Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

I need a solution to one of the Adwares on my Computer


  • Please log in to reply
28 replies to this topic

#1 Guest_Seranok_*

Guest_Seranok_*

  • Guests
  • OFFLINE
  •  

Posted 26 March 2015 - 06:48 AM

Hey everyone, Seranok here. I need help with my computer. Last week I  uninstalled a bunch of softwares and deleated them.
One of them was called alarabeyes. I deleated it from control panel, but now I am facing problems with it. There is a browser hijacker in my computer. This website - alarabeyes connects to another websites such as arabysouq and some arabic websites. This browser hijacker loads a lot of ads into every website and no solution can fix it. Also this alarabeyes appear to be a default search engine set on my chrome- it says it is done by the developer. Now the problem is I never made that change, and I cant remove it fully. I downloaded 
Spyware Remover 4 by Enigma Software. But however enigma software could detect the alarabeyes but it requires to be paid. 
It also says I have 576 spyware's and adware's. I want a free version, not a paid one like spyware remover by enigma software.
Anybody know a reliable software 100% free? I would be delighted. But for fact is only acts on my google chrome. It doesn't happen on my opera browser, maybe because I use a custom VPN extension on it. Please help on this chrome issue as it is my only reliable web browser. Thanks a lot. 
Please help as soon as possible as this adware is proving to be difficult for my computer to function.
Thanks A lot, Seranok.

Edit: Topic moved from Windows 7 to AII ~ Computerxpds

Edited by computerxpds, 26 March 2015 - 06:52 AM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 26 March 2015 - 06:52 AM

Hi Seranok :)

I'll help you get rid of this browser hijacker and the ads you're having.

3Al62Pm.pngMiniToolBox

  • Download MiniToolBox and move the executable file to your Desktop;
  • Execute MiniToolBox and check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List Installed Programs;
    • List Last 10 Event Viewer Errors;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      ZrlQbFb.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Guest_Seranok_*

Guest_Seranok_*

  • Guests
  • OFFLINE
  •  

Posted 27 March 2015 - 06:50 AM

Hey man, thanks for the reply. And yes, here's the result: It goes like this.

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Seranok (administrator) on 27-03-2015 at 14:47:10
Running from "C:\Users\ Seranok \Downloads"
Microsoft Windows 7 Home Basic  Service Pack 1 (X64)
Model: Inspiron N5110 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7B%20var%20lhost%2C%20localIpAddresses%2C%20localDomains%2C%20ipNotation%2C%20i%3B%20function%20isPlainHostNameEx()%20%7B%20return%20!(!!~lhost.indexOf('.')%20%7C%7C%20!!~lhost.indexOf('%3A'))%3B%20%7D%20lhost%20%3D%20host.toLowerCase()%3B%20ipNotation%20%3D%20%2F%5E%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%24%2Fg%3B%20localIpAddresses%20%3D%20%5B'127.0.0.1'%2C'10.*.*.*'%2C'172.1%5B6-9%5D.*.*'%2C'172.2%5B1-9%5D.*.*'%2C'172.3%5B0-1%5D.*.*'%2C'192.168.*.*'%5D%3B%20localDomains%20%3D%20%5B'zeus.pm'%2C'zenguard.biz'%2C'local'%2C'dev'%2C'ip'%2C'box'%2C'lvh.me'%2C'ripe'%2C'invalid'%2C'intra'%2C'intranet'%2C'onion'%2C'vcap.me'%2C'127.0.0.1.xip.io'%2C'smackaho.st'%2C'localtest.me'%2C'site'%5D%3B%20if%20(isPlainHostNameEx())%20%7B%20return%20'DIRECT'%3B%20%7D%20if%20(ipNotation.test(lhost))%20%7B%20for%20(i%20%3D%200%3B%20i%20%3C%20localIpAddresses.length%3B%20i%2B%2B)%20%7B%20if%20(shExpMatch(lhost%2C%20localIpAddresses%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20%7D%20for%20(i%20%3D%200%3B%20i%20%3C%20localDomains.length%3B%20i%2B%2B)%20%7B%20if%20(dnsDomainIs(lhost%2C%20localDomains%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20return%20'PROXY%20127.0.0.1%3A54281'%3B%20%7D%20%2F*ZenMate*%2F"
"network.proxy.type", 2
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
 
 
=========================== Installed Programs ============================
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.60 - Google Inc.)
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.10.0.0136 - Intel Corporation) Hidden
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® Wireless Bluetooth®(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.10.0.0307 - Intel Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.7.0205.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
 
========================= Devices: ================================
 
Name: IDMWFP
Description: IDMWFP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: IDMWFP
Device ID: ROOT\LEGACY_IDMWFP\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: BTHENUM\{8CA1BDA0-7238-11E0-A1F0-0800200C9A66}_VID&00020FCE_PID&0195\8&23E620C6&0&A0E453186E99_C00000000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: BTHENUM\{8E780202-0000-1000-8000-00805F9B34FB}_VID&00020FCE_PID&0195\8&23E620C6&0&A0E453186E99_C00000000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Device ID: PCI\VEN_104C&DEV_8241&SUBSYS_04B01028&REV_02\080028000020000000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Device ID: BTHENUM\{BAED26A3-23B2-4379-9445-CB8B63E3C561}_VID&00020FCE_PID&0195\8&23E620C6&0&A0E453186E99_C00000000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SPDRIVER_1.37.0.1361
Description: SPDRIVER_1.37.0.1361
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SPDRIVER_1.37.0.1361
Device ID: ROOT\LEGACY_SPDRIVER_1.37.0.1361\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Device ID: PCI\VEN_10DE&DEV_0BEA&SUBSYS_04CA1028&REV_A1\4&8951BBD&0&0108
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 54%
Total physical RAM: 4002.05 MB
Available physical RAM: 1833.03 MB
Total Pagefile: 8002.28 MB
Available Pagefile: 5661.12 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.12 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:250.82 GB) (Free:201.47 GB) NTFS
3 Drive e: (Data) (Fixed) (Total:195.31 GB) (Free:176.99 GB) NTFS
4 Drive y: (Recovery) (Fixed) (Total:19.53 GB) (Free:9.69 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\SeranokPC
 
Administrator            Seranok               Guest                    
UpdatusUser              
 
 
**** End of log ****


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 27 March 2015 - 07:34 AM

Alright that's good. We'll take care of the drivers once we're done with that Adware removal. Moving up.

zcMPezJ.pngAdwCleaner - Scan Mode
  • Download AdwCleaner and move it to your Desktop;
  • Execute AdwCleaner, accept the EULA (I accept) then click on Scan;
    3MMtYxm.png
    Credits : MalwareExperts.com
  • Let the scan complete. Once it's done, click on the Report button to open the scan log;
  • Please copy/paste the content of the output log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware
  • Download and install the free version of Malwarebytes Anti-Malware
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
    qzzve4l.png
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Scan Now;
    hGu13yR.png
  • Let the scan run, it can take 1 to 45 minutes depending of your system, even longer.
    kbKBhQ3.png
  • Once the scan is complete, click on "View detailled log" in the green zone, and the Scan log will open;
  • From there, click on the Copy to Clipboard button, paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Guest_Seranok_*

Guest_Seranok_*

  • Guests
  • OFFLINE
  •  

Posted 28 March 2015 - 12:59 AM

As for the adware, my trial for Malwarebytes Anti-Malware was over by Februvary 2014.  :unsure:
Plus I have used herdProtect and SUPERAntiSpywares from this website.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA

Posted 28 March 2015 - 06:44 AM

my trial for Malwarebytes Anti-Malware was over by Februvary 2014.


When the limited time period expires the real-time protection component features will be deactivated and locked AND Malwarebytes will notify you with a "Trial Expired" message. Enabling the Protection Module feature again requires registration and purchase of a license key. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 28 March 2015 - 08:10 AM

Let me know when you have these scan logs I asked Seranok :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Guest_Seranok_*

Guest_Seranok_*

  • Guests
  • OFFLINE
  •  

Posted 28 March 2015 - 03:40 PM

Hey Aura, Thanks for all this support. However I must tell you that the name of the computer is set in my personal name and Im changing it and making it seranok. Hope that's not a problem in the result.

 

 

 

Result From AdwCleaner:

# AdwCleaner v4.113 - Logfile created 28/03/2015 at 23:03:16

# Updated 22/03/2015 by Xplode
# Database : 2015-03-28.1 [Server]
# Operating system : Windows 7 Home Basic Service Pack 1 (x64)
# Username : Seranok - SeranokPC
# Running from : C:\Users\Seranok\Downloads\AdwCleaner (2).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Seranok\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v42.0.2311.60
 
 
-\\ Comodo Dragon v
 
 
-\\ Opera v28.0.1750.48
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [1430 bytes] - [28/03/2015 08:59:24]
AdwCleaner[R1].txt - [1101 bytes] - [28/03/2015 23:00:02]
AdwCleaner[S0].txt - [1474 bytes] - [28/03/2015 09:03:09]
AdwCleaner[S1].txt - [1044 bytes] - [28/03/2015 23:03:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1103  bytes] ##########
 
 
 
Result From MalwareBytes Malware Removal:
Please go the link and you can see it's detailed report.It's a screenshot of the page.
 


#9 Guest_Seranok_*

Guest_Seranok_*

  • Guests
  • OFFLINE
  •  

Posted 29 March 2015 - 07:12 AM

Also Aura, please note that I have run multiple anti-viruses, did 5 hour full scan(By Microsoft Security Essentials) and did a scan with SUPERAntiSpyware, all definitions updated. Yet the website - alarabeyes open up whenever I open a new tab and Two "X" marks open up in all websites, When I click the "X" button it redirects me to a website with advertisement. Please help asap. I also tried reinstalling Chrome 3 times.

Screenshots:

http://prntscr.com/6msjf0 - The website screenshot, please dont go to the original link as it may give you browser hijacking.

http://prntscr.com/6mskpt - As you can see the search is dominated by arabyonline and says it's set up adminstrator, even though I changed it in properties.

http://prntscr.com/6msm5b - I have 2 adblock's enabled. Plus and Pro. However whenever I google something, this ad appears. I'm pretty sure this alarabeyes is the reason.

 

Thanks a lot.


Edited by Seranok, 29 March 2015 - 07:15 AM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA

Posted 29 March 2015 - 07:52 AM

One characteristic of PUPs and other junkware is that they insert themselves (components) into various areas throughout a computer's operation system to include browsers, hidden folders and windows registry making it more difficult to remove.

Use of adware security cleaning scanners, uninstalling and reinstalling your browser may not resolve all issues related to browser/search engine hijackers, toolbars, add-ons, and other junkware. Why? Uninstalling does not completely remove all files and folders. User Profiles are generally not removed during a typical uninstall. Thus, reinstalling does not change the existing User Profile where some browser settings may have been modified so they are automatically restored after the reinstall. That means you may still have some symptoms of browser hijacking afterwards.

In some cases the only viable solution is to create a new user profile in your browser and delete the old one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Guest_Seranok_*

Guest_Seranok_*

  • Guests
  • OFFLINE
  •  

Posted 29 March 2015 - 08:05 AM

Ah yes,

Thanks a lot. It's fixed and it works well as before. Just gotta add some extensions.

Thanks a lot Aura and Quietman7. It works.

But wait...

After the first option, it is back again.


Edited by Seranok, 29 March 2015 - 08:14 AM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:31 AM

Posted 29 March 2015 - 08:15 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 29 March 2015 - 09:28 AM

Alright Seranok, let's continue.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Execute JRT, press on a key and let it complete its scan;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Guest_Seranok_*

Guest_Seranok_*

  • Guests
  • OFFLINE
  •  

Posted 29 March 2015 - 03:24 PM

Here it is:

It is still appearing and I don't know what to do. I changed user data and other things. but yet I need help.

Screenshots:

http://prntscr.com/6msjf0 - The website screenshot, please dont go to the original link as it may give you browser hijacking.

http://prntscr.com/6mskpt - As you can see the search is dominated by arabyonline and says it's set up adminstrator, even though I changed it in properties.

http://prntscr.com/6msm5b - I have 2 adblock's enabled. Plus and Pro. However whenever I google something, this ad appears. I'm pretty sure this alarabeyes is the reason.

However, here is the Junkware Removal Program's Result:

 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.7 (03.28.2015:1)
OS: Windows 7 Home Basic x64
Ran by Seranok on 29-Mar-15 at 23:14:41.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29-Mar-15 at 23:19:24.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 29 March 2015 - 04:26 PM

Can you screenshot your Extensions page for me? I want to see which extensions you have installed.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users