Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sidecubes,Snap.do,ClickMeIn virus, unknown entries in HOST file! HELP!


  • This topic is locked This topic is locked
10 replies to this topic

#1 RalphCuisak

RalphCuisak

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 22 June 2016 - 04:47 AM

Hi team,

 

After installing an unverified exe file, I have been bombed with adware, malware and PUP's[ sidecubes search, snapdo,feedclick etc), some of which grey out the screen and prompt for other updates(Setup wizard/ClickmeIn virus). Also, while resolving some dns issues that started yesterday after I installed spyhunter just to get a diagnoses I saw some fishy entries in the host file as well. Posting the contents here:

 

# localhost name resolution is handled within DNS itself.
# 127.0.0.1       localhost
# ::1             localhost
 
 
 
0.0.0.1 mssplus.mcafee.com
127.0.0.1       down.baidu2016.com
 
127.0.0.1       123.sogou.com
 
127.0.0.1       www.czzsyzgm.com
 
127.0.0.1       www.czzsyzxl.com
 
127.0.0.1       union.baidu2019.com
 
127.0.0.1       down.baidu2016.com
 
127.0.0.1       123.sogou.com
 
127.0.0.1       www.czzsyzgm.com
 
127.0.0.1       www.czzsyzxl.com
 
127.0.0.1       union.baidu2019.com
 
127.0.0.1       down.baidu2016.com
 
127.0.0.1       123.sogou.com
 
127.0.0.1       www.czzsyzgm.com
 
127.0.0.1       www.czzsyzxl.com
 
127.0.0.1       union.baidu2019.com
 
 
----------------------------
 
I had to restore the system to an earlier date as Spyhunter was throwing script errors when I attempted to uninstall it. There is another software( Cloudfront) that appears 5 times in the programs list and I cant uninstall it either. The DNS errors seem to keep happening and resolving on their own which is worrisome too.
 
HELP!


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 22 June 2016 - 05:48 AM

Hello RalphCuisak and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please complete these tasks in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 RalphCuisak

RalphCuisak
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 22 June 2016 - 06:59 AM

Hi Satchfan,
 
Thanks for the prompt response. Attaching the requested files. Also, the background Malwarebytes scan blocked and confirmed the existence of another virus, hohosearch.
:(

 

Attached File  AdwCleanerC1.txt   8KB   3 downloads

Attached File  JRT.txt   3.11KB   2 downloads

Attached File  Addition.txt   44.08KB   2 downloads

Attached File  FRST.txt   2.86MB   4 downloads

 

Thanks in advance!



#4 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 22 June 2016 - 08:04 AM

This is a bit of a mess but there are over 1000 pages so I’m afraid there’s no way I would have time to look at it as it is so we need to clear up a bit more first.

Please uninstall any version of cloudfront.

 

Download TFC to your desktop

  • close any open windows
  • double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • click the Start button to begin the process
  • allow TFC to run uninterrupted
  • the program should not take long to finish it's job
  • once its finished it should automatically reboot your machine
  • if it doesn't, manually reboot to ensure a complete clean.

====================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button.
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes.
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the “History” tab, the “Application Logs”
  • double-click on the scan log which shows the date and time of the scan just performed.
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

===================================================

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Logs to include with the next post:

CKFiles.txt
Mbam.txt


Satchfan
 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 25 June 2016 - 07:58 AM

Hi RalphCuisak

It has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you still need help.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 26 June 2016 - 08:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 28 June 2016 - 01:25 AM

This topic has been re-opened at the request of the person who started it.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 RalphCuisak

RalphCuisak
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 28 June 2016 - 12:48 PM

Please find attached the requested files Satchfan. Thank you for re-opening the thread as well!

 

Attached File  MBAM.txt   8.53KB   4 downloads

Attached File  ckfiles.txt   12.7KB   5 downloads



#9 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 29 June 2016 - 02:43 AM

You have illegal software on your system, which is probably how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

This forum, as well as all the other well-respected malware removal forums, does not condone the use of illegal software. If you disregard this warning and become re-infected, we may not assist you the next time.

Please uninstall all the illegal software that you have downloaded and installed. When you have done this, run the following program and post a new log.

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 02 July 2016 - 04:25 PM

It has been several days since I replied to you.

Please let me know if you are having problems but, if I do not hear from you within 24 hours, I'll assume that you no longer need help and close this topic.

Thanks

Satchfan


Edited by satchfan, 02 July 2016 - 04:26 PM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:05 PM

Posted 03 July 2016 - 04:43 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users