Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major Virus please help remove asap


  • Please log in to reply
7 replies to this topic

#1 xmyriadx

xmyriadx

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 11 September 2015 - 08:19 PM

downloaded Super C and now filled with virus.  please help remove and fix,  thank you!



BC AdBot (Login to Remove)

 


#2 BenjaminGordonT

BenjaminGordonT

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 11 September 2015 - 09:15 PM

Umm... Not sure what Super C is... Do you mean Super Contra? The game for the NES? If so then no wonder you got infected :/

 

I need details... Lots of details... Can you please explain exactly what you downloaded, exactly what happened, and exactly what is going on now so I can help you further...



#3 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 11 September 2015 - 09:24 PM

erightsoft super c.  it's a video code converter



#4 BenjaminGordonT

BenjaminGordonT

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 11 September 2015 - 09:48 PM

OK from what I have read Ereightsoft Open C bundles a piece of adware called OpenCandy with it's installations that can be very annoying... I'll assume you have adware since that was seems to be currently bundled with Super C and that is usually the most noticeable thing for people when they know they have a virus so here is what I need you to do:

 

Download and Run AdwCleaner

 

Click Scan and wait for it to finish scanning.

 

Once scanning is done then hit Clean and wait for it to finish cleaning

 

Once it has finished cleaning it will ask you to reboot to finish the process so do that...

 

When you reboot it will post a log of everything it has cleaned so post that in your next response

 

Also let me know if the problem is gone or not and I will instruct you further



#5 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 13 September 2015 - 02:25 AM

# AdwCleaner v5.007 - Logfile created 13/09/2015 at 00:18:37
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : John - JOHN-COMPUTER
# Running from : C:\Documents and Settings\John\My Documents\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
[-] Folder Deleted : C:\Documents and Settings\John\Local Settings\Application Data\globalUpdate
[-] Folder Deleted : C:\Program Files\globalUpdate
[-] Folder Deleted : C:\Program Files\SearchProtect
[-] Folder Deleted : C:\Program Files\FriendlyError
 
***** [ Files ] *****
 
[-] File Deleted : C:\Documents and Settings\John\Application Data\Microsoft\Internet Explorer\Quick Launch\BrowserAir.lnk
[-] File Deleted : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\5iq3nuk4.default-1433260771406\user.js
[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Smp
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Value Deleted : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\SmartWeb
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\DeskBar
[-] Key Deleted : HKCU\Software\PDFConvert
[-] Key Deleted : HKLM\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\DAILYPCCLEAN
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hades
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DocToPDFConverter
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperPro
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdater
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ASPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search module
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Hades
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DailyPCClean_is1
 
***** [ Web browsers ] *****
 
[-] [C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com_
[-] [C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www-searching.com
[-] [C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Documents and Settings\John\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?s=F9Cztutbl011,58f39f60-5dd9-4073-be79-13f7f64d9a43,
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6598 bytes] ##########
 


#6 BenjaminGordonT

BenjaminGordonT

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 13 September 2015 - 08:18 PM

Awesome! So how is your computer doing now?



#7 xmyriadx

xmyriadx
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 14 September 2015 - 04:38 PM

seems fine right now



#8 BenjaminGordonT

BenjaminGordonT

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:38 AM

Posted 14 September 2015 - 08:52 PM

Great!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users