Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdwCleaner 5.031 crashes in Windows XP SP3


  • This topic is locked This topic is locked
9 replies to this topic

#1 enesalpa

enesalpa

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 26 January 2016 - 12:04 PM

Hello
 
The http://mys.yoursearch.me has hijacked my Firefox 43.0.4. Trying to get rid of it I downloaded AdwCleaner, but each time that I run it it crashes with a Windows error window report. This is the log:

 

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="adwcleaner_5.031.exe" FILTER="GRABMI_FILTER_PRIVACY">
    <MATCHING_FILE NAME="adwcleaner_5.031.exe" SIZE="1507840" CHECKSUM="0x7B731A92" BIN_FILE_VERSION="5.0.3.1" BIN_PRODUCT_VERSION="3.3.14.2" PRODUCT_VERSION="3.3.14.2" FILE_DESCRIPTION="AdwCleaner" FILE_VERSION="5.0.3.1" LEGAL_COPYRIGHT="Xplode" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="5.0.3.1" UPTO_BIN_PRODUCT_VERSION="3.3.14.2" LINK_DATE="01/25/2016 16:57:06" UPTO_LINK_DATE="01/25/2016 16:57:06" VER_LANGUAGE="Francés (Francia) [0x40c]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="kernel32.dll" SIZE="1046528" CHECKSUM="0xF34F3771" BIN_FILE_VERSION="5.1.2600.6532" BIN_PRODUCT_VERSION="5.1.2600.6532" PRODUCT_VERSION="5.1.2600.6532" FILE_DESCRIPTION="DLL de cliente API BASE de Windows NT" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Sistema operativo Microsoft® Windows®" FILE_VERSION="5.1.2600.6532 (xpsp_sp3_qfe.140312-0419)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="Copyright © Microsoft Corporation. Reservados todos los derechos." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x109C56" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.6532" UPTO_BIN_PRODUCT_VERSION="5.1.2600.6532" LINK_DATE="03/12/2014 10:47:45" UPTO_LINK_DATE="03/12/2014 10:47:45" VER_LANGUAGE="Español (alfabetización internacional) [0xc0a]" />
</EXE>
</DATABASE>

 

Anybody knows what the problem is? And is there another tool to get rid of http://mys.yoursearch.me

 

Many thanks

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:44 PM

Posted 27 January 2016 - 11:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


How is the computer running now?
Wait for further instructions.

p.s.
If you are unable to run the Malwarebytes tool just let me know.

Run the Farbar tool and post the logs if you can.

#3 enesalpa

enesalpa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 28 January 2016 - 06:28 AM

Thanks for the instructions!

 

I have run Malwarebytes Anti-Malware and Farbar. I attach the 3 log files.

 

Tried to run AdwCleaner and still hangs.

 

Waiting what to do next...

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:44 PM

Posted 28 January 2016 - 08:44 AM

If not already done please run the Malwarebytes tool and clean/remove everything that it will find.

===

Enable it not already done.
AV: avast! Antivirus (Disabled - Up to date)
---

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
FF Plugin HKU\S-1-5-21-1229272821-1123561945-682003330-1003: @hola.org/vlc,version=1.8.369 -> C:\Documents and Settings\DIDADO\Configuración local\Datos de programa\Hola\firefox\app\vlc [No File]
CHR HomePage: Default -> hxxp://www.yoursearching.com/?type=hp&ts=1453647033&z=1119e317dff707db09cd28dgfzdw2c0qfz4m1e2cac&from=itr&uid=395049983_6360833_47be8484
S1 Bfilter; \??\C:\WINDOWS\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\WINDOWS\System32\drivers\Bfmon.sys [X]
S0 Bhbase; System32\drivers\Bhbase.sys [X]
S3 BHipsEx; \??\C:\WINDOWS\System32\drivers\BHipsEx.sys [X]
S1 Bnbase; System32\drivers\bnbase.sys [X]
S1 Bndef; \??\C:\WINDOWS\System32\drivers\bndef.sys [X]
S1 Bprotect; \??\C:\WINDOWS\System32\drivers\Bprotect.sys [X]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
S4 IntelIde; no ImagePath
S1 MoboroboAssDriver; system32\drivers\MoboroboAssDriver.sys [X]
U1 WS2IFSL; no ImagePath
AlternateDataStreams: C:\Documents and Settings\All Users\DRM:??????
AlternateDataStreams: C:\Documents and Settings\All Users\Datos de programa\TEMP:6DDED7D9
AlternateDataStreams: C:\Documents and Settings\All Users\Datos de programa\TEMP:763FFD2C
AlternateDataStreams: C:\Documents and Settings\All Users\Datos de programa\TEMP:CF08C48A
AlternateDataStreams: C:\Documents and Settings\DIDADO\Mis documentos\Shareaza Downloads:Shareaza.GUID

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)

===

Please let me know what problem persists.

#5 enesalpa

enesalpa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 28 January 2016 - 03:40 PM

Before running the above code I wanted to clarify that:

 

1) I have already run Malwarebytes Anti-Malware and deleted all malware found.

 

2) I had to temporarily disable Avast because it took Farbar as malware.

 

3) The Java 7 Update 80 is the last that I could install in Windows XP. The Java 8 Update 72 didn't wanted to be installed.

 

4) The yoursearch.me hijack is no longer on IE, Firefox, Chrome and Opera. All is normal.

 

The only thing that doesn't work is AdwCleaner, with the same Wndows report.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:44 PM

Posted 29 January 2016 - 07:38 AM

2) I had to temporarily disable Avast because it took Farbar as malware.
The only thing that doesn't work is AdwCleaner, with the same Wndows report


Avast as probably disable AdwCleaner and you know longer able to run the tool.

If all is well I would not bother.

However you can try to Download the AdwCleaner while Avast is disabled.
Wait a minute after the download is complete. If you get a warning from Avast check it out.

If no warning then run the AdwCleaner. Post the log if you can.

#7 enesalpa

enesalpa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 29 January 2016 - 01:29 PM

Disabled and also uninstalled Avast and the same goes on, AdwCleaner crashes.

 

It's a pitty because AdwCleaner is a excellent tool. I use it in other computers and it works just fine!

 

Many thanks for your help!


Edited by enesalpa, 29 January 2016 - 01:41 PM.


#8 enesalpa

enesalpa
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 29 January 2016 - 02:39 PM

I have gone here: https://toolslib.net/forum/viewthread/2054-adwclean-5031-crashing-xpsp3/ and dowloaded this AdwCleaner debug version : http://sd-1.archive-host.com/membres/up/17959594961240255/AdwCleaner_DBG.exe and it worked! :wink:



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:44 PM

Posted 30 January 2016 - 07:37 AM

Good catch.

Thanks for the information.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:44 PM

Posted 06 February 2016 - 01:45 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users