Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple PUPS / ADWARE / MALWARE NEED HELP TRIED EVERYTHING


  • Please log in to reply
9 replies to this topic

#1 3von

3von

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 29 October 2014 - 07:15 AM

 Since this is my first post, I'd like to say hello to all! Let me introduce myself. For anonymity, I'll say I'm 3von. I'm age 20, and I'm a decent computer programmer. (so i've been told.)

 

Some facts about me:

I run a graphic design business. 

I love tic tacs (Freshmint flavour)

I used to co-own a very famous clothing company and design the shirts / shoot the models wearing them.

I'm a film maker and I've won multiple awards.

I love skateboarding, and used to be semi-pro, but then stopped due to a back injury. 

I love anything about computers / technology.

I wish I was running on an iMac.

Although I love Windows 7.

I am fluent in almost every key of music, and have multiple forms of Synesthesia

 

and i'm truly sorry about the malformation of this post. I've been awake four days trying to fix this.

 

 

Current issue #1: backdoor.andromeda

I've removed it from all my browsers already.

 

Nutshell Preface: Old computer got infected by clicking too fast on some freeware. Infected my browsers. Removed them from browser. Signed into Gmail on said computer thinking it was gone, because MBAM / MBAR said it found no infections. 

 

Computer gradually "turned to dust" as it were. Nothing would open, things in the bios would get deleted (auto recovery), etc.

 

Got new computer (Lenovo G560, Win7 Pro, 4.0 GB of RAM, Intel Pentium CPU P61000 @ 2.00GHz, 64 Bit.

 

Signed into said Gmail on new computer and what can you guess? Infected with the same tooldbar annoyances. Removed them all. Tried the One Key Restore option, but that part of the BIOS was deleted by Andromeda. MBAM / MBAR / Rkill will not pick it up, so I think Andromeda has modified every version of Malware / PUP / Virus removal software. For the record, I do not have another computer. 

Also, when I try to run any malware removal tools etc. offline, they will not run.

 

I then, ran ComboFix, and that seemed to get rid of it, but I don't understand the log file. When asked, I will run it again, and post the log file. 

 

I have Anti-Logger currently running, but who knows if that's even protecting anything. Andromeda could have modified that too.

 

Current issue #2: SPYHUNTER

 

In an attempt to remove Andromeda, I downloaded (like a fool) SpyHunter 4. It says I have 51 infections. Andromeda wasn't one of them, but a search program was, something along the lines of "mysearch" or summit like that. 

 

So, I tried Microsoft's "fix it" uninstaller, but it asks for the 38 digit code of the program, which is specific for everyone who's downloaded it, and I can't find it. Then, I tried to delete it from the registry, which didn't work. The reason I tried this, is because the uninstaller will probably uninstall it, force me to reboot, and when i do it'll make insane changes to my start up programs, and spam me with popups saying "INSTALL SPYHUNTER WE MISS YOU JOIN THE DARKSIDE" #jokesButSeriously...\

 

 

So I haven't a clue what to do. It seems as if it's infected every aspect of my removal toolbox.

 

 

ANY INFO ON EITHER OF THESE TERRIBLE PROBLEMS WOULD BE GREATLY GREATLY APPRECIATED.

 

 

 

Thank you so much.

 

- 3von


Edited by 3von, 29 October 2014 - 07:54 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:45 PM

Posted 29 October 2014 - 07:56 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"



p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 3von

3von
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 30 October 2014 - 04:33 AM

Did not want this information on the internet. PM me for the .txt file.


Edited by 3von, 31 October 2014 - 12:22 AM.


#4 3von

3von
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 30 October 2014 - 10:48 AM

The photoshop file that I had running, and the process was terminated... was that a false positive? If it is infected somehow, is there a way to disinfect it? I really need it for my business.



#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:45 PM

Posted 30 October 2014 - 06:09 PM

You're fine there.

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Please run a free online scan with the ESET Online Scanner.

  • Disable your antivirus program
  • Internet Explorer users - Click on this link to open ESET OnlineScan.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check "Enable detection of potentially unwanted applications".
  • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
    Do NOT checkmark "Use custom proxy settings"
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 3von

3von
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 31 October 2014 - 12:34 AM

You're fine there.

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Please run a free online scan with the ESET Online Scanner.

  • Disable your antivirus program
  • Internet Explorer users - Click on this link to open ESET OnlineScan.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check "Enable detection of potentially unwanted applications".
  • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
    Do NOT checkmark "Use custom proxy settings"
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

I did the previous. as with every other step nothing was found. Followed the instructions to the T. I can not remove SpyHunter without the 38 code of the file. I've given up hope. Could not export a txt log of the outcome of the online scanner. I closed my laptop, went to the store, came back, and it was frozen. Tried opening up task manager, screen went black. Went into safe mode, ran ComboFix and ccleaner, and restarted. Working fine. Except FF updated itself, and i'm unsure about this side bar that popped up, whether it is a part of the newest ver. of FF. or another virus. I didn't feel comfortable leaving all that information viewable on the internet, but I have it saved. If you could PM me it'd be better for me.



#7 3von

3von
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 31 October 2014 - 08:46 AM

You "seem" knowledgable, but it's the internet brother. I don't know what these programs are, If you could give me some insight as into what you''re seeing thus far, i'd appreciate that.



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:45 PM

Posted 31 October 2014 - 02:53 PM

Combofix is not allowed in this forum and I didn't ask you to run it.

Since you did...

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 3von

3von
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 01 November 2014 - 02:46 PM

http://www.bleepingcomputer.com/forums/t/554287/computer-not-running-at-optimal-speed-infected-somehow/



#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:45 PM

Posted 01 November 2014 - 07:43 PM

p22003888.gif


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users