Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extendedunlimited/ gameharbor virus


  • This topic is locked This topic is locked
8 replies to this topic

#1 ObeyWill

ObeyWill

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 17 September 2014 - 03:38 PM

Hey! For a couple of days now, every time I log into my user, a random Chrome page automatically opens up. It firsts load extendedunlimited.org & then automatically redirects itself to gameharbor.com. I've downloaded every malware in the book, ran every scan in the book, restarted my computer a countless amount of times etc. Can anybody please tell me what the issue is or how this got on my computer to begin with (I have Avast antivirus)?

 

Here is my FRST.txt file: http://pastebin.com/LsBGcZd4


Edited by Queen-Evie, 17 September 2014 - 03:56 PM.
moved from Windows 7 to the appropriate forum. FRST logs are allowed only in Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 ObeyWill

ObeyWill
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 18 September 2014 - 03:45 PM

Anybody? lol :bubbles:



#3 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:53 PM

Posted 21 September 2014 - 03:27 AM

Hello and welcome to BleepingComputer    :)

 

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    start
    HKU\S-1-5-21-2284458144-741501742-1768172656-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit
    GroupPolicy: Group Policy on Chrome detected
    BHO: No Name -> {1036AD63-AEAC-460B-9060-C96005D4DC86} ->  No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
    emptytemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.



#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:53 PM

Posted 21 September 2014 - 03:31 AM

Can anybody please tell me what the issue is or how this got on my computer to begin with (I have Avast antivirus)?

 

Most likely it came from downloading The Sims 4.

 

The practice of using keygenshacking toolscracking toolswareztorrents or any pirated software is not only considered illegal activity but it is a serious security risk.



#5 ObeyWill

ObeyWill
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 21 September 2014 - 03:24 PM

 

Hello and welcome to BleepingComputer    :)

 

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    start
    HKU\S-1-5-21-2284458144-741501742-1768172656-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit
    GroupPolicy: Group Policy on Chrome detected
    BHO: No Name -> {1036AD63-AEAC-460B-9060-C96005D4DC86} ->  No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
    emptytemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

Thank you! This fixed my issue. Unfortunately, I deleted the fixlog.txt file before reading your last line, but at least my problem is now fixed. And yes now I know how harmful and dangerous torrenting can be!



#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:53 PM

Posted 21 September 2014 - 04:08 PM

You're welcome. Are you experiencing any other issues that you suspect are malware related? We should run this next scan just to cover our bases unless you've already run it. Let me know

 

Step 1

 

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the program.
  • Launch the program and select Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply.

Edited by thisisu, 21 September 2014 - 04:10 PM.


#7 ObeyWill

ObeyWill
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:53 PM

Posted 21 September 2014 - 11:43 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/22/2014
Scan Time: 12:17:08 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.22.01
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Will
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356159
Time Elapsed: 21 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
I have 0 malicious files because, as I've stated, I downloaded every malware remover and did every scan in the book trying to fix this issue before, and this was one of the scans that said it would get rid of the problem. So, since I cleaned it with this tool already last week, that's why everything came out to be spotless. Again, thanks sooooo much for your help, that pop up on every boot was starting to piss me off. I'm hella glad that it's gone now. Btw, idk why rootkits says "disabled" but I did check it.

Edited by ObeyWill, 21 September 2014 - 11:45 PM.


#8 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:53 PM

Posted 21 September 2014 - 11:57 PM

You're welcome. Here are the last few steps. Be safe :)

 

1. Delete FRST

2. Delete the C:\FRST folder

3. Ensure you have the latest version the following applications if you use them. The outdated versions of these applications are commonly used to infect computers: 

  • Adobe Flash Player
  • Adobe Reader
  • Java
  • Microsoft Silverlight

4. No matter which browser you decide to use, I highly recommend this browser extension which effectively blocks annoying banners, pop-ups, and video ads - even on Facebook and YouTube: Adblock Plus

5. Another small yet very effective program I highly recommend is: SpywareBlaster

6. Finally, delete your old system restore points and create a new one. If you need help with this, click here



#9 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:53 PM

Posted 21 September 2014 - 11:58 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users