Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't remove ads by Cloudscout


  • This topic is locked This topic is locked
12 replies to this topic

#1 speedkills20

speedkills20

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 06 April 2015 - 02:25 PM

Windows 8.1 x64. I've tried Windows Defenderarrow-10x10.png, Malwarebytes, Avast, Ad-Adware, Iobit, Adwcleaner and I'm still getting ad by CloudScout in Google Chrome. I also reinstalled Google Chrome.

 

FRST.txt and Addition.txt logarrow-10x10.png files attached. Rkill found no processes to stop. I also checked my DNS entries and it looks clean, I just see 192.168.1.1.

Attached Files


Edited by speedkills20, 06 April 2015 - 02:26 PM.


BC AdBot (Login to Remove)

 


#2 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:06 PM

Posted 07 April 2015 - 06:33 AM

Hi,
 
Welcome to the BleepingComputer Technical Support Forums! I am Black_Bird and I'll be assisting you during the malware removal process.
 

An important WARNING to all individuals reading this topic:
All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!
Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.

 
First I see there is no active anti-virus program on your PC!!!
Before we continue with any malware removal I want you to enable one of the installed anti-virus programs on your PC. Personally I would advise you to enable Avast! Anti-Virus and to remove Ad-Aware from your computer (multiple anti-virus programs can interfere with each other).

The same counts for your anti-spyware software: Personally - as you're using Malwarebytes' Anti-Malware - I'd like to advise you to uninstall Spybot S&D and IObit Malware Fighter.

When done, please do the following steps:

Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Please check the box next to "Addition.txt"
  • Click Scan.
  • It will create 2 logfiles (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste those into your reply.

Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#3 speedkills20

speedkills20
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 07 April 2015 - 05:12 PM

Avast and Malwarebytes are the only ones installed. I see Spybot search and destroy still showed in the report but it's been uninstalled completely. 

 

Addition.txt and FRST.txt are attached. 

 

Thanks for helping!

Attached Files



#4 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:06 PM

Posted 08 April 2015 - 03:05 AM

Hi,

1. We need to uninstall some programs from your computer.
  • Please go to Start > Control Panel.
  • In the window that opens ("Control Panel"), click Uninstall a program. A list containing all installed programs will open.
  • I advise you to delete the following programs/toolbars as they are marked as "Potentially Unwanted Programs" (PUPs). These programs often contain bundled spyware/adware or they're known for logging your activities.
    • Surfing Protection >> This program belongs to IObit. IObit software is known for it's bundled adware and spyware, as you can read here
  • Uninstall the following programs as they are (very) outdated:
    • Java 7 Update 60 >> You can download & install the latest version from Java.com once we finished all malware removal.
  • When done, please close all windows and reboot your PC.
2. Please go to Start > Computer.
  • Open the C:\Windows folder.
  • Double-click wininit.ini.
  • Copy/paste all contents of this file into a new text-file, and upload it as an attachment into your next reply.
3. Please download to your Desktop.
  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!
4. Download RKill and save it to your Desktop.
  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.
5. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.
6. Please remove fixlist.txt from your PC.

7. Please reboot your PC.

8. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
9. Please give me an update on your PC problems. Also please include the results from the following tools in your next reply:
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Farbar Recovery Scan Tool - regular scan

Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#5 speedkills20

speedkills20
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 08 April 2015 - 12:09 PM

There is no c:\windows\wininit.ini file on my computer. I searched the entire drive. No file with that name. 

 

Ads are still showing up. 

Attached Files



#6 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:06 PM

Posted 08 April 2015 - 12:58 PM

Hi,

 

1. Please download to your Desktop.

  • Please make sure to put fixlist.txt in the same location as where FRST.exe/FRST64.exe is located!


2. Download RKill and save it to your Desktop.
  • Right-click RKill.exe and select Run as Administrator....
  • If a Windows Security prompt shows up, please allow the program to start.
  • The program will start immediately with it's tasks. When the program has finished, a logfile will appear.
    Please copy the contents of this logfile in your next reply.


3. Start Farbar Recovery Scan Tool by right-clicking it and selecting Run as Administrator.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called fixlog.txt. Please include this logfile in your next reply.


4. Please remove fixlist.txt from your PC.

 

5. Download Malwarebytes' Anti-Malware and save it to your Desktop.
If you already got Malwarebytes' Anti-Malware installed on your computer, please go to step 5-A.



5-A. Start Malwarebytes' Anti-Malware.
  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).


6. Please reboot your PC if Malwarebytes' Anti-Malware didn't do it yet.

7. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.


8. Please give me an update on your PC problems. Also please include the results from the following tools in your next reply:
  • RKill
  • Farbar Recovery Scan Tool - using fixlist.txt
  • Farbar Recovery Scan Tool - regular scan


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#7 speedkills20

speedkills20
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 08 April 2015 - 04:53 PM

I carefully followed each step. Files are attachedarrow-10x10.png. Ads are you still showing up. 

Attached Files


Edited by speedkills20, 08 April 2015 - 04:53 PM.


#8 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:06 PM

Posted 08 April 2015 - 06:05 PM

Hi there,

 

Just for my information:

- Which browsers are you using and in which of them the ads show up?

- Can you try to add a screenshot of those adds to your next reply?

- Do you know since when the ad-related problems started to occur? Did you install a program at that moment?


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#9 speedkills20

speedkills20
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 08 April 2015 - 06:25 PM

Started on 4/5, I'm not really sure which programarrow-10x10.png caused it. It happens in Chrome and Canary and both have been reinstalled. IE does not have the problem. Screenshot attached. 

Attached Files



#10 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:06 PM

Posted 08 April 2015 - 07:25 PM

Hi there,

Actually I can see those links in your posts as well... I checked this with one of my colleagues and we're going to try something else.

1. We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process
    note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

2. Now please re-install Chrome and Canary. For Chrome, first uninstall the program using the Add/Remove Programs List, and when done, use the Google Software Removal Tool to clean up all left-overs from Google Chrome. Then restart, and install both browsers again.

3. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • Please also give me an update on your PC problems.

    Good luck! :)

Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#11 speedkills20

speedkills20
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 08 April 2015 - 08:22 PM

The Temp File Cleaner seemed to do the trick. I don't see any more ads. Thanks for the help!



#12 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:06 PM

Posted 09 April 2015 - 04:00 AM

Hi,

 

Please perform all steps and do a new scan with FRST please. It may be not all related files/registry entries were deleted.


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#13 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:06 PM

Posted 21 May 2015 - 05:54 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users