Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant remove webssearches


  • This topic is locked This topic is locked
5 replies to this topic

#1 Jimmyt71

Jimmyt71

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 23 October 2014 - 02:37 PM

Hi guys,

1 of the kids was trying to install something called Show Box and has infected the laptop with the above.I've tried everything to get rid of it but it's still on here. When I ran SAS it didn't find it and when I run malwarebytes, it gets so far into the scan and the laptop restarts because it says it has encountered a problem. Also, programs are slow or not responding.

Any help would be appreciated.

Thanks in advance,

Jimmy

Attached Files



BC AdBot (Login to Remove)

 


#2 Jimmyt71

Jimmyt71
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:41 PM

Posted 27 October 2014 - 03:51 PM

Hi

 

I tried running malwarebytes again twice this evening, stopping the program myself when it found something. After I quarantined the items, I tried torun the program fully but again it restarted the laptop.Here are the logs.




2014/10/27 19:50:16 GMT
mbam-log-2014-10-27 (19-50-00).xml
yes


2.00.3.1025
v2014.10.22.08
v2014.10.21.01
premium
enabled
enabled
disabled


Windows 7 Service Pack 1
x86
jordan
NTFS


threat
cancelled
170200
962
0
0
0
0
0
0
1
0


enabled
enabled
enabled
enabled
disabled
disabled
enabled
enabled
enabled



C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml
PUP.Optional.WebsSearches.A
success
c5fb8e89e29a38fe2d6421289a69b44c




2014/10/27 20:10:21 GMT
mbam-log-2014-10-27 (20-07-23).xml
yes


2.00.3.1025
v2014.10.27.06
v2014.10.22.01
premium
enabled
enabled
disabled


Windows 7 Service Pack 1
x86
jordan
NTFS


threat
cancelled
253600
625
0
0
3
0
0
0
0
0


enabled
enabled
enabled
enabled
disabled
disabled
enabled
enabled
enabled



HKLM\SOFTWARE\webssearchesSoftware
PUP.Optional.WebsSearches.A
success
8d25b960fc80270f08d45cf219eaab55


HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bejbohlohkkgompgecdcbbglkpjfjgdj
PUP.Optional.uTorrentBar.A
success
743eb762c3b9e2545b5fc65fb94a7f81



#3 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:11:41 AM

Posted 28 October 2014 - 02:12 PM

Hello Jimmyt71-

 

My name is Johnny Computer and I will be helping you clean up your system.  I will need some time to look over your logs and will get back to you A.S.A.P. with further instructions. :wink:

 

Thanks :)


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#4 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:11:41 AM

Posted 28 October 2014 - 03:51 PM

Hello Jimmyt71-

 

 

Hello and    :welcome:    to BLEEPING COMPUTER

My name is Johnny Computer and I will be helping you with your malware related computer issues today   

Before we move on, please read the following points carefully.

 

§  First, I would like to inform you that most of us here at Bleeping Computer are volunteers. The logs you will be asked to submit can take time to analyze. Please try to match our commitment to you with your patience toward us.
§  Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
§  IMPORTANT-----> Post all logfiles as a reply rather than as an attachment. If you can not post all log files in one reply, feel free to use more posts.
§  Perform everything in the correct order. Sometimes one step requires the previous one.
§  If you have any problems while following my instructions, Stop and ask any questions you may have.
§  Please stay with me until I have notified you that your system is All Clean. Absence of symptoms does not necessarily mean your machine is clean.  
§  If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
§  IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 

 ========================================================================================

 

Going over your logs I noticed that you have uTorrent installed.

§  Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

§  They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

§  Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

§  The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall
 uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

 

 ======================================================================

 

Please download AdwCleaner by Xplode and save to your Desktop.
§  Double click on AdwCleaner.exe to run the tool.

Vista/Windows 7/8 users right-click and select Run As Administrator
§  Click on the Scan button.
§  AdwCleaner will begin...be patient as the scan may take some time to complete.
§  After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
§  The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
§  Copy and paste the contents of that logfile in your next reply.
§  A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
 

 

 ========================================================================================

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

§  Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).

§  When the tool opens, click Yes to disclaimer.

§  Press the Scan button.

§  When finished, it will produce a log called FRST.txt in the same directory the tool was run from.

§  Please copy and paste the log in your next reply.

 

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

 

 ===================================================================================

 

IN YOUR NEXT REPLY I NEED:

 

1.)    Your ADWCleaner log

2.)   Your FRST Log

 

Thanks   :)

 

 


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#5 Johnny Computer

Johnny Computer

  • Malware Response Team
  • 1,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:11:41 AM

Posted 01 November 2014 - 02:41 PM

Hello Jimmyt71-

As stated in my welcome post

 

If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

 


It has been more than 3 days since my last post. Do you still need help? If so please follow the instructions in my previous post and copy and paste the log.

Thanks :)


avatar591802_2.gif"DO OR DO NOT. THERE IS NO TRY."


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,417 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:41 PM

Posted 03 November 2014 - 03:13 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users