Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intrusive Malware


  • This topic is locked This topic is locked
11 replies to this topic

#1 clayto

clayto

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 09 February 2015 - 06:19 PM

My W8.1 Tablet is infested with eFix Pro/ Reimage and other Adware, constantly taking over the pages I am trying to read or logins I am trying to complete, with promises to repair / speed up my PC or deal with malware threats.   I have been advised to uninstall it.  The problem is, I cant find any of it.  It does not show up in Programs or in searches or uninstall utilities.

 

What should I do?

 

clayto



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:12 PM

Posted 14 February 2015 - 09:24 AM

hi clayto,

 

My name is shelf life and I will try to help you with the problem. Since your post is pretty old simply reply back if you still need help and we will go from there.


How Can I Reduce My Risk to Malware?


#3 clayto

clayto
  • Topic Starter

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 15 February 2015 - 08:31 AM

Hi sherif life. Yes, I would like help with this issue.  The intensity of the intrusions seems to come and go but I have found help Forums, like this, especially prone to the attacks at some times, an outfit called Reimage being a particular offender.  I though I had a solution awhile ago with a program called Simple Website Blocker but it just didnt work ----- the producers say they think it is because of an issue with Windows 8/8.1 which they will sort out eventually, hopefully.

 

clayto



#4 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:12 PM

Posted 15 February 2015 - 01:11 PM

ok. We will get two downloads to use as a start anyway, Adwcleaner and JRT.exe. Both of these target adware.

 

1) Please download adwcleaner and save to your desktop.

 

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.

    Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.

    Allow the system to reboot. You will then be presented with the report at restart. Copy & Paste this report on your next reply.

 

    http://www.bleepingcomputer.com/download/adwcleaner/

 

    Note: The log can also be located in your root drive, C:>AdwCleaner >AdwCleaner[S0].txt

==========================================================

  2)   Please download Junkware Removal Tool to your desktop.

 

     http://thisisudax.org/downloads/JRT.exe

 

    Shutdown your antivirus to avoid any conflicts.

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator

    The tool will open and start scanning.

    Please be patient as this can take a while to complete.

    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    Post the contents of JRT.txt into your next message


How Can I Reduce My Risk to Malware?


#5 clayto

clayto
  • Topic Starter

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 21 February 2015 - 05:02 AM

Hello shelf life

 

My apologies for being so long replying.  I have just downloaded the new version of AdW Cleaner but I cannot get it to run.  I have used the program for some time and felt I had some problems with its results but it has always run OK.  I have a separate posting elswhere in this Forum.  The log from the other program you recommended, JRT, is below:

 

clayto

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 Connected x86
Ran by Christopher on 16/02/2015 at 14:48:19.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3096278351-4082915118-3595364138-1001
Successfully deleted: [File] C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3096278351-4082915118-3595364138-500



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Christopher\Local Settings\Application Data\filetypeassistant"
Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"
Successfully deleted: [Folder] "C:\Program Files\askpartnernetwork"



~~~ FireFox

Successfully deleted: [File] C:\Users\Christopher\AppData\Roaming\mozilla\firefox\profiles\7inxbbrt.default\searchplugins\safesearch.xml
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c7ae725d-fa5c-4027-bb4c-787ef9f8248a}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/02/2015 at 15:01:50.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 clayto

clayto
  • Topic Starter

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 21 February 2015 - 09:05 AM

Here is the log from AdwCleaner (new version).  I dont think it found much.  There were a couple of Registry entries listed and cleaned.  As it happens I have not been plagued by the adware anything like so badly during the past week or so, maybe the worst is over.

 

clayto

 

 

# AdwCleaner v4.111 - Logfile created 21/02/2015 at 13:19:38
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1 Connected  (x86)
# Username : Christopher - HOME
# Running from : C:\Users\Christopher\Downloads\adwcleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.115


-\\ Opera v27.0.1689.54


*************************

AdwCleaner[R0].txt - [1692 bytes] - [07/02/2015 12:45:02]
AdwCleaner[R1].txt - [1751 bytes] - [07/02/2015 12:53:46]
AdwCleaner[R2].txt - [1810 bytes] - [07/02/2015 13:06:53]
AdwCleaner[R3].txt - [2300 bytes] - [07/02/2015 18:17:04]
AdwCleaner[R4].txt - [1723 bytes] - [08/02/2015 00:12:29]
AdwCleaner[R5].txt - [2477 bytes] - [08/02/2015 17:59:42]
AdwCleaner[R6].txt - [1786 bytes] - [17/02/2015 13:07:52]
AdwCleaner[R7].txt - [1405 bytes] - [18/02/2015 12:10:10]
AdwCleaner[R8].txt - [1677 bytes] - [21/02/2015 13:17:45]
AdwCleaner[S0].txt - [1799 bytes] - [08/02/2015 00:13:13]
AdwCleaner[S1].txt - [2575 bytes] - [08/02/2015 18:01:02]
AdwCleaner[S2].txt - [1866 bytes] - [17/02/2015 13:08:53]
AdwCleaner[S3].txt - [1471 bytes] - [18/02/2015 12:20:31]
AdwCleaner[S4].txt - [1608 bytes] - [21/02/2015 13:19:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1667  bytes] ##########
 



#7 clayto

clayto
  • Topic Starter

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 21 February 2015 - 10:09 AM

It appears I have breached protocols.  I apologise.  I sometimes tend to forget where I have posted.  I always do a search for my own name to check, but I find the search results are not always complete.

 

As you can see I have managed to download and run AdWare Cleaner, by using a different browser.  Firefox was completely unsuccessful.  The download with Internet Explorer was declared a threat by Norton and quarantined but I over-road it.  

 

clayto



#8 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:12 PM

Posted 21 February 2015 - 04:11 PM

ok, no problem. So does the malware appear to be gone now after using Adwcleaner? If not you can continue on with another download;

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

    Right-click FRST then click "Run as administrator"

    When the tool opens

    click Yes to disclaimer.

    Press the Scan button.

    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.

    Please copy and paste the log in your next reply.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#9 clayto

clayto
  • Topic Starter

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 21 February 2015 - 08:15 PM

Hello

 

I have used the Farbar Tool and sent logs to Malwarebytes at their request, as for a few weeks they have been trying to help me with the fact that  Malwarebytes will not run on my Tablet, it produces an error message to the effect that it cannot open correctly. So far they have not found the solution (they have certainly tried very hard) -----  I am expecting to hear from them again tomorrow (Monday) with what they think is the answer to the problem.  I use Malwarebytes with some success on my 'old' computer, an XP3.  My problem now is with my new 8.1 Tablet and I am fairly sure that much of the advertising malware came installed on the new machine.  I think I might end up with several anti-ad programs ---- am I right in concluding that they do not clash in the same way that anti-virus programs often do?

 

clayto



#10 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:12 PM

Posted 21 February 2015 - 09:01 PM

 

I am fairly sure that much of the advertising malware came installed on the new machine

Most commercially purchased machines come loaded with bloatware so that could be the source. Should be easy to remove though.

Its not a Lenovo tablet is it?

A few Anti-ad programs should be ok.


How Can I Reduce My Risk to Malware?


#11 clayto

clayto
  • Topic Starter

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:12 PM

Posted 22 February 2015 - 06:49 AM

Hi

 

No it is not Lonovo (I have heard about the court action) it is a Quantumn View, only released here August 2015.. The malware invasion hit as soon as I used it. Much of it blocked my access to webpages, including the sign in for Bleepingcomputer. At times it took me as much as half an hour to, clicking delete on popups.  But I have not had this for a little while so maybe the efforts with AdW Clean etc have done the job.  Ironically, one of the preloaded programs was a trial of Norton 360 ----- I was due to renew so I kept it.  I like Norton and the back up service they provide but it did not seem to catch adware so effectively, hence my interest in having more than one anti-ad program.

 

Best wishes and thanks for your advice.

 

clayto. 



#12 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:12 PM

Posted 02 March 2015 - 06:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users