 - 11:46 PM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:24 PM

Posted 18 September 2014 - 12:54 AM

It is a rotten extension to remove, but there is an Uninstaller that I am trying to find. This is a "new version" V10, the last V9 seemed easier.......

 

Let's Start Again -

 

Microsoft Internet Explorer is usually referred to as MSIE (is this what you mean ?)
 

Please download and run RKill by Grinler.

  • A black DOS box will appear for a short time and then disappear.
  • This is normal and indicates the tool ran successfully.
  • At most the tool will usually run for about 2 minutes

Please Copy and Paste the log back here.

 
Do not reboot your computer until you complete the next step.

 

 NOW :

  • Download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
     * Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button (only once)
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button only once for accuracy.
  • A report (AdwCleaner[R0].txt) will open in Notepad for your review.
  • Check the listed removals and see if you are OK with them.
  • If you have questions, post the Report log back here.

 Next

  • Click on the Clean button only once for accuracy
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
  • After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
    Copy and Paste the contents of that log in your next reply.

Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.

 

 

 

 

Next : Download this free tool and save it to your desktop. It will not clash with any other Antivirus tool.
Avast Browser Cleanup Download Link (This will open in a new window)
I keep this on my desktop, but you do not need to keep it, just run it

You do not need to install the program. This portable scanner will run automatically once you double-click on the the executable file avast-browser-cleanup.exe.

When run, Avast Browser Cleanup performs a test on the browser. If unwanted entries were found, it will display a button

Remove all add-ons listed below and cleanup browser.’ You may remove all or delete one entry at a time.

Avast Browser Cleanup will confirm before it permanently deletes the add-on. Please click Yes to proceed with the removal of The TornTV V10 on the affected browser.

 

 

An extra -

I would delete your HJThis version, as it is almost useless on Windows 8, and was almost phased out for Windows 7 ......



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:24 PM

Posted 18 September 2014 - 03:01 AM

Well, I do not have the good news that I wanted. ..............The Uninstaller that I hoped to find was not there .........

 

My best solution is the only one that I have found here and at a few other forums, and that was manual removal and repair.

 

 

Windows 8 may not create the requested logs, but please follow what you can in ==>This Prep Guide<== starting at Step 6.

 

Post a New Topic in the >>> Malware Removal area <<< and one of the Experts will guide you through the steps.

 

Sorry that we could not help better in this area, but the Experts area is better for you.

Be prepared to wait a day or so, as they are busy, but they are your best option -



#6 Turtleneck

Turtleneck
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 18 September 2014 - 05:28 AM

Microsoft Internet Explorer is usually referred to as MSIE (is this what you mean ?)

Yes

 

Seems to have fixed the redirect. Thank you.

The Avast Browser Clean up didn't find anything.

 

 

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/18/2014 05:23:02 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * MsKeyboardFilter [Missing Service]
 * CSC [Missing Service]
 * E1G60 [Missing Service]
 * HdAudAddService [Missing Service]
 * kbldfltr [Missing Service]
 * storvsp [Missing Service]
 * Vid [Missing Service]
 * vmbusr [Missing Service]
 * vpcivsp [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 09/18/2014 05:25:37 PM
Execution time: 0 hours(s), 2 minute(s), and 34 seconds(s)
 

 

 

 

 

 

 

 

 

 

 

 

 

 

# AdwCleaner v3.310 - Report created 18/09/2014 at 19:27:58
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Bryan - FFF
# Running from : C:\Users\Bryan\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Users\Bryan\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Bryan\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Bryan\AppData\Roaming\WebExtend
File Deleted : C:\Users\Bryan\Desktop\Continue Live Installation.lnk

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Bryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Bryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Bryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v32.0.1 (x86 en-US)

[ File : C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\Profiles\r1msi8n9.default\prefs.js ]

Line Deleted : user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7[...]
Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true);

-\\ Google Chrome v

[ File : C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1826 octets] - [04/04/2014 17:13:50]
AdwCleaner[R1].txt - [7694 octets] - [18/09/2014 17:30:09]
AdwCleaner[S0].txt - [1875 octets] - [04/04/2014 17:15:29]
AdwCleaner[S1].txt - [6823 octets] - [18/09/2014 19:27:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6883 octets] ##########
 



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:24 PM

Posted 18 September 2014 - 04:14 PM

Hi -

 

If you think things are OK, then wait a while.

 

If you still have a problem, please post to >>> Malware Removal area <<< and one of the Experts will guide you through the steps.

 

Regards -



#8 Turtleneck

Turtleneck
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 18 September 2014 - 11:37 PM

Thanks for your help, I'll continue trying to get rid of MSIE, seems the Torn TV issues are at an end for now. Thanks again.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users