Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijacked by Adobe Reader


  • Please log in to reply
9 replies to this topic

#1 davurbach

davurbach

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 26 June 2015 - 02:56 PM

Every Program on my computer is trying to run with Adobe Reader, and the Adobe Reader window won't close. The only virus scanner I can use is Malwarebytes Chameleon, and it didn't find anything malicious. I used their link to come here 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:34 PM

Posted 26 June 2015 - 03:03 PM

Hello Dave

3Al62Pm.pngMiniToolBox
[list]
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Edited by boopme, 26 June 2015 - 03:03 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 davurbach

davurbach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 26 June 2015 - 03:19 PM

Just tried to download it. That is trying to run with Adobe Reader too.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:34 PM

Posted 26 June 2015 - 03:43 PM

Try from Safe Mode
 
How to start Windows in Safe Mode
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 davurbach

davurbach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 26 June 2015 - 08:23 PM

That doesn't work either



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:34 PM

Posted 26 June 2015 - 09:17 PM

Try running RKill.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista/Windows7, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 davurbach

davurbach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 26 June 2015 - 09:39 PM

Nothing I have to download will open now, but I got it to run from the Rkill web site. Here is the log;

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/26/2015 10:31:06 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 06/26/2015 10:31:33 PM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)


#8 Dragonlady24

Dragonlady24

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:09:34 PM

Posted 26 June 2015 - 10:55 PM

This sounds like you somehow associated all .exe files to open with adobe. Its not a virus, You can find the information on the adobe website https://forums.adobe.com/thread/647210

#9 davurbach

davurbach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 27 June 2015 - 02:02 PM

Edited the registry according to their instructions. That seemed to do the trick. Thanks for your help.



#10 Dragonlady24

Dragonlady24

  • Members
  • 703 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Fox Lake,WI
  • Local time:09:34 PM

Posted 28 June 2015 - 12:18 PM

No problem. I am glad to have found this resource that helped you. Also glad that it wasn't a virus.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users