Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove in address bar - http://tracking.vcommission.com/aff_c?


  • This topic is locked This topic is locked
8 replies to this topic

#1 Pranesh

Pranesh

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 07 December 2015 - 10:30 AM

As I read previous thread on the same topic, 

 

https://forums.techguy.org/threads/unwanted-advertisements-by-ad-private.1156360/

 

downloaded the appropriate version of Farbar Recovery Scan Tool (FRST.exe)

 

attached the logs. Please someone help me to remove this crap virus. Its eating my mind.

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 PM

Posted 08 December 2015 - 11:41 AM

:welcome:

Hello Pranesh,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic ‘til you get the “all clean” post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Pranesh

Pranesh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 09 December 2015 - 02:01 AM

Thanks Jo, for your response. 

 

But I am unable to download the tools what you have mentioned above. Both the below links aren't working good.

 

http://screen317.spywareinfoforum.org/

http://screen317.spywareinfoforum.org/SecurityCheck.exe

 

 

[Fiddler] The socket connection to screen317.spywareinfoforum.org failed. 
ErrorCode: 10060. 
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 198.177.118.52:80

 

 

Do I have any other way to get the tool?

 

Thanks



#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 PM

Posted 09 December 2015 - 02:51 AM

Hello Pranesh,

the links work - try it with using Internet Explorer.
Download Security Check by screen317 from here
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
C:\Program Files\SSFK.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2731419755-2940536757-916724366-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2731419755-2940536757-916724366-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [eclkcpbjjlpncalijmdmacomclegpdio] - C:\Users\TomC\AppData\Local\CRE\eclkcpbjjlpncalijmdmacomclegpdio.crx <not found>
CHR HKLM\...\Chrome\Extension: [jndeiekmdhemaggmkgljlpdeaomeplbp] - C:\Users\TomC\AppData\Local\CRE\jndeiekmdhemaggmkgljlpdeaomeplbp.crx <not found>
CHR HKU\S-1-5-21-2731419755-2940536757-916724366-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eclkcpbjjlpncalijmdmacomclegpdio] - C:\Users\TomC\AppData\Local\CRE\eclkcpbjjlpncalijmdmacomclegpdio.crx <not found>
CHR HKU\S-1-5-21-2731419755-2940536757-916724366-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jndeiekmdhemaggmkgljlpdeaomeplbp] - C:\Users\TomC\AppData\Local\CRE\jndeiekmdhemaggmkgljlpdeaomeplbp.crx <not found>
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfd.sys [X]
S3 SWVNIC; \SystemRoot\system32\DRIVERS\swvnic.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva-6.sys [X]
S3 ztemtusbser; \SystemRoot\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Task: {5D760F15-010F-4C3F-AB1D-1F7BCF27AC72} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exeK/schedule /profile c:\programdata\bettersoft\optimizerpro\3036567561.ini <==== ATTENTION
C:\ProgramData\BetterSoft\OptimizerPro
end

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.



***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Edited by Jo*, 09 December 2015 - 03:14 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Pranesh

Pranesh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 09 December 2015 - 11:01 PM

Thank you very much Jo :) It worked just like that. Thanks a ton  :guitar:

 

Now, my browsers are working as good as expected. 

 

Logs are below

-------------------

 

Fixlog.txt 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:09-12-2015

Ran by TomC (2015-12-10 09:16:54) Run:1
Running from C:\Users\TomC\Desktop
Loaded Profiles: TomC (Available Profiles: TomC)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
C:\Program Files\SSFK.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2731419755-2940536757-916724366-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2731419755-2940536757-916724366-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [eclkcpbjjlpncalijmdmacomclegpdio] - C:\Users\TomC\AppData\Local\CRE\eclkcpbjjlpncalijmdmacomclegpdio.crx <not found>
CHR HKLM\...\Chrome\Extension: [jndeiekmdhemaggmkgljlpdeaomeplbp] - C:\Users\TomC\AppData\Local\CRE\jndeiekmdhemaggmkgljlpdeaomeplbp.crx <not found>
CHR HKU\S-1-5-21-2731419755-2940536757-916724366-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eclkcpbjjlpncalijmdmacomclegpdio] - C:\Users\TomC\AppData\Local\CRE\eclkcpbjjlpncalijmdmacomclegpdio.crx <not found>
CHR HKU\S-1-5-21-2731419755-2940536757-916724366-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jndeiekmdhemaggmkgljlpdeaomeplbp] - C:\Users\TomC\AppData\Local\CRE\jndeiekmdhemaggmkgljlpdeaomeplbp.crx <not found>
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 pccsmcfd; \SystemRoot\system32\DRIVERS\pccsmcfd.sys [X]
S3 SWVNIC; \SystemRoot\system32\DRIVERS\swvnic.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva-6.sys [X]
S3 ztemtusbser; \SystemRoot\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Task: {5D760F15-010F-4C3F-AB1D-1F7BCF27AC72} - System32\Tasks\schedule!3036567561 => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exeK/schedule /profile c:\programdata\bettersoft\optimizerpro\3036567561.ini <==== ATTENTION
C:\ProgramData\BetterSoft\OptimizerPro
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\SSFK.exe => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKU\S-1-5-21-2731419755-2940536757-916724366-1001\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => key removed successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-2731419755-2940536757-916724366-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\eclkcpbjjlpncalijmdmacomclegpdio" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp" => key removed successfully.
"HKU\S-1-5-21-2731419755-2940536757-916724366-1001\SOFTWARE\Google\Chrome\Extensions\eclkcpbjjlpncalijmdmacomclegpdio" => key removed successfully.
"HKU\S-1-5-21-2731419755-2940536757-916724366-1001\SOFTWARE\Google\Chrome\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp" => key removed successfully.
BAPIDRV => service removed successfully.
pccsmcfd => service removed successfully.
SWVNIC => service removed successfully.
VMnetAdapter => service removed successfully.
vpnva => service removed successfully.
ztemtusbser => service removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D760F15-010F-4C3F-AB1D-1F7BCF27AC72}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D760F15-010F-4C3F-AB1D-1F7BCF27AC72}" => key removed successfully.
C:\Windows\System32\Tasks\schedule!3036567561 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\schedule!3036567561" => key removed successfully.
C:\Windows\Tasks\schedule!3036567561.job => moved successfully
"C:\ProgramData\BetterSoft\OptimizerPro" => not found.
EmptyTemp: => 30.2 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 09:17:22 ====


#6 Pranesh

Pranesh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 09 December 2015 - 11:07 PM

By the way, downloaded Security Check by screen317.. ran it.

 

below are the logs

 

Be Results of screen317's Security Check version 1.013 --- 11/28/15  

   x86 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 67  
 Java version 32-bit out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C::  
````````````````````End of Log`````````````````````` 


#7 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 PM

Posted 10 December 2015 - 03:01 AM

Did the fix remove the problem with address bar - hxxp://tracking.vcommission.com/aff_c?

Any other malware related problems with this Computer?

Edited by Jo*, 10 December 2015 - 03:10 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Pranesh

Pranesh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 10 December 2015 - 09:24 AM

Yes, all GOOD NOW :)  :clapping: Thank you very much



#9 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:24 PM

Posted 10 December 2015 - 09:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users