Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi I'm infected but I don't know what to do.


  • Please log in to reply
9 replies to this topic

#1 WolfDesigns

WolfDesigns

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 28 September 2015 - 03:59 PM

I noticed these search engines after I download a file from a friend. I deleted the file but they keep coming back. Please help. OptYhPd.png



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:13 AM

Posted 28 September 2015 - 04:08 PM

Hello and welcome to BC,

 

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

 

§  Double-click mbam-setup-2.x.x.xxxx.exe and follow the prompts to install the program.

§  At the end, be sure a checkmark is placed next to the following:
 

o    Launch Malwarebytes Anti-Malware

o    A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

 

§  Click Finish.

§  On the Dashboard, click the 'Update Now >>' link

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the 'Scan Now >>' button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.


If you already have MBAM 2.0 installed:
 

§  On the Dashboard, click the 'Update Now >>' link.

§  After the update completes, on Settings tab, set under Detection and Protection next options: 

1. 'Scan for rootkits'

2. Non-Malware Protection, for 'PUP detections', check, 'Threat detections as malware' option.

§  Return to Dashboard, click the Scan Now >> button.

§  A Threat Scan will begin.

§  When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

§  In most cases, a restart will be required.

§  Wait for the prompt to restart the computer to appear, than click on Yes.

§  After the restart once you are back at your desktop, open MBAM once more.

§  Click on the History tab > Application Logs.

§  Double click on the Scan Log which shows the Date and time of the scan just performed.

§  Click 'Export'.

§  Click 'Copy to Clipboard'

§  Paste the contents of the clipboard into your reply.

-------------

 

Please download AdwCleaner by Xplode onto your desktop.

§  Close all open programs and internet browsers.

§  Double click on adwcleaner.exe to run the tool.

§  In EULA window click I agree.

§  In Options uncheck Reset Winsock settings.

§  Click on Scan button.

§  When the scan has finished click on Cleaning button.

§  Your computer will be rebooted automatically. A text file will open after the restart.

§  Please post the contents of that logfile with your next reply.

§  You can find the logfile at C:\AdwCleaner[C1].txt as well.

-------------

 

Please download Junkware Removal Tool  to your desktop.

§  Shut down your protection software now to avoid potential conflicts.

§  Run the tool by double-clicking it. If you are using Windows Vista, 7, 8 or 10; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

§  The tool will open and start scanning your system.

§  Please be patient as this can take a while to complete depending on your system's specifications.

§  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

§  Post the contents of JRT.txt into your next message.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 WolfDesigns

WolfDesigns
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 28 September 2015 - 06:54 PM

Sorry for the long wait I wasnt expecting a fast reply I scanned my thing with Mbam repeatedly then did what was instructed.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/28/2015
Scan Time: 6:43 PM
Logfile: ww.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.28.07
Rootkit Database: v2015.09.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Eriel
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365236
Time Elapsed: 19 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.GoSearchMe, HKU\S-1-5-21-1009248047-3088562242-3540794901-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}, Quarantined, [202745f01a71fe38a299c626867ca858], 
PUP.Optional.GoSearchMe, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}, Quarantined, [202745f01a71fe38a299c626867ca858], 
 
Registry Values: 2
PUP.Optional.ProtectedIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}|URL, https://search.protectedio.com/search.php/?q={searchTerms}&u=36d8791abb5cfd0255a25f35b9d2513f&c=p1&src=srch&inst=1443476425, Quarantined, [d077c66f2b606fc7b00c478951b3e21e]
PUP.Optional.ProtectedIO, HKU\S-1-5-21-1009248047-3088562242-3540794901-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}|URL, https://search.protectedio.com/search.php/?q={searchTerms}&u=36d8791abb5cfd0255a25f35b9d2513f&c=p1&src=srch&inst=1443476425, Quarantined, [dd6a7fb60c7f0234cbf0349c3ec6e41c]
 
Registry Data: 1
PUP.Optional.ProtectedIO, HKU\S-1-5-21-1009248047-3088562242-3540794901-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.protectedio.com/?u=36d8791abb5cfd0255a25f35b9d2513f&c=p1&src=hp&inst=1443476425, Good: (http://www.google.com), Bad: (https://search.protectedio.com/?u=36d8791abb5cfd0255a25f35b9d2513f&c=p1&src=hp&inst=1443476425),Replaced,[2e19ec492a61ff37929b1666c243af51]
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/28/2015
Scan Time: 5:23 PM
Logfile: wwwww.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.06.03.03
Rootkit Database: v2015.09.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Eriel
 
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 70574
Time Elapsed: 6 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.GoSearchMe.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}, No Action By User, [d8776c4adbafb185e9bdb8e95ea5718f], 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/28/2015
Scan Time: 5:30 PM
Logfile: w.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.28.07
Rootkit Database: v2015.09.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Eriel
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365765
Time Elapsed: 17 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.GoSearchMe, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}, Quarantined, [67e09b9af299ce6822197676f80a02fe], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
(end)
# AdwCleaner v5.009 - Logfile created 28/09/2015 at 19:35:24
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Eriel - ERIEL-PC
# Running from : C:\Users\Eriel\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\5677AE2EB8F6A7F135D41D4C8A0BECCE
[-] Folder Deleted : C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage
[-] File Deleted : C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage-journal
[-] File Deleted : C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Win Updater
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
[-] Key Deleted : HKLM\SOFTWARE\SecureWeb
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : shutterstock.com
[-] [C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : feed.snap.do
[-] [C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.snap.do
[-] [C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.tb.ask.com
[-] [C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : kbfnbcaeplbcioakkpcpgfkobkghlhen
[-] [C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mfhnkgpdlogbknkhlgdjlejeljbhflim
[-] [C:\Users\Eriel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=I9DF02DEE-BF8E-40F0-9C46-D50ACBE8551E&SearchSource=55&CUI=&UM=8&UP=SP4A5803A0-6E6B-4B43-A5D0-49074A45FD7E&SSPV=
 
*************************
 
 
*************************
 
C:\AdwCleaner[C1].txt - [2561 bytes] - [17/08/2015 19:32:44]
C:\AdwCleaner[C2].txt - [1189 bytes] - [17/08/2015 20:29:41]
C:\AdwCleaner[S2].txt - [23980 bytes] - [17/08/2015 19:30:10]
C:\AdwCleaner[S3].txt - [1023 bytes] - [17/08/2015 20:29:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3318 bytes] ##########


#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:13 AM

Posted 29 September 2015 - 01:41 AM

Do you have JRT log?

 

Do you still have problems?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#5 WolfDesigns

WolfDesigns
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 29 September 2015 - 04:29 AM

I dont know. How do I check.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 7 Professional x64
Ran by Eriel on Mon 09/28/2015 at 19:41:34.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\ProgramData\1443062892.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1443064885.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1443065503.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1443065526.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1443065619.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1443066401.bdinstall.bin
Successfully deleted: [File] C:\ProgramData\1443392064.bdinstall.bin
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files\reviversoft
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\getprivate vpn
Successfully deleted: [Folder] C:\ProgramData\reviversoft
Successfully deleted: [Folder] C:\Users\Eriel\AppData\Roaming\getprivate vpn
 
 
 
~~~ Chrome
 
 
[C:\Users\Eriel\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Eriel\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Eriel\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Eriel\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/28/2015 at 19:44:08.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:13 AM

Posted 29 September 2015 - 11:47 AM

 

I dont know. How do I check.

 

We have deleted search engines. So it should be fine now. 

 

Do you have some problems while browsing?


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#7 WolfDesigns

WolfDesigns
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 29 September 2015 - 08:53 PM

 

 

I dont know. How do I check.

 

We have deleted search engines. So it should be fine now. 

 

Do you have some problems while browsing?

 

Thanks they dont appear to be coming up



#8 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:13 AM

Posted 30 September 2015 - 01:11 AM

Great.

 

You can remove these tools and you can leave MBAM and use it periodically.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#9 WolfDesigns

WolfDesigns
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 30 September 2015 - 05:09 PM

Great.

 

You can remove these tools and you can leave MBAM and use it periodically.

Its back, I have no idea why... atleast the psearch one is back. Only that one. :mellow:


Edited by WolfDesigns, 30 September 2015 - 05:14 PM.


#10 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:08:13 AM

Posted 01 October 2015 - 01:31 AM

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
  • Click on Scan to be taken to the scan options. If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
  • Click on the Malware Scan button to start the scan.
  • When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop, and attach it to your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users