Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reinfections of Superfish and Goobzo pups


  • Please log in to reply
19 replies to this topic

#1 RoniSutton

RoniSutton

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 September 2014 - 08:28 AM

I have an HP Pavillion running Windows 7.  We have satellite internet so we have to be very careful about our bandwidth.  Typically, in our house of six computers we use less than 1/2 gig per day.  In the last ten days, we have used 1.5 to 2 gigs per day and I believe most of it is coming from this computer as every time I scan it after it has been used it has one of the two pups on it or a trojan.  I use Malware bytes and Combofix.  The computer is only being used to play an off-line version of Diablo II and Facebook.  I suspect there is something buried deep that Malwarebytes isn't seeing until it pulls in a pup.  I am at work and in and out of meetings all of the time, so running scans and posting results is definitely something I can do, just not instantly.  I would appreciate any help I can get as we are 10 days into the month and have already used 75% of our bandwidth for the month.  Thanks in advance and I apologize if I have inadvertently broken any posting rules.  I tried to read all the pinned notes regarding how to post, but the phone kept ringing and I may have missed something. 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:50 AM

Posted 18 September 2014 - 09:06 AM

Check in your Add/ Remove program for You Tube Accelerator...that is Goobzo....uninstall if there.

Since you are concerned about bandwidth, try the first two scans first. If the adware is still appearing

then do the Eset online scan.

 

You can open MBAM and change the settings to scan for rootkits....then run a scan after updating.

 

download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

  • Run the ESET Online Scanner.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 RoniSutton

RoniSutton
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 September 2014 - 09:49 AM

I will have to do this in pieces, so please be patient with me.  

  • Mbam is already set to scan for rootkits, so that's done.  To be sure, I ran another mbam scan and it said we were clean.
  • I had already downloaded AdwCleaner.  I ran that scan (note: the button says "Clean" not "Delete", I am only putting that here to be sure that I did it right and not that there really is a delete option that I missed.  The log reads:
# AdwCleaner v3.310 - Report created 18/09/2014 at 10:20:52
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Richie Sutton - RICHIESUTTON-HP
# Running from : C:\Users\Richie Sutton\Downloads\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Richie Sutton\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
I am downloading the junkware removal tool now and will paste the log soon, I hope.  Thank you for your help.  BTW, I am doing all of this from work, so bandwidth is not an issue for the immediate few hours.


#4 RoniSutton

RoniSutton
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 September 2014 - 10:25 AM

JRT scan results on to eset

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.6 (09.18.2014:1)
OS: Windows 7 Home Premium x64
Ran by Richie Sutton on Thu 09/18/2014 at 11:14:11.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/18/2014 at 11:21:38.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:50 AM

Posted 18 September 2014 - 10:34 AM

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Reset your browser settings:

  1. Click the Chrome menu on the browser toolbar.
  2. Select Settings.
  3. Click Show advanced settings and find the "Reset browser settings” section.
  4. Click Reset browser settings.
  5. In the dialog that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" checkbox is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyze trends and work to prevent future unwanted settings changes.

Did you check the Add/ Remove listing for You Tube Accelerator?

 

Check IE browser for add-ons you did not intentionally install or for any download accelerator. Tools > Add-ons

Disable or uninstall if found.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 RoniSutton

RoniSutton
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 September 2014 - 10:44 AM

Eset is scanning and has found two threats so far, will post the log when it finishes.  Yes, I checked Add/Remove for the You Tube Accelerator, it wasn't listed.  That doesn't surprise me, though, as Mbam found it this morning and I told it to get rid of it.  I will follow your directions for resetting the browser settings when I get back from the orthodontist...busy, busy, busy.  Thank you so much for your help.



#7 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:50 AM

Posted 18 September 2014 - 10:52 AM

Eset can take more than an hour....best to let it have full use of the computer's resources until it finishes scanning.

 

Once it finishes scanning and you have posted the log, run CCleaner.

Use CCleaner to cleanup the caches, temporary files, cookies, etc. Pay attention while installing and UNcheck offers of toolbars...especially Yahoo.

No need to use the Registry Cleaning Tool and it has the potential to cause a problem if used.

CCleaner - PC Optimization and Cleaning - Free Download

 

Open CCleaner and click on Uninstall. You will see a list of programs installed on your computer. On the

bottom right of that page you will see a button for copying the list. Post that list back here.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 RoniSutton

RoniSutton
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 September 2014 - 11:38 AM

It's at 31% and has found three infected files.  I left it while I went to get my son.  I am not using that computer for anything other than the scan.  I am here until 5 today, so, it won't matter if it takes another couple of hours.  I will keep you posted.



#9 RoniSutton

RoniSutton
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 September 2014 - 12:50 PM

Ok, I screwed up and failed to export the log for eset.  It found three and I told it to get rid of them and hit finish and realized I hadn't exported the log.  It won't let me go back and look at it.  Should I continue with the rest of the steps or run eset again.  I am sorry - I'm pulled in multiple directions at once and failed to go back up and read your instructions carefully.  I will try to do better.



#10 RoniSutton

RoniSutton
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 September 2014 - 02:08 PM

I hope that by making this assumption I am not wrong, but there is no option to click on "uninstall" once I install CCleaner and why would I uninstall it right after opening it anyway?

 

Once it finishes scanning and you have posted the log, run CCleaner.

Use CCleaner to cleanup the caches, temporary files, cookies, etc. Pay attention while installing and UNcheck offers of toolbars...especially Yahoo.

No need to use the Registry Cleaning Tool and it has the potential to cause a problem if used.

CCleaner - PC Optimization and Cleaning - Free Download

 

Open CCleaner and click on Uninstall. You will see a list of programs installed on your computer. On the

bottom right of that page you will see a button for copying the list. Post that list back here.

 

I am clicking on Run Cleaner...I hope I'm not screwing up again.



#11 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:50 AM

Posted 18 September 2014 - 02:11 PM

I should of said click on tools then click on uninstall....my bad.

 

Any chance you remember if Eset mentioned...pup or trojan in their description of what was removed?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 RoniSutton

RoniSutton
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 September 2014 - 02:21 PM

No, I don't, but I have seen both on this computer at varying stages of this process today.  I don't remember if it was AdWCleaner or JRT, but one found a trojan and Pups - I think AdW.

 

 Here are the files as listed by Ccleaner:

Adobe AIR Adobe Systems Inc. 4/26/2011 2.0.2.12610

Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 6/27/2014 16.4 MB 11.9.900.170
Adobe Reader 9.3.3 MUI Adobe Systems Incorporated 10/23/2010 655 MB 9.3.3
Adobe Shockwave Player 11.5 Adobe Systems, Inc 10/23/2010 30.7 MB 11.5.8.612
Apple Application Support Apple Inc. 10/29/2013 64.0 MB 2.3.6
Apple Mobile Device Support Apple Inc. 10/29/2013 25.0 MB 7.0.0.117
Apple Software Update Apple Inc. 10/29/2013 2.38 MB 2.1.3.127
Atheros Driver Installation Program Atheros 4/26/2011 9.0
ATI Catalyst Install Manager ATI Technologies, Inc. 4/26/2011 22.4 MB 3.0.790.0
Blio K-NFB Reading Technology, Inc. 10/23/2010 76.4 MB 2.0.5350
Bonjour Apple Inc. 10/29/2013 2.04 MB 3.0.0.10
CCleaner Piriform 9/18/2014 4.17
Cisco EAP-FAST Module Cisco Systems, Inc. 4/26/2011 1.55 MB 2.2.14
Cisco LEAP Module Cisco Systems, Inc. 4/26/2011 644 KB 1.0.19
Cisco PEAP Module Cisco Systems, Inc. 4/26/2011 1.23 MB 1.1.6
CyberLink DVD Suite CyberLink Corp. 10/23/2010 37.6 MB 7.0.3320
Diablo II Blizzard Entertainment 6/22/2014
DVD Menu Pack for HP MediaSmart Video Hewlett-Packard 4/26/2011 100 MB 4.2.4412
Energy Star Digital Logo Hewlett-Packard 4/26/2011 300 KB 1.0.1
ESET Online Scanner v3 9/18/2014
Google Chrome Google Inc. 8/15/2013 36.0.1985.125
HP 3D DriveGuard Hewlett-Packard Company 4/26/2011 8.24 MB 4.0.10.1
HP CloudDrive Zecter Inc. 4/26/2011
HP Documentation Hewlett-Packard 10/23/2010 684 MB 1.3.0.0
HP DVB-T TV Tuner 8.0.64.43 4/26/2011 8.0.64.43
HP Games WildTangent 4/26/2011 1.0.1.5
HP MediaSmart DVD Hewlett-Packard 4/26/2011 107 MB 4.2.4521
HP MediaSmart Movies and TV Hewlett-Packard 4/26/2011 1.37 MB 1.0.1.2
HP MediaSmart Music Hewlett-Packard 4/26/2011 75.0 MB 4.2.4604
HP MediaSmart Photo Hewlett-Packard 4/26/2011 278 MB 4.2.4513
HP MediaSmart SmartMenu Hewlett-Packard 4/26/2011 1.93 MB 3.1.2.2
HP MediaSmart Video Hewlett-Packard 4/26/2011 316 MB 4.2.4522
HP MediaSmart Webcam Hewlett-Packard 4/26/2011 197 MB 4.2.3303
HP MediaSmart/TouchSmart Netflix Hewlett-Packard 4/26/2011 9.66 MB 1.0.4.0
HP MovieStore Hewlett-Packard 4/26/2011 90.8 MB 2.0.2
HP Photo Creations HP Photo Creations Powered by RocketLife 4/26/2011 40.0 MB 1.0.0.4042
HP Power Manager Hewlett-Packard Company 4/26/2011 3.17 MB 1.1.2
HP Quick Launch Hewlett-Packard Company 10/23/2010 5.95 MB 2.2.7
HP Setup Hewlett-Packard Company 10/23/2010 8.4.4400.3525
HP Setup Manager Hewlett-Packard Company 4/26/2011 6.03 MB 1.0.12844.3519
HP Software Framework Hewlett-Packard Company 10/23/2010 2.50 MB 4.0.70.1
HP Wireless Assistant Hewlett-Packard Company 10/23/2010 5.60 MB 4.0.10.0
IDT Audio IDT 4/26/2011 1.0.6292.0
iTunes Apple Inc. 10/29/2013 215 MB 11.1.2.32
Java 7 Update 40 Oracle 10/4/2013 118 MB 7.0.400
Java™ 6 Update 21 (64-bit) Oracle 10/23/2010 90.4 MB 6.0.210
LabelPrint CyberLink Corp. 10/23/2010 281 MB 2.5.3220
LightScribe System Software LightScribe 4/26/2011 24.6 MB 1.18.18.1
Malwarebytes Anti-Malware version 2.0.2.1012 Malwarebytes Corporation 8/24/2014 53.1 MB 2.0.2.1012
Microsoft .NET Framework 4.5.1 Microsoft Corporation 2/27/2014 38.8 MB 4.5.50938
Microsoft Office 2010 Microsoft Corporation 10/23/2010 6.31 MB 14.0.4763.1000
Microsoft Office Click-to-Run 2010 Microsoft Corporation 9/5/2013 14.0.4763.1000
Microsoft Office Starter 2010 - English Microsoft Corporation 9/5/2013 14.0.4763.1000
Microsoft Security Essentials Microsoft Corporation 9/13/2014 4.6.305.0
Microsoft Silverlight Microsoft Corporation 7/23/2014 199 MB 5.1.30514.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10/23/2010 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8/16/2013 300 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 4/26/2011 708 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10/23/2010 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 4/26/2011 784 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 8/16/2013 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10/23/2010 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 4/26/2011 592 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 8/16/2013 600 KB 9.0.30729.6161
Movie Theme Pack for HP MediaSmart Video Hewlett-Packard 4/26/2011 428 MB 4.2.4412
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 5/8/2013 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 5/8/2013 1.33 MB 4.20.9876.0
PhotoNow! CyberLink Corp. 4/26/2011 39.3 MB 1.1.7717
PictureMover Hewlett-Packard Company 4/26/2011 61.5 MB 3.5.0.33
PlayReady PC Runtime x86 Microsoft Corporation 10/23/2010 1.65 MB 1.3.0
Power2Go CyberLink Corp. 10/23/2010 198 MB 6.1.4419
PowerDirector CyberLink Corp. 10/23/2010 828 MB 8.0.3320
Realtek Ethernet Controller Driver For Windows 7 Realtek 4/26/2011 7.23.623.2010
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 4/26/2011 6.1.7600.30113
RoxioNow Player RoxioNow 4/26/2011 10.9 MB 1.9.5.101
Synaptics Pointing Device Driver Synaptics Incorporated 4/26/2011 46.4 MB 15.1.6.64
System Optimizer Pro 383 Media, Inc. 6/27/2014 1.0
Times Reader The New York Times Company 4/26/2011 2.055
Unity Web Player Unity Technologies ApS 6/26/2014 12.0 MB 4.5.1f3
Windows Live Essentials Microsoft Corporation 10/23/2010 15.4.3502.0922


#13 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:50 AM

Posted 18 September 2014 - 03:39 PM

I had the below all typed up and just as I was going to hit post I had a 20 minute power failure. :(

 

Uninstall these:

Adobe AIR Adobe Systems Inc. 4/26/2011 2.0.2.12610

Adobe Reader 9.3.3 MUI Adobe Systems Incorporated 10/23/2010 655 MB 9.3.3

Java 7 Update 40 Oracle 10/4/2013 118 MB 7.0.400
Java™ 6 Update 21 (64-bit) Oracle 10/23/2010 90.4 MB 6.0.210
RoxioNow Player RoxioNow 4/26/2011 10.9 MB 1.9.5.101
System Optimizer Pro 383 Media, Inc. 6/27/2014 1.0
 
Java is out of date and insecure...if you don't use it for a game or other don't reinstall unless a game or website requests it.
That's Java....NOT java script...you need java script
 
If you only use Adobe Reader for viewing pdf files then I suggest you use a lighter and more secure program such as Free PDF Reader - Sumatra PDF
 
AdwCleaner and Junkware Tool found no adware according to the logs you posted.
 
If you are still having malware or adware problem please let me know.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 RoniSutton

RoniSutton
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 18 September 2014 - 03:43 PM

Thanks, will do.  I appreciate all of your help.  We will see how it goes this evening.



#15 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:50 AM

Posted 18 September 2014 - 09:11 PM

There are a ton of extensions/ apps for the Chrome browser that contain the Superfish adware. So after

resetting Chrome, which supposedly removes all extensions, Superfish will come back if you reinstall an add-on

that you previously had. It may even be triggered by a game you play...especially if it is free game. Testing will tell

you that.

 

EDIT: one mentioned extension copied from How do I remove Superfish from Chrome? It doesn't show in my extensions list. - Google Product Forums

 

QUOTE: I found the culprit on my Chrome: Facebook ++ (found here: https://chrome.google.com/webstore/detail/facebook-%20%20/paacdnaidbnbgpjnbhmdjchcjkdbgdom)


Edited by buddy215, 18 September 2014 - 09:24 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users