Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware: Filter Results


  • This topic is locked This topic is locked
7 replies to this topic

#1 cedlr

cedlr

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 15 July 2015 - 04:40 PM

Hello all,

 

I have an annoying problem with a virus that harass me with multiple commercial popups and i cannot get rid of it :-(

 

I tried numerous antispywares, antivir, and that thing is still there, stronger than ever !!!

 

May i have your help to get rid of it ? I attached some logs i had in that post.

 

Thanx by advance !

Attached Files


Edited by cedlr, 15 July 2015 - 04:57 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 PM

Posted 16 July 2015 - 09:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: Filter Results - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\xleshk8j.default\Extensions\{621b949b-df4c-4be6-99ce-72ca3c909971}.xpi [2015-06-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR Extension: (Avira Browser Safety) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-07-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
Task: C:\Windows\Tasks\Chromium.job => 0x01060100D15F70CF3957C64DB5268F5C7C855EBA460012010000000044440000200000000014730F000000000013040000208021DF07070002000E001700090006004A0300004F0043003A005C00550073006500720073005C00640065006C006C005C0041007000700044006100740061005C004C006F00630061006C005C004300680072006F006D00690075006D005C004100500050004C00490043007E0031005C003400350030003200340034007E0031002E0030005C0049004E005300540041004C007E0031005C0055004E0049004E00530054007E0031002E00450058004500000007002F0043006800650063006B00000000000500640065006C006C0000000000000008000000000000000000010030000000D3070400010000000000000000000900A00500003C0000000000000001000000010000000000000000000000
C:\Windows\Tasks\Chromium.job
C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\xleshk8j.default\Extensions\{621b949b-df4c-4be6-99ce-72ca3c909971}.xpi

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

How is the computer running now?

#3 cedlr

cedlr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 16 July 2015 - 12:24 PM

Hi, first thanx alot for your help Nasdaq !

Here is the log you asked attached to that reply.

 

I still have the same troubles, multiple ads popups, banner "Related Search by Filter Results"

Attached Files


Edited by cedlr, 16 July 2015 - 12:27 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 PM

Posted 16 July 2015 - 12:59 PM

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

How is it now?

#5 cedlr

cedlr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 16 July 2015 - 05:21 PM

Unfortunatly the malware is stil there :-(



#6 cedlr

cedlr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 17 July 2015 - 03:01 AM

I uninstalled Chrome and it seems to be fixed !!



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 PM

Posted 17 July 2015 - 07:19 AM

Good work it could have been compromised.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:13 PM

Posted 23 July 2015 - 08:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users