Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome hacked-Swdumon


  • This topic is locked This topic is locked
8 replies to this topic

#1 GlenCat

GlenCat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 01 April 2016 - 05:37 PM

I installed some Extensions on Google Chrome and then it kicked me off the internet completely. I couldn't run Int Explorer either. SO I un installed the extensions, and when I ran AdW Cleaner it said I had

Swdumon . I cleaned it and un-installed then re-installed google chrome but AdWCleaner is not picking up SWdumon anymore, but it is picking up something under ask.com and aol.com. I don't use either program.

I ran Adware Cleaner without Google chrome installed and it was clean. But I know when I re-install it the same issues will show up.

 

Please help. Also I have 2 Log-in's on this computer.

 

I attached the original AdWcleaner file that picked up the original problem. Attached File  AdwCleanerC1.txt   2.01KB   3 downloads

 

Thanks,

Glen



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 02 April 2016 - 09:16 AM


Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I suggest you install Chrome from this site.
https://www.google.ca/chrome/browser/desktop/

When completed and without adding any other programs or extensions please download and run this tool.


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Post the log for my review.
Let me know of any pending issues.

#3 GlenCat

GlenCat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 04 April 2016 - 05:20 PM

OK I had to uninstall and re-install google chrome. It wouldn't even let me send this back to you.

 

Thanks for your help

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 05 April 2016 - 08:14 AM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Glen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
Task: {169ADB8E-CD79-47A7-A7FA-78DC7E8312D5} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

MpsSvc => Firewall Service is not running.

Let see what we can find out about this service.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#5 GlenCat

GlenCat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 05 April 2016 - 08:42 AM

Here ya go! Thanks

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 06 April 2016 - 07:02 AM

Looking good.

The Windows firewall has been replaced by AVG.
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

Let me know of any issues if any.

#7 GlenCat

GlenCat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 06 April 2016 - 07:13 AM

Thanks for your help. When I run AdwCleaner it always picjks up aol.com and ask.com.  Is that normal?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 06 April 2016 - 08:24 AM

I this this is set by AVG.

Run computer of one days.

Do not run the AdwCleaner.

Execute the Farbar toll and post a fresh FRST log for my review.

Wait for further instructions.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 12 April 2016 - 08:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users