Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware


  • Please log in to reply
11 replies to this topic

#1 aziz33

aziz33

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 25 July 2015 - 03:52 PM

i need help please 

malware keeps coming back

i looked at a lot of web pages and nothing helped

installed various malware cleaners and it still the same please help me !!!!!!!!


Edited by hamluis, 25 July 2015 - 04:39 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dicke

dicke

    Paraclete


  • Members
  • 2,189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:01:03 PM

Posted 25 July 2015 - 04:02 PM

I've requested a moderator move this thread to the am I infected forum where you can get the help you need to clean your system correctly.

 

Dick


Stay well and surf safe [stay protected]

Dick E


#3 aziz33

aziz33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 25 July 2015 - 05:02 PM

i'm new to this bleep



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 PM

Posted 25 July 2015 - 06:09 PM

Welcome Aziz... let's run these.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 aziz33

aziz33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 26 July 2015 - 07:08 AM

i've done everything you told me to

for now everything seems fine i hope the malware doesn't come back

thank you  :thumbup2:

shoud i send u the txt files ??



#6 aziz33

aziz33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 26 July 2015 - 07:15 AM

also i ran another check with adwarecleaner the same files appeared 

in the text log

shoud i be worried ???



#7 aziz33

aziz33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 28 July 2015 - 11:41 AM

hello ???



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 PM

Posted 28 July 2015 - 12:10 PM

Post the ADWcleaner log
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 aziz33

aziz33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 29 July 2015 - 09:20 AM

# AdwCleaner v4.208 - Rapport créé le 29/07/2015 à 16:18:07
# Mis à jour le 09/07/2015 par Xplode
# Base de données : 2015-07-26.2 [Serveur]
# Système d'exploitation : Windows 7 Professional Service Pack 1 (x64)
# Nom d'utilisateur : PCHP - PCHP-PC
# Exécuté depuis : C:\Users\PCHP\Downloads\AdwCleaner.exe
# Option : Scanner
 
***** [ Services ] *****
 
 
***** [ Fichiers / Dossiers ] *****
 
Dossier Trouvé : C:\Program Files (x86)\GreenTree Applications
Dossier Trouvé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Dossier Trouvé : C:\ProgramData\ParetoLogic
Dossier Trouvé : C:\ProgramData\ytd video downloader
Dossier Trouvé : C:\Users\PCHP\AppData\Roaming\ParetoLogic
Fichier Trouvé : C:\Users\Public\Desktop\YTD Video Downloader.lnk
 
***** [ Tâches planifiées ] *****
 
 
***** [ Raccourcis ] *****
 
 
***** [ Registre ] *****
 
Clé Trouvée : HKCU\Software\ParetoLogic
Clé Trouvée : [x64] HKCU\Software\ParetoLogic
Clé Trouvée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Clé Trouvée : HKLM\SOFTWARE\ParetoLogic
Clé Trouvée : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Clé Trouvée : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Clé Trouvée : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Clé Trouvée : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Clé Trouvée : [x64] HKLM\SOFTWARE\Reimage
 
***** [ Navigateurs ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Mozilla Firefox v25.0 (fr)
 
 
-\\ Google Chrome v44.0.2403.107
 
[C:\Users\PCHP\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Trouvée [Homepage] : hxxp://www.search.ask.com/?o=APN10646A&gct=hp&d=102-230&v=u9092-105&t=4
 
*************************
 
AdwCleaner[R0].txt - [1992 octets] - [08/07/2015 22:34:44]
AdwCleaner[R1].txt - [1113 octets] - [08/07/2015 23:20:08]
AdwCleaner[R2].txt - [1993 octets] - [21/07/2015 16:14:46]
AdwCleaner[R3].txt - [2045 octets] - [21/07/2015 19:14:31]
AdwCleaner[R4].txt - [1427 octets] - [21/07/2015 19:44:28]
AdwCleaner[R5].txt - [1547 octets] - [21/07/2015 19:54:00]
AdwCleaner[R6].txt - [2426 octets] - [25/07/2015 23:26:35]
AdwCleaner[R7].txt - [2504 octets] - [26/07/2015 12:05:13]
AdwCleaner[R8].txt - [2446 octets] - [26/07/2015 14:13:00]
AdwCleaner[R9].txt - [2402 octets] - [29/07/2015 16:18:07]
AdwCleaner[S0].txt - [2052 octets] - [08/07/2015 22:37:02]
AdwCleaner[S1].txt - [1178 octets] - [08/07/2015 23:21:04]
AdwCleaner[S2].txt - [2133 octets] - [21/07/2015 19:15:45]
AdwCleaner[S3].txt - [1491 octets] - [21/07/2015 19:46:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R9].txt - [2702 octets] ##########


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 PM

Posted 29 July 2015 - 01:49 PM

We need to remove those items....

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 aziz33

aziz33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 30 July 2015 - 03:24 AM

# AdwCleaner v4.208 - Rapport créé le 29/07/2015 à 18:58:33
# Mis à jour le 09/07/2015 par Xplode
# Base de données : 2015-07-09.2 [Locale]
# Système d'exploitation : Windows 7 Professional Service Pack 1 (x64)
# Nom d'utilisateur : PCHP - PCHP-PC
# Exécuté depuis : C:\Users\PCHP\Downloads\AdwCleaner-4.208.exe
# Option : Nettoyer
 
***** [ Services ] *****
 
 
***** [ Fichiers / Dossiers ] *****
 
Dossier Supprimé : C:\ProgramData\ParetoLogic
Dossier Supprimé : C:\Program Files (x86)\GreenTree Applications
Dossier Supprimé : C:\Users\PCHP\AppData\Roaming\ParetoLogic
 
***** [ Tâches planifiées ] *****
 
 
***** [ Raccourcis ] *****
 
 
***** [ Registre ] *****
 
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Clé Supprimée : HKCU\Software\ParetoLogic
Clé Supprimée : HKLM\SOFTWARE\ParetoLogic
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Clé Supprimée : [x64] HKLM\SOFTWARE\Reimage
 
***** [ Navigateurs ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Mozilla Firefox v25.0 (fr)
 
 
-\\ Google Chrome v44.0.2403.125
 
[C:\Users\PCHP\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Supprimée [Homepage] : hxxp://www.search.ask.com/?o=APN10646A&gct=hp&d=102-230&v=u9092-105&t=4
 
*************************
 
AdwCleaner[R0].txt - [1992 octets] - [08/07/2015 22:34:44]
AdwCleaner[R10].txt - [2998 octets] - [29/07/2015 18:57:46]
AdwCleaner[R1].txt - [1113 octets] - [08/07/2015 23:20:08]
AdwCleaner[R2].txt - [1993 octets] - [21/07/2015 16:14:46]
AdwCleaner[R3].txt - [2045 octets] - [21/07/2015 19:14:31]
AdwCleaner[R4].txt - [1427 octets] - [21/07/2015 19:44:28]
AdwCleaner[R5].txt - [1547 octets] - [21/07/2015 19:54:00]
AdwCleaner[R6].txt - [2426 octets] - [25/07/2015 23:26:35]
AdwCleaner[R7].txt - [2504 octets] - [26/07/2015 12:05:13]
AdwCleaner[R8].txt - [2446 octets] - [26/07/2015 14:13:00]
AdwCleaner[R9].txt - [2806 octets] - [29/07/2015 16:18:07]
AdwCleaner[S0].txt - [2052 octets] - [08/07/2015 22:37:02]
AdwCleaner[S1].txt - [1178 octets] - [08/07/2015 23:21:04]
AdwCleaner[S2].txt - [2133 octets] - [21/07/2015 19:15:45]
AdwCleaner[S3].txt - [1491 octets] - [21/07/2015 19:46:57]
AdwCleaner[S4].txt - [2873 octets] - [29/07/2015 18:58:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2933  octets] ##########


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 PM

Posted 30 July 2015 - 08:28 PM

Ok thanks, you did run ESET? If so how is it as you posted no logs.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users