Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wonderland .com - spamer web site


  • This topic is locked This topic is locked
14 replies to this topic

#1 calimero

calimero

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ITALY
  • Local time:01:00 AM

Posted 07 April 2016 - 05:21 AM

Hallo to  all
I appeal to you because I know that you will give me the answers, and especially those that try ...
From some time as I browse on google or microsoft chrome edge, I open a page called "wonderlands.com", a site that spammed advertising in full force, I wonder how to eliminate x Please ... I hope you can help me, thanks in advance.
 
i  attached log  Farbarn 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by giuseppe (2016-04-01 00:24:17)
Running from C:\Users\giuseppe\Downloads
Windows 10 Home Version 1511 (X64) (2016-03-31 21:51:02)
Boot Mode: Normal . 

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:00 PM

Posted 07 April 2016 - 05:29 AM

Hello calimero and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please run FRST again and post the new log.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt


Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 calimero

calimero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ITALY
  • Local time:01:00 AM

Posted 07 April 2016 - 12:19 PM

Thank  you  for  answer  Satchfan . 

 

I follow as' soon scans you asked and public logs.

 
regards
 
calimero


#4 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:00 PM

Posted 07 April 2016 - 12:47 PM

Thank You.

 

I'm busy for a while but will het back as soon as I can.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:00 PM

Posted 09 April 2016 - 06:22 AM

Hi calimero

It has been a couple of days since I last heard from you.

Please let me know if you are having problems and need help.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:00 PM

Posted 10 April 2016 - 12:04 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:00 PM

Posted 12 April 2016 - 12:14 AM

This topic has been re-opened at the request of the person who originally posted.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:00 PM

Posted 12 April 2016 - 12:15 AM

I have re-opened the topic.

 

Please post the requested logs.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 calimero

calimero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ITALY
  • Local time:01:00 AM

Posted 12 April 2016 - 03:14 AM

thank you satchfan  and apologizes for the delay. I attach the logs

 

regards 

 

calimero 

Attached Files



#10 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:00 PM

Posted 12 April 2016 - 08:23 AM

It’s not your laptop that’s infected, it’s your router. It has been hacked to direct DNS queries to a malicious server so we’ll have to reset it.

First, run this fix.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

Tcpip\Parameters: [DhcpNameServer] 80.243.191.66 8.8.8.8
Tcpip\..\Interfaces\{93c0944d-4b56-4d6e-9b5a-0914968e3920}: [DhcpNameServer] 80.243.191.66 8.8.8.8
Task: {2946BD54-2650-4940-BDB7-FB946ACD73B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {719F320B-0633-4555-830A-F82698B111BA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B5FC3BE6-6391-4E9A-9B76-8375E5C223AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E03C8786-4C3A-41C4-AEF3-F909A1BA0073} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F27862CA-4739-48E5-BF23-F969A330EA7F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
ATTENTION: System Restore is disabled
CreateRestorePoint:
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Reset the Router

Let’s try to reset the router to its default configuration.

  • this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labelled "reset" located on the back of the router.
  • press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • if you don’t know the router's default password, you can look it up. here
  • you also need to reconfigure any security settings you had in place prior to the reset.
  • you may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

================================================

Flush the DNS

Now lets flush the DNS on the computer:

  • hold down your Windows key and press R
  • a “run” window will appear
  • type in cmd and press Enter
  • a black window will open
  • please enter the following text into that window and then press Enter:

ipconfig /flushdns
 

================================================

Check the router

  • open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
    @echo off
    >Log1.txt (
    ipconfig /all
    nslookup google.com
    nslookup yahoo.com
    ping -n 2 google.com
    ping -n 2 yahoo.com
    route print
    )
    start Log1.txt
    del %0
    
  • save this as router.bat
  • choose to Save type as - All Files and where to save – Desktop - then close the Notepad file.
  • double-click on router.bat to run it. it will open notepad when done please post back the results.

Please include the Fixlog.txt and let me know if the problem has been solved.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 calimero

calimero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ITALY
  • Local time:01:00 AM

Posted 12 April 2016 - 01:18 PM

tank you  satchfan  .  I follow your suggestions



#12 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:00 PM

Posted 12 April 2016 - 04:54 PM

OK.

 

If you don't understand something let me know. :thumbup2:


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 calimero

calimero
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ITALY
  • Local time:01:00 AM

Posted 16 April 2016 - 04:31 AM

Tank  you very  much   Satchfan  .  the problem has been solved. The malware has been completely removed.

 

 Infinitely thank you for the tremendous support and professionalism '.
 
A big hug to the whole community of Bleeping Computer
 
Calimero 

 

Attached Files



#14 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:00 PM

Posted 16 April 2016 - 10:35 AM

Hi calimero

Glad we could help.

This will remove the tools we’ve used:

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

 

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan


Edited by satchfan, 16 April 2016 - 10:37 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:00 PM

Posted 17 April 2016 - 10:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users