Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CloudScout ads


  • Please log in to reply
9 replies to this topic

#1 newarrior

newarrior

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 18 March 2015 - 12:42 AM

I've been helping my girlfriend clean up her computer after a real nasty set of viruses. One I'm having trouble with is CloudScout ads. I've run Malwarebytes and adwcleaner, neither of which seem to be able to catch it. I've looked around and people say you can uninstall it, but there's nothing named CloudScout in the uninstall list. All the programs look normal. Any help would be appreciated! 



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:19 AM

Posted 18 March 2015 - 05:17 AM

CloudScout Parental Control, CloudGuard, Desktop Temperature Monitor, and CheckMeUp are typical entries found in Programs and Featres (Add/Remove Programs). In most cases, using the program's uninstaller not only removes it more effectively, but it also restores many changed configuration settings. Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable and follow these instructions for using it. Revo will do a more thorough job of searching for and removing related registry entries, files and folders.

The next place to check is your browser extensions and add-ons/plug-ins.To reset your browser settings to default:To reset the browser home page if it was changed, please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 newarrior

newarrior
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 18 March 2015 - 10:30 AM

I think the browser reset worked, thank you! I'll update if I'm still having problems :)



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:19 AM

Posted 18 March 2015 - 01:14 PM

One characteristic of PUPs and other junkware is that they insert themselves (components) into various areas throughout a computer's operation system to include browsers, hidden folders and windows registry making it more difficult to remove.

I would recommend doing the following to ensure any remnants are found and removed.

Download the following tools to your desktop and use them in the order listed. They will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

Malwarebytes Anti-Malware 2.0
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Install Malwarebytes Anti-Malware and perform a THREAT SCAN following these instructions.
  • If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
  • When finished, post the complete log in your next reply to include the top portion which shows database version and your operating system.
  • Refer to this topic for instructions on how to save/export a Scan log...How do I access and save logs from Malwarebytes Anti-Malware?.
.
2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 newarrior

newarrior
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 20 March 2015 - 11:06 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/20/2015
Scan Time: 5:42:16 AM
Logfile: 
Administrator: Yes
 
Version: 0.00.0.0000
Malware Database: v2015.03.20.04
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: LeeLemon
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344958
Time Elapsed: 6 min, 37 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

It says it didn't catch anything for some reason, but it had 4 CloudScout files in quarantine when I woke up. They have been deleted.



#6 newarrior

newarrior
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 20 March 2015 - 11:10 AM

 

# AdwCleaner v4.112 - Logfile created 20/03/2015 at 09:06:58

# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : LeeLemon - LEELEMON-PC
# Running from : C:\Users\LeeLemon\Desktop\Programs\adwcleaner_4.112.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\LeeLemon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage
File Deleted : C:\Users\LeeLemon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage-journal
File Deleted : C:\Users\LeeLemon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\LeeLemon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Google Chrome v41.0.2272.89
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [8831 bytes] - [09/03/2015 22:42:49]
AdwCleaner[R1].txt - [2008 bytes] - [09/03/2015 22:46:39]
AdwCleaner[R2].txt - [1839 bytes] - [17/03/2015 22:27:10]
AdwCleaner[R3].txt - [1673 bytes] - [20/03/2015 09:03:05]
AdwCleaner[S0].txt - [8782 bytes] - [09/03/2015 22:44:46]
AdwCleaner[S1].txt - [2084 bytes] - [09/03/2015 22:48:25]
AdwCleaner[S2].txt - [2211 bytes] - [17/03/2015 22:30:27]
AdwCleaner[S3].txt - [1608 bytes] - [20/03/2015 09:06:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1667  bytes] ##########
 


#7 newarrior

newarrior
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 20 March 2015 - 11:21 AM

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Professional x64
Ran by LeeLemon on Fri 03/20/2015 at  9:11:15.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\LeeLemon\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/20/2015 at  9:13:28.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:19 AM

Posted 20 March 2015 - 12:57 PM

Now perform a scan with emsisoft_emergency_kit.pnglogo.png

Please download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click on EmsisoftEmergencyKit.exe to install and create a shortcut on the desktop.
  • Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually C:\) as shown here.
  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
    rxYDlQ1.png
    .
  • When asked to run an online update, click Yes.
    dQaKPnk.png
    .
  • When the update is finished, click the Back to Security Status link in the left corner.
  • On the main screen click the Scan PC button.
  • Select Smart Scan, then click the Scan button.
  • When the scan is finished, click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
    g5ojhHp.png
    .
  • Click the View Report button and in the Reports window double-click on the most recent log. Logs are named as follows: a2scan_Date-Time.txt (YYMODY) and saved to C:\EEK\bin\Reports\.
  • Alternatively you can click Export and save the log to your Desktop, then open by double-clicking on it.
  • Copy and paste the contents of that logfile in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 newarrior

newarrior
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:19 AM

Posted 25 March 2015 - 12:28 AM

 

Emsisoft Emergency Kit - Version 9.0

Last update: 3/23/2015 11:16:05 PM
User account: LeeLemon-PC\LeeLemon
 
Scan settings:
 
Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 3/23/2015 11:16:43 PM
Value: HKEY_USERS\S-1-5-21-3207657109-3920658093-2391203142-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3207657109-3920658093-2391203142-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F} detected: Application.Win32.InstallAd (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\ASKPARTNERNETWORK detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\ASKPARTNERNETWORK detected: Application.InstallAd (A)
C:\Program Files\Adobe\Adobe Media Encoder CS6\amtlib.dll detected: Riskware.Win32.CrackTool (A)
 
Scanned 309237
Found 7
 
Scan end: 3/23/2015 11:59:32 PM
Scan time: 0:42:49
 


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,597 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:19 AM

Posted 25 March 2015 - 04:58 AM

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users