Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BrowserModifier:Win32/KipodToolsCby infection


  • Please log in to reply
33 replies to this topic

#1 Patriciann

Patriciann

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 17 June 2015 - 10:30 PM

I ran Microsoft scanner and it indicated that my computer was infected with  BrowserModifier:Win32/KipodToolsCby  I’m using Windows Windows 8.1.  I picked up this virus possibly through a download of a free FLV downloader.  I first ran McAfee, that is on my system, and it found nothing.  Microsoft scanner indicated that 2 files were infected and that the infection was partially removed.  I have looked in System32 for the KipodToolsCby and it was not located.  I deleted all software that was not familiar to me and what I thought was possibly the cause of the infection.  I am including screen shots of what the IE browser looked like with the redirect for Google as well as a screen shot of Microsoft scanner results with the completion of the scan that had found 2 infected files and partially removed them.  What do you need to know to assist with the clean up?  This is the first infection, that I am aware of.  Thank you  I will include the screen shots later as needed.  Thanks



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 PM

Posted 18 June 2015 - 08:53 AM

Download and run wipe  and system ninja,

 

https://privacyroot.com/software/www/en/wipe.php

https://singularlabs.com/software/system-ninja/

 

Then.....

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.


Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

 

Reboot your machine and then follow the  instructions below.

 

Step 1: eScanAV.

 

Disable your antivirus prior to this scan.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Download the eScanAV Anti-Virus Toolkit (MWAV)
http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter

 

Source

http://www.escanav.com/english/content/products/downloadlink/downloadproduct.asp?pcode=MWAV
Save the file to your desktop.
Right click run as administrator.
A new icon will appear on your desktop.
Right click run as administrator on new icon.
Click on the update tab.
ZCDJtZN.png
Once you have updated the program, make sure the settings are the same as the picture below.
7DUFn5c.png
Once you have made sure the settings match the picture, hit the Scan & Clean button.
Upon scan completion, click View Log.
ApSVXsQ.png
Copy and paste entire log into your next reply.

Note: Reboot after you remove infections.

 

Step 2: Zemana

 

Run a full scan with Zemana antimalware.

http://www.zemana.us/product/zemana-antimalware/default.aspx

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply.

Note: Reboot after you remove infections.

 

 

Step 3: Junkware Removal Tool.
 
Please download Junkware Removal Tool and save it on your desktop.

Source

http://thisisudax.org/

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 4: Adware Cleaner.
 
Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 Patriciann

Patriciann
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 18 June 2015 - 06:28 PM

Okay.  I will do this.  Never have done any of this before so may be awhile.  I just hope nothing goes wrong.  Thanks



#4 Patriciann

Patriciann
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 18 June 2015 - 06:40 PM

When preparing to run Wipe it indicated that some items were left unchecked as the program was not being run in administration mode. Is this alright and am I good to select proceed?  I created a restore point in case I mess something up. 



#5 Patriciann

Patriciann
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 18 June 2015 - 06:53 PM

I downloaded Ninja and McAfee quarantined it after trying to block my downloading it after I over-road the blocked download attempt.  It is quarantined on my computer.. 



#6 Patriciann

Patriciann
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 18 June 2015 - 07:13 PM

Where did my follow up comments go?  Just a sec.  This page may not be loaded correctly.



#7 Patriciann

Patriciann
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 18 June 2015 - 07:20 PM

I'll check back later.  Thanks.



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 PM

Posted 18 June 2015 - 07:27 PM

Ninja program is safe, you can continue. :)



#9 Patriciann

Patriciann
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 19 June 2015 - 10:04 AM

Thanks.  Today is my 'Get to feel stupid' day as I could not find this posting and thought it had vanished.  I contacted a senior member of Bleepingcomputer for help and have sense had to apologize to this person and request they delete my second posting.  Oh fun - being a newbee to all of this - not!!  LOL 



#10 Patriciann

Patriciann
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 19 June 2015 - 10:08 AM

  • Okay people, it looks like I am making 'progress'.  It is the pits being 'new' to this but I suppose it is the 'learn by fire' that gets us to where we need to be at times. LOL  :-)  Thanks to all the help.


#11 Patriciann

Patriciann
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 19 June 2015 - 10:23 AM

Ninja would not complete the download and my McAfee quarantined it -- even after I over-road this and gave permission for the software to install on my system.  After doing this twice I then turned off the firewall and tried the download again.  McAfee did the same thing again.  Do I have to delete McAfee from my system or is the a way to effectively disengage it?  Also, could it be that the hijacker virus is doing this to the McAfee?  Oh geeze the confusion on this is painful. :-) 



#12 Patriciann

Patriciann
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 19 June 2015 - 10:27 AM

A popup just asked for a BBC code to Twitter?  Oh my, this can't be good. :-)


I would like to share screen shots with you but don't know how to upload an image to this.  How may I do this?  Thanks



#13 Patriciann

Patriciann
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 19 June 2015 - 10:46 AM

WooHoo - Ninja is successfully downloaded -- had to learn how to disengage the virus scanner as well as the firewall.  Whew!!!! 



#14 Patriciann

Patriciann
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 19 June 2015 - 11:14 AM

Running Ninja -- there is the program called "Safe Browser" that insisted I use it - is this a part of Ninja?  Thanks.  I'm using it and hope it is safe. 


Ninja 'Junk Scanner' is running.  I suppose this is correct?  



#15 Patriciann

Patriciann
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:California
  • Local time:09:59 PM

Posted 19 June 2015 - 11:17 AM

Does Ninja 'Junk Scanner' prompt me for the next step when complete?  It appears to be stuck or complete but is not prompting for further action?  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users