Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads by Sonic Train Popup Windows in Chrome


  • This topic is locked This topic is locked
6 replies to this topic

#1 Orestis_G

Orestis_G

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece
  • Local time:05:23 AM

Posted 15 November 2015 - 12:55 PM

Please find attached the FRST logs. The original description of the problem is the following:
 

 

A friend's PC (Windows 8.1) has been infected with a bunch of malware, which caused a lot of problems (no task manager, no command line, etc). The steps I have taken up to now, were these:

 

0) Uninstalled recently installed and/or suspicious software.

1) Tdsskiller: It removed a rootkit

2) Malwarebytes

3) Spybot S&D

4) Adwcleaner

5) HitmanPro
6) SpyHunter

 

All the other programs removed various other malware from the program, with SpyHunter (which btw I have found to be one of the more effective programs), removing the final two.

In addition, I have issued a browser reset to chrome, which is my friends browser of choice.
 

Despite all these actions, when I try to use chrome, for example by initiating a google search, a bunch of windows pop up, along with extra google advertised results, which have a border stating "Ads by Sonic Train". All the guides I have been able to find regarding "Ads by Sonic Train", do not apply, since they either mention anti - malware software I have already used, or steps that I have already taken.

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 AM

Posted 15 November 2015 - 01:57 PM

Hello Orestis_G, and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

Please Uninstall:

µTorrent
avast-browser-cleanup
Spybot - Search & Destroy

 

PC restart

-----------------------------------------------------------------

 

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   3.67KB   3 downloads   and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Edited by olgun52, 15 November 2015 - 02:01 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Orestis_G

Orestis_G
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece
  • Local time:05:23 AM

Posted 16 November 2015 - 03:24 AM

Sorry for the delay. I don't have physical access to the infected computer, so I had to do it all via Teamviewer (and at a convenient time for the owner).

 

Unfortunately I couldn't do all the preparation steps as you requested since I couldn't find Avast browser cleaner (it had probably been uninstalled at a previous time and left some traces). I had also uninstalled Spybot previously, as requested by another bleeping computer member, after my initial report of the infection.

 

Please find attached the logs. The adwCleaner one is S2 instead of S1, due to a previous run of the tool.

 

It appears that the problem has stopped (i.e. I see no Sonic train ads in Chrome anymore). From a quick look at the logs, it seems that JRT was the one that did the trick...

 

Teşekkür ederim

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 AM

Posted 16 November 2015 - 03:29 PM

Hi Orestis_G,
 
Teşekkür ederim :thumbup2:

 

είστε ευπρόσδεκτοι, γείτονας
 
Step1:
Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingc...opic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear

Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;
emptyfolderscheck;delete
iedefaults;
FFdefaults;
CHRdefaults;
ipconfig /flushdns;b

Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Step2:
Emsisoft Emergency Kit Scan

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Orestis_G

Orestis_G
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece
  • Local time:05:23 AM

Posted 17 November 2015 - 04:41 AM

Hello Yılmaz,

 

As I mentioned before, I don't have physical access to the computer and it is a bit tricky to find a convenient time for both me and the owner to continue the troubleshooting process, so since the Sonic Train adware appears to have been cleaned, I will put the process on hold, unless the owner contacts me again.

 

Thanks for all your time and effort.



#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 AM

Posted 17 November 2015 - 11:51 AM

5 days I do not get answers,i close the topic. Ok !


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:23 AM

Posted 24 November 2015 - 07:52 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users