Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

yontoo + ads


  • Please log in to reply
9 replies to this topic

#1 mcht

mcht

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 03 January 2016 - 03:36 AM

hello can you help me please, i have a problem with yontoo and ads



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:39 AM

Posted 03 January 2016 - 07:02 AM

mcht:

:welcome: to the Bleeping Computer Am I Infected? - What Do I Do? Forum. My name is Phil. If you would permit me, I would like to address you by your first name, since we will be working together to scan your computer.

Sorry to hear that you are victim of adware. If that is all there is, then we should be able to get your computer cleaned quickly here in this Forum.

I think that we should run a few preliminary security scans on your computer and see what turns up.


:step1:
ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!



:step2:
Download and install Malwarebytes Anti-Malware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.2.*.****.exe and follow the prompts to install the program ( * = program version numbers may vary - always get the latest version).
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard
  • Paste the contents of the clipboard into your next reply.

 

 

:step3:
Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

I would like you to paste the logs from the three scans into your next reply. I will examine those and determine what our next step should be. If there is evidence of serious infection, you might have to open a new thread in the Virus, Trojan, Spyware and Malware Removal Logs Forum, but let's not get ahead of ourselves yet. Many less serious issues can be solved right here, in this Forum.

If I haven't responded to your reply in 24 hours, please send me a personal message.

Have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 mcht

mcht
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 03 January 2016 - 07:59 AM

eset scan results:

 

C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftLSPInstaller.exe    a variant of Win32/Packed.Komodia.A suspicious application    cleaned by deleting - quarantined
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftLSPInstaller64.exe    a variant of Win64/Packed.Komodia.A suspicious application    cleaned by deleting - quarantined
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.dll    a variant of Win32/Packed.Komodia.A suspicious application    cleaned by deleting - quarantined
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe    a variant of Win32/Packed.Komodia.A suspicious application    cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService64.dll    a variant of Win64/Packed.Komodia.A suspicious application    cleaned by deleting - quarantined
C:\Windows\Installer\4970541.msi    multiple threats    deleted - quarantined
C:\Windows\System32\LavasoftTcpService64.dll    a variant of Win64/Packed.Komodia.A suspicious application    cleaned by deleting - quarantined
C:\Windows\SysWOW64\LavasoftTcpService.dll    a variant of Win32/Packed.Komodia.A suspicious application    cleaned by deleting - quarantined
 



#4 mcht

mcht
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 03 January 2016 - 08:08 AM

Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2016.01.03.03
Rootkit-Datenbank: v2015.12.26.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: rgtrd

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333648
Abgelaufene Zeit: 4 Min., 23 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0



#5 mcht

mcht
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 03 January 2016 - 08:10 AM

AdwCleaner

# AdwCleaner v5.027 - Bericht erstellt am 03/01/2016 um 14:09:00
# Aktualisiert am 30/12/2015 von Xplode
# Datenbank : 2015-12-30.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : rgtrd - THRGKDPGRE
# Gestartet von : C:\Users\rgtrd\Desktop\AdwCleaner.exe
# Option : Suchlauf
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLL ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\pc-mechanic
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cfd32d46-7d3f-483f-bace-7172aec5592d}

***** [ Internetbrowser ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [910 Bytes] ##########



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:39 AM

Posted 03 January 2016 - 12:25 PM

Mark:

Thank you for the logs, and thank you for your permission to address you by your first name. It looks like ESET found and, dealt with, a trojan variant. Your Malwarebytes anti-malware scan is clean.

As for what AdwCleaner found, the only item you "might" want to keep is "PC Mechanic; HOWEVER, BleepingComputer does not recommend the use of PC optimizers and registry cleaners.  See the excellent article here by quietman7, who is extremely knowledgeable about computers and malware.  I certainly would not have PC Mechanic on my computer.
 
It is your choice as to whether you keep PC Mechanic.  It is your computer.  If you want to keep PC Mechanic, then please ensure that you un-check it before starting the AdwCleaner "Clean" process outlined below.


:step1:
Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait for the update to complete.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Uncheck any PUP and adware applications that you want to keep.
  • Then this time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

Please let me know how your computer is running now, after you complete the AdwCleaner "Clean" process and have rebooted.

 

There are other programs we can run if you think that there are still issues with your computer.  I would appreciate receiving the details of any symptoms that you are experiencing with your computer.

 

Thank you, and have a great day, Mark.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 mcht

mcht
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 04 January 2016 - 09:37 AM

# AdwCleaner v5.027 - Bericht erstellt am 04/01/2016 um 15:33:54
# Aktualisiert am 30/12/2015 von Xplode
# Datenbank : 2015-12-30.1 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : rgtrd - THRGKDPGRE
# Gestartet von : C:\Users\rgtrd\Desktop\AdwCleaner.exe
# Option : Löschen
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [718 Bytes] ##########
 

 

my laptop is running a little bit slow, can you check this too, please? thanks for your help

 

Regards

Mark


Edited by mcht, 04 January 2016 - 09:37 AM.


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:39 AM

Posted 04 January 2016 - 01:23 PM

Mark:

Thanks for your scan results. You asked a question, via private message about Lavasoft Web Companion. It is classified as adware. See this link. I am not sure why you think that you have this adware. Both AdwCleaner and Malwarebytes Anti-Malware are supposed to detect and delete that adware, according to the link that I provided, and I did not see any evidence of that being detected by either application in their respective scan logs.

I think we should run Junk Removal Tool (JRT). I did not see AdwCleaner removing PC Mechanic. If you decided to keep it, please download your installer file and licence key to a flash drive or external media, just in case JRT detects it, and removes it. Unlike AdwCleaner, JRT does ask the user what he or she wants to keep - it just deletes what it detects as malware, adware, PUPs, etc. If JRT detects PC Mechanic as malware, it will delete it, so if you want to keep it, you might have to reinstall it after the JRT run. JRT often picks up some adware, PUPs, and such, not detected by other malware scanning/clean programs.

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
There are many reasons for a slow computer that are not related to viruses, adware, PUPs, etc. Over time, temp files and other program remnants clutter up computers. Some folks recommend doing a clean install of the operating system every few years and reinstalling all of your programs and data just to rid a computer of the junk that accumulates over time. I just finished doing a clean install of Windows 10 on my two computers, and both are running noticeably faster. Neither had any malware or virus, or any other nasties. Cleaning out temp files, and defragmenting your hard drive, if it is not an SSD, can often yield performance improvements.

I don't have the expertise, at present, to expertly assist you in diagnosing if there are obvious reasons, not malware-related, that might be causing your computer to be sluggish. I notice that you are running Windows 8.1. You could post in the Windows 8.1 Forum and ask there what they suggest, after we are done here. You should link to this topic so that the helpers there are aware that your issues are not thought to be malware-related.

So, let's see what JRT finds and deletes and then report back again about the performance of your computer.

Have a great day, Mark.

Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#9 mcht

mcht
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 04 January 2016 - 02:33 PM

thank you very much for your help, here the JRT results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64
Ran by rgtrd (Administrator) on 04.01.2016 at 20:28:59,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Failed to delete: C:\ProgramData\lavasoft\web companion (Folder)
Failed to delete: C:\Program Files (x86)\lavasoft\web companion (Folder)
Successfully deleted: C:\Users\rgtrd\AppData\Roaming\lavasoft\web companion (Folder)
Successfully deleted: C:\Users\rgtrd\AppData\Roaming\Mozilla\Firefox\Profiles\9sedtkym.default-1424973647305\searchplugins\norton-safe-search.xml (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.01.2016 at 20:30:33,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,798 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:39 AM

Posted 04 January 2016 - 03:37 PM

Mark:
 
Thank you for the JRT log.  You have certainly answered the question as to why you thought you had Lavasoft Web Companion, and I see from the JRT log that it does not want to let go of your computer.  You could try booting into Safe Mode and seeing if you could delete the two folders that JRT could not delete because they were locked.
 
If that doesn't work, I found this thread on the Lavasoft website that indicates that a Farbar Recovery Scan Tool (FRST) "fix" script might be required.  We are not permitted to post FRST logs or "fix" scripts in this Forum; and, in any event, I am not a member of the Bleeping Computer Malware Response Team (I am still in training) so I am not qualified, or permitted, to assist you with that.
 
Since you are still concerned that your computer is sluggish, it might be wise for you to post in the Viruses, Trojan, Spyware and Malware Removal Logs Forum. You will be assisted by a fully qualified expert, who will examine your FRST log for any and all viruses and other malware, including PUPs, adware, etc., and who will also be able to advise you if there are vulnerabilities in your computer, such as software that is not updated, and other issues.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Please understand, Mark, that the Virus, Trojan, Spyware and Malware Removal Logs is very busy and there are only a limited number of qualified Malware Response Team Members, Instructors, and Moderators, available to assist users with malware issue. It can take up to five days before you get an initial response to your request for assistance. Once you do get an MRT member assigned to you, they are usually very prompt and will respond every day or two until all of your issues are resolved and your computer is declared "clean." So patience is the key at first. Please don't bump your post because once MRT members see that there has been a reply, they will think that someone else is helping you and move onto a new request with zero replies.

You will be in the best of hands. I wish you "good luck" though you don't need it in that Forum with the experts there. It has been my pleasure to assist you thus far in the Am I Infected? What Do I Do? Forum, but it is time to pass you off to more capable hands. You might wind up being assisted by a Bleeping Computer Study Hall Senior, like myself, but he or she has completed more training than I have and will be under the supervision of an instructor, so please don't think that I am passing you off because I don't want to help you. I am a few more months away from being permitted to assist in the "Logs" Forum, under supervision. The prime directive here at Bleeping Computer is to "Do No Harm" so permission to post in the "Logs" Forum is seriously restricted to only fully qualified Malware Response Team (MRT) members, or experienced Study Hall Seniors who are under supervision. An MRT member will check everything that the Senior suggests before the Senior is permitted to post a response to you.

Have a great day, Mark, and thank you for choosing Bleeping Computer to assist you with your malware issues.

Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users