Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Infections, MWB won't start, AVG free won't finish a scan


  • Please log in to reply
6 replies to this topic

#1 FamilyTech

FamilyTech

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 26 September 2014 - 07:52 AM

Having some issues ridding a family members laptop of a few infections. I can see it's infected with Cool Edit Pro 2.0, InboxAce and System Optimizer Pro at the very least. Malwarebytes will not start, AVG doesn't finish a scan, Rkill sees no issues, neither does TDSS killer. JRT has picked up a few and removed them successfully. I also keep getting popups telling me Java is out of date, which it is not. I also can not install any extensions to chrome, mainly https everywhere and adblock plus. Any help would be appreciated as I am at a dead end

Edited by Queen-Evie, 26 September 2014 - 10:29 PM.
moved from Vista to the appropriate forum


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:10 PM

Posted 26 September 2014 - 09:46 AM

Try this: Malwarebytes | Chameleon - Free Malware Removal Tool

 

Check your Add/ Remove program list for the junkware if you haven't done that. Though sometimes the uninstallers

for junkware don't work. If they are listed there and the uninstallers aren't actually uninstalling then give Revo Uninstaller

a try. Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems

 

You can reset Google Chrome.

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Reset your browser settings:

  1. Click the Chrome menu on the browser toolbar.
  2. Select Settings.
  3. Click Show advanced settings and find the "Reset browser settings” section.
  4. Click Reset browser settings.
  5. In the dialog that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" checkbox is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyze trends and work to prevent future unwanted settings changes.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 FamilyTech

FamilyTech
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 26 September 2014 - 08:39 PM

Thanks for the suggestions Buddy. Unfortunately Chameleon is unable to get MWB to start and chrome refuses to reset. Revo ran the uninstalls that it could and purged the registry keys for both InboxAce and System Optimizer Pro, InboxAce persists still



#4 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:10 PM

Posted 27 September 2014 - 04:55 AM

Did you try......Follow the instructions in the included CHM Help File or, if the help file will not open, simply try to run the files by double-clicking on them one by one until one of them remains open, then follow the onscreen instructions.

Did you uninstall MBAM before attempting to use the Chameleon version? That may help.

 

 

download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

Download and Install Super Antispyware FREE. Boot into Safe Mode With Networking. Run a full scan.

SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

 

Alternate methods of starting SUPERAntiSpyware and Troubleshooting

At times, you may run into a situation where you cannot install or start SUPERAntiSpyware. Many times this is caused by infections that are purposely blocking SUPERAntiSpyware from running in order to protect itself. Below is a list of steps that you should take if you are having trouble installing or running the program.

If you are unable to install SUPERAntiSpyware through the normal installer, you can try and download the following alternate installers and use them instead:

SUPERAntiSpyware FREE Edition Installer

 

If SUPERAntiSpyware is installed, but you are unable to launch the program, then please try each of these methods in the following order until the program launches:

  • Launch the program through the SUPERAntiSpyware Alternate Start shortcut in the SUPERAntiSpyware program folder in your Start Menu.
     
  • Rename C:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe to C:\program files\SUPERAntiSpyware\explorer.exe and try launching the explorer.exe program.
     
  • Download the RUNSAS.exe program and launch it.
     
  • If none of the previous steps allowed you to launch SUPERAntiSpyware, then please download and launch SASSAFERUN.COM. This program can be copied to USB Flash drives or other external media and run directly from there.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 FamilyTech

FamilyTech
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 27 September 2014 - 07:13 AM

Thanks again for your Help Buddy. Running chameleon was not the problem, chameleon starts fine, malwarebytes fails to start, copy paste log follows. JRT was run with no protections in effect. System Optimizer Pro appears to be gone, many thanks. InboxAce was detected by SAS and removed before scan, however, sticky little bugger is still in effect, occasional home page redirect to 

chrome-extension://coolmmifehojljimbcaofgihoaaoaaan/components/supertab/html/supertab.html    Chrome reset still has no effect

 

MBAM-Chameleon ver. 3.1.4

Press any key to continue
Installing Driver...
Protected Path: C:\Users\JacLin\Downloads\mbam-chameleon-3.1.4.0 (1)\Chameleon\W
indows\
...Done!
Malwarebytes Anti-Malware not found
Trying to run mbam-setup, please wait...
mbam-setup not found
Trying to download it from the web, please wait...
Downloaded 17292760 bytes...
...Done!
Trying to run mbam-setup-downloaded.exe, please wait...
...Done!
Trying to start Malwarebytes Anti-Malware, please wait...
Failed to start Malwarebytes Anti-Malware
Killing known malicious processes, please wait...
 
Mbam-killer Timeout set to 1800 seconds.
Mbam-killer is scanning - Press C to cancel...
Mbam-killer scan is complete.                                              C3D-
Mbam-killer is exiting.
 
Malwarebytes Anti-Malware has terminated - unable to start the scan.
Removing protection driver...
...Done!
Press any key to continue
 
 
 
# AdwCleaner v3.310 - Report created 27/09/2014 at 20:37:13
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : JacLin - JACLIN-PC
# Running from : C:\Users\JacLin\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\JacLin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [17382 octets] - [26/09/2014 20:34:56]
AdwCleaner[R1].txt - [1279 octets] - [26/09/2014 21:38:47]
AdwCleaner[R2].txt - [1073 octets] - [27/09/2014 11:22:55]
AdwCleaner[R3].txt - [1194 octets] - [27/09/2014 20:34:45]
AdwCleaner[S0].txt - [17061 octets] - [26/09/2014 20:36:19]
AdwCleaner[S1].txt - [1047 octets] - [27/09/2014 11:24:21]
AdwCleaner[S2].txt - [1029 octets] - [27/09/2014 20:37:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1089 octets] ##########
 
JRT log
 
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Home Premium x86
Ran by JacLin on Sat 27/09/2014 at 20:44:13.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 27/09/2014 at 20:47:38.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

SUPERAntiSpyware Scan Log
 
Generated 09/27/2014 at 09:27 PM
 
Application Version : 6.0.1146
Database Version : 11527
 
Scan type       : Complete Scan
Total Scan Time : 00:12:10
 
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
 
Memory items scanned      : 325
Memory threats detected   : 0
Registry items scanned    : 34961
Registry threats detected : 0
File items scanned        : 15856
File threats detected     : 12
 
Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\JACLIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JACLIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JACLIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JACLIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JACLIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JACLIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\JACLIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JACLIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JACLIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JACLIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JACLIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JACLIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 
============
 End of Log 
============


#6 FamilyTech

FamilyTech
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 27 September 2014 - 07:21 AM

Revo has been able to remove InboxAce this time around, appears to be resolved. 



#7 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:10 PM

Posted 27 September 2014 - 09:09 AM

Suggest you uninstall and reinstall MBAM. Attempt to run a scan again. Be sure to check in Scan Settings

and insure that it is scanning for rootkits.

Use mbam-clean.exe to completely remove Malwarebytes Anti-Malware – Consumer Support

 

  • Run the ESET Online Scanner.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Use CCleaner to cleanup the caches, temporary files, cookies, etc. Pay attention while installing and UNcheck offers of toolbars...especially Yahoo.

No need to use the Registry Cleaning Tool and it has the potential to cause a problem if used.

CCleaner - PC Optimization and Cleaning - Free Download


Edited by buddy215, 27 September 2014 - 10:44 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users