Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

foxydeal.com & infostatsvc.com & others have appeared


  • This topic is locked This topic is locked
17 replies to this topic

#1 darkside1314

darkside1314

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 15 September 2015 - 02:29 PM

Hi All,

 

Just in last few days my system when using Google Chrome has been infected, Pop up windows and Malware bytes blocking websites constantly.

 

Using Window 7 Ultimate can anyone advise please?

 

Cheers In advance



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 AM

Posted 15 September 2015 - 05:49 PM

Hello darkside1314 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
-------------------------------------------------------------------------------------------------------------------------------

 

Please download DDS from either of these links
LINK 1
LINK 2
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

Use this software if the software does not work

http://www.bleepingcomputer.com/download/dds/

 

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt

Have a nice day.  :hello:

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 darkside1314

darkside1314
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 16 September 2015 - 02:36 AM

Thank you

 

As requested 

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 AM

Posted 16 September 2015 - 06:24 PM

Hi darkside1314,

 

Thank for the Logs.

 

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

--------------

 

Uninstalling a Program:

  • Click "start" on the taskbar and then click on the "Control Panel" icon.
  • Please double-click the "Add or Remove Programs" icon.
  • A list of programs installed will be "populated", this may take a bit of time.
  • If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Auslogics DiskDefrag
AVG PC TuneUp 2015
AVG Web TuneUp

Avg secure search

Mozilla Maintenance Service

============================================================

 

Please Chrome reset:

https://support.google.com/chrome/answer/3296214?hl=en

 

Firefox reset:

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer.

 

*************************************************************************************************************************************

 
Please be sure to run our tools with administrator rights.
 
ComboFix run:
 
* IMPORTANT : 1   Place ComboFix.exe on your Desktop
* IMPORTANT : 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 darkside1314

darkside1314
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 17 September 2015 - 03:46 AM

Thank you for your help.

 

Noticed that you stated i have utorrent installed, this isnt showing up on the add/remove programs list, and i have no knowledge of this ever being installed .

 

I couldnt find the reset firefox button as well

 

I have followed all of your steps to the letter.


Edited by darkside1314, 17 September 2015 - 03:47 AM.


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 AM

Posted 17 September 2015 - 11:56 AM

Please send ComboFix log.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 darkside1314

darkside1314
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 17 September 2015 - 01:18 PM

Please send ComboFix log.

 

 

Hi no ComboFix log appeared on Desktop



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 AM

Posted 17 September 2015 - 03:09 PM

C: \ ComboFix.txt  can be in address. Please see.

 

If you cannot still find, run again.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 darkside1314

darkside1314
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 17 September 2015 - 03:14 PM

C: \ ComboFix.txt  can be in address. Please see.

 

If you cannot still find, run again.

 

Shall have to run again



#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 AM

Posted 17 September 2015 - 03:40 PM

Yes, please.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 darkside1314

darkside1314
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 17 September 2015 - 11:59 PM

As requested

Attached Files



#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 AM

Posted 18 September 2015 - 07:28 AM

Hi darkside1314,

 

Thank you.

 

Step 1:

 

:Run CFScript:
Please start by opening Notepad and copy/paste the text in the box into the window:

Folder::
c:\users\john\AppData\Roaming\AceWebExtension

DDS::   
uInternet Settings,ProxyOverride = *.local

FireFox::  
FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\nvf2wf8x.default\
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AceUpdater"=-
"AceStream"=-

Save it to your desktop as CFScript.txt
Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

 

Step 2:

 

Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingc...opic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear
Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;
emptyfolderscheck;delete
FFdefaults;
CHRdefaults;

ipconfig /flushdns;b

Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.
When the tool finishes, the zoek-results.log is opened in Notepad.

The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 darkside1314

darkside1314
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 19 September 2015 - 01:10 AM

As requested

Attached Files



#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:01 AM

Posted 19 September 2015 - 01:03 PM

Hi darkside1314, Thanks for the Logs.

 

Please do the following.

 

Step 1:

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Double-click mbam-setup-2.1.4.1018.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export.
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

Already installed:
Threat Scan

  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export.
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

Step 2:

 

Run Eset Online Scan

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

 

All browsers should be closed.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
  • Make sure that the option Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

How is the computer doing now? Please let me know

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 darkside1314

darkside1314
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 20 September 2015 - 01:40 PM

Files as requested are now attached

 

PC doing well just now, but chrome dissapeared after the last scans there

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users