Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my extendedunlimited.org malware gone?


  • Please log in to reply
5 replies to this topic

#1 quiescentials

quiescentials

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 September 2014 - 06:46 AM

I have had extendedunlimited.org opening at startup from this weekend, but today Malwarebytes Anti-Malware found the extendedunlimited threat and put it in quarantaine. It now does not open the webpage anymore. Is this enough to be rid of the malware or do I need to take another step to completely exterminate it?



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:06 PM

Posted 18 September 2014 - 07:16 AM

Please post the MBAM log. This is the first I've seen of MBAM completely removing that adware. That's good news if true.

 

Suggest you run a scan using AdwCleaner, too.

download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Use CCleaner to cleanup the caches, temporary files, cookies, etc. Pay attention while installing and UNcheck offers of toolbars...especially Yahoo.

No need to use the Registry Cleaning Tool and it has the potential to cause a problem if used.

CCleaner - PC Optimization and Cleaning - Free Download


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quiescentials

quiescentials
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 September 2014 - 08:06 AM

Thanks for helping me!

 

MBAM log:

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 18-9-2014
Scan Time: 11:35:06
Logfile: MBAMlog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.18.02
Rootkit Database: v2014.09.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Eigenaar
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307966
Time Elapsed: 7 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUP.Optional.ExtendedUnlimited.A, HKU\S-1-5-21-857772458-488675974-1936586719-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CMD, cmd.exe /c start http://extendedunlimited.org && exit, Quarantined, [09117a75a0dbe94db1320af6d2319769]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
AdwCleaner Log (It's in Dutch)
 
# AdwCleaner v3.310 - Rapport aangemaakt 18/09/2014 op 15:02:35
# Laatste Update 12/09/2014 door Xplode
# Besturingssysteem : Windows 8.1  (64 bits)
# Gebruikersnaam : Eigenaar - LT-294628
# Gestart vanuit : C:\Users\Eigenaar\Downloads\AdwCleaner.exe
# Optie : Verwijderen
 
***** [ Services ] *****
 
 
***** [ Bestanden / Mappen ] *****
 
Map Verwijderd : C:\ProgramData\ParetoLogic
Map Verwijderd : C:\Users\Eigenaar\AppData\Roaming\ParetoLogic
Map Verwijderd : C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
 
***** [ Taken ] *****
 
Taak Verwijderd : paretologic update version3
 
***** [ Snelkoppelingen ] *****
 
 
***** [ Register ] *****
 
Sleutel Verwijderd : HKCU\Software\ParetoLogic
Sleutel Verwijderd : HKLM\SOFTWARE\ParetoLogic
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17278
 
 
-\\ Mozilla Firefox v32.0.1 (x86 nl)
 
[ Bestand : C:\Users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\u053du98.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ Bestand : C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Verwijderd [Extension] : gkojfkhlekighikafcpjkiklfbnlmeio
 
*************************
 
AdwCleaner[R0].txt - [1797 octets] - [15/09/2014 14:24:31]
AdwCleaner[R1].txt - [1552 octets] - [18/09/2014 15:00:59]
AdwCleaner[S0].txt - [1875 octets] - [15/09/2014 14:26:17]
AdwCleaner[S1].txt - [1438 octets] - [18/09/2014 15:02:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1498 octets] ##########
 
 
I will run the CCleaner now


#4 buddy215

buddy215

  • Moderator
  • 13,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:06 PM

Posted 18 September 2014 - 08:42 AM

MBAM did remove the adware.

 

Rerun AdwCleaner and choose to delete the extension it found in Google Chrome or not if you prefer keeping it. It comes back as Hola better internet...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 quiescentials

quiescentials
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 September 2014 - 09:15 AM

Thanks!



#6 buddy215

buddy215

  • Moderator
  • 13,525 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:06 PM

Posted 18 September 2014 - 09:26 AM

You're welcome....

 

AdwCleaner also found paretologic update version3. I suggest removing that and the registry entries for paretologic.

You can use AdwCleaner for that by choosing to remove.

You can uninstall AdwCleaner by opening and choosing uninstall.

.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users