Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware removed two files, wonder what they were, how I got them


  • Please log in to reply
5 replies to this topic

#1 cristooo

cristooo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 28 May 2016 - 05:03 AM

Hi,
 
Adware removed two files, wonder what they were, how I might have got them
 
[-] File Deleted : C:\user.js
 
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc

Edited by hamluis, 28 May 2016 - 07:49 AM.
Moved from MRL to AII - Hamluis.


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,793 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:32 AM

Posted 28 May 2016 - 08:13 AM

Hello cristooo  and welcome to Bleeping Computer.

User.js is user-created file but shouldn't be saved where it was located: it should be in a Mozilla profile folder.

winzipersvc is a Winzip update file regarded as "adware" by some antiviruses and AdwCleaner.

I hope this answered your question.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:32 AM

Posted 28 May 2016 - 08:26 AM

A quick reinstall of Firefox should reset its pointers and its files within the profile folder.

A quick reinstall of Winzip might be necessary to get back winzipersvc.

What adware fighter flagged those two files?  You can probably exclude winzipersvc.exe


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#4 satchfan

satchfan

  • Malware Response Team
  • 2,793 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:32 AM

Posted 28 May 2016 - 08:36 AM

There should be no need to reinstall Firefox as that location wouldn't have affected you user preferences.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:32 AM

Posted 28 May 2016 - 08:51 AM

There should be no need to reinstall Firefox as that location wouldn't have affected your user preferences.

I was hoping that too; however, I'm wondering how did that user.js get to another folder.


Edited by RolandJS, 28 May 2016 - 08:51 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#6 satchfan

satchfan

  • Malware Response Team
  • 2,793 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:10:32 AM

Posted 28 May 2016 - 09:04 AM

Not intentionally by the user I would assume but it could have arrived there in many ways, malware included.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users