Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

So what now


  • Please log in to reply
35 replies to this topic

#1 Pestyone

Pestyone

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 08 April 2015 - 11:07 PM

Ok keep getting pop- up virus alert spam from - Http//Fb.surveydonkey.com - and can t get rid of it yet.

 

Tried malwarebytes and superantispywear and they can t find a bloody thing; so any ideas how I get rid of these spam / alerts ? ?

 

I have to use Ctrl / alt / and del to end Internet explorer to end the spam then re start : ( 

 

So need the help to trash the spam . .



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 09 April 2015 - 08:40 AM

Step 1: eScanAV.

 

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.
Note: Reboot if needed to remove infections.

 

Step 2: ZHP Cleaner.

 

Download and save ZHP Cleaner to your desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/

Right Click and run as administrator.

Click on the Repair button.

At the end of the process you will be asked to reboot your machine.

After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 

 

Tell me how things are if you have any issues let us know. :)


Edited by InadequateInfirmity, 09 April 2015 - 04:37 PM.


#3 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 09 April 2015 - 02:55 PM

Ok getting Error 404 with the first link so trying the second and the Pop up red alert happens random; 1/2x a day or every other day :  (



#4 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 09 April 2015 - 02:57 PM

Ok this is not good 2nd link is not in English so not going their  :  )



#5 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 09 April 2015 - 03:07 PM

Ok see if things can get speeded up a bit; heres the junkware log  : )

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 8.1 x64
Ran by Pestyone on Thu 04/09/2015 at 15:59:15.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\SMARTTOOLBARREMOVER.EXE-D2319FAA.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERBOOSTER.EXE-96C4BAB3.pf

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Pestyone\appdata\local\free youtube downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/09/2015 at 16:01:54.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 09 April 2015 - 04:35 PM

Second link click on the pic illustrated below,

 

MVQg32U.png

 

Also The Esan tool is here.

http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter


Edited by InadequateInfirmity, 09 April 2015 - 04:36 PM.


#7 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 09 April 2015 - 11:01 PM

Ok running the MWAv  its taking for ever yuk so whats next after that ?



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 09 April 2015 - 11:04 PM

Then you run ZHP cleaner and malwarebytes and tell me how things are running, based on your comments then we will go to next steps...

 

ZHP cleaner the page is in french but the actual program is in english, I have found it to be very effective to remove many browser hijackers such as your situation...

 

 

 

Download Malwrebytes from the link below.
https://www.malwarebytes.org/
Select update.
jBVKBI0.png
Then Select Scan Now.
js1M2HF.png
Once the scan is completed.
Remove anything found.
Then go to the History tab.
Then go to the application logs.
Then go to scan log.
Export.
Copy to clipboard.
Post it here in your next reply.

 



#9 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 09 April 2015 - 11:22 PM

Ok the e Scan is taking for ever so giving up on that for now and posting this;  MWB and superantispy wear find nothing but can post logs as for error alert and the siren going off  it comes and goes been  here 2x today ho hum.      Seeing how this alert and pop up error and the link

doesn't ring any bells here; will try to get a screen shot posted if not locked out;  maybe seeing it will ring a bell somewhere . .  Hoping its

not to big to post here  :  (

 

 

 

# AdwCleaner v4.201 - Logfile created 10/04/2015 at 00:08:41
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Pestyone - LOSTSOUL
# Running from : C:\Users\Pestyone\AppData\Local\Microsoft\Windows\INetCache\IE\CRBZ24SI\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\GreenTree Applications
File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk
File Deleted : C:\Users\Pestyone\Desktop\YTD Video Downloader.lnk

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKCU\Software\Smart PC Solutions
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [1257 bytes] - [08/04/2015 18:59:28]
AdwCleaner[R1].txt - [1346 bytes] - [09/04/2015 00:11:43]
AdwCleaner[R2].txt - [1485 bytes] - [10/04/2015 00:05:45]
AdwCleaner[S0].txt - [1305 bytes] - [08/04/2015 19:01:05]
AdwCleaner[S1].txt - [1378 bytes] - [09/04/2015 00:13:06]
AdwCleaner[S2].txt - [1326 bytes] - [10/04/2015 00:08:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1385  bytes] ##########



#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 09 April 2015 - 11:24 PM

It not that it is not ringing any bells, you need to finish the scans I suggested. We will move from there.



#11 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 09 April 2015 - 11:25 PM

Will google for English version don t need the French style   :  (



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 09 April 2015 - 11:28 PM

The link is english version.


Also you say

"Ok the e Scan is taking for ever so giving up on that for now"

 

are you telling me you stopped the scan?



#13 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 09 April 2015 - 11:34 PM

Yes stopped the e scan crap and the French one no idea what gets clicked on to down;  will try the e scan tomorrow and post MwB and super

 

antispywear logs tomorrow ;  I'll have more patience . . 

 

So any other ideas  ?  ?



#14 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 09 April 2015 - 11:37 PM

So any other ideas  ?  ?

 

Yeah, run the scans I suggested.



#15 Pestyone

Pestyone
  • Topic Starter

  • Members
  • 315 posts
  • OFFLINE
  •  
  • Local time:05:28 PM

Posted 10 April 2015 - 12:03 AM

Yeah yeah run M W B  then  Superantispy wear  then if I have the patience run the pokey e scan thingy and dump the frenchy  one .

 

Any other ideas for now  .  .






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users