Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Palikan, yet another more sophisticated hijacker and malware


  • Please log in to reply
1 reply to this topic

#1 srhaley051496

srhaley051496

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 11 December 2015 - 07:11 PM

I know how they get there and the lengths they go to to make it nearly impossible to remove. I am very good with computers, but ran into one that I,m spending enough time on, it would have been more cost effective to reinstall the operating system and start over.

 

I have been removing programs 1st from uninstall then comb the hidden files and the registry for instances of the app and string components as well as manufacturer or author.

 

I have degrees, okay so I can do it this way without totally destroying things. By the way, anybody reading this question, don't do this unless you really know what you are doing.

 

It's the few locations they have managed to put BINARY AND DWORD that I am pulling hair out from.

Tried Revo to see if they have a finite enough portion of their removal kit for me to get specific enough to get it to rid the registry of those specific instances. Don't see it. I won't pay for these removal apps because they are simply not sophisticated enough to get the registry totally cleaned up.

 

I tried to get a suggestion to Microsoft to change its registry to include a time and date stamp for every entry that goes in. That would at least make it easy to find everything that went in based on that app. so here: sought out and eliminated Palikan, and plk_coinisrs....99.99% gone

Link deleted - Moderator

cd=2XzuyEtN2Y1L1QzutCyC0C0CtBtDtD0Ezy0EyE0BtAzyyE0AtN0D0Tzu0StCtAzytDtN1L2XzutAtFtCtBtFyDtFtDtN1L1 etc. etc. etc....

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompAdapter\Signatures has two: Go_palikan entries. There must be a way to get the correct permission to rid them. I can't find the release to check special permissions. IDEAS?


Edited by Chris Cosgrove, 11 December 2015 - 07:37 PM.
Link deleted and moved from Win 8 to AII


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,496 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:20 PM

Posted 11 December 2015 - 08:04 PM

The programs below have had success removing Palikan. They also remove other adware and malware.

You don't mention whether you have used programs or not, so if you have used any of the below in the last day then

skip to the next.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users