Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser opens Bestprosoft.com every boot


  • This topic is locked This topic is locked
9 replies to this topic

#1 Habulabiso

Habulabiso

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney,Australia
  • Local time:12:52 PM

Posted 23 August 2016 - 07:11 AM

Hello.

Everytime Windows starts, Browser opens this website.  I could not find any Malware with Malwarebytes  I tried Adwcleaner and 

I scaned with FRST and Ckscanner.

Could anyone please help me.

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 PM

Posted 23 August 2016 - 07:48 AM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

 

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

2.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Habulabiso

Habulabiso
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney,Australia
  • Local time:12:52 PM

Posted 23 August 2016 - 09:50 AM

Thank you

1.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Emalriko (24-08-2016 00:32:47) Run:1
Running from C:\Users\Emalriko\Desktop
Loaded Profiles: Emalriko (Available Profiles: Emalriko)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ShortcutWithArgument: C:\Users\Emalriko\Desktop\Play iWin Games.lnk -> C:\Users\Emalriko\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=00000000 -config.uri=hxxp://gm/iwin/index.html
InternetURL: C:\Users\Emalriko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Windows 10 Pro Permanent Activator 2016.url -> URL: hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/
FF ProfilePath: C:\Users\Emalriko\AppData\Roaming\Profiles\a7uk56lb.default
FF NewTab: hxxp://www.trotux.com/?z=7b2fcdae645b8f21eaea06bg0z7mfg0t5caz1z3q7b&from=opt&uid=ST1000LM024XHN-M101MBB_S32XJ9AH209728&type=hp
FF DefaultSearchEngine: trotux
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=trotux
FF SelectedSearchEngine: trotux
FF Homepage: hxxp://www.trotux.com/?z=7b2fcdae645b8f21eaea06bg0z7mfg0t5caz1z3q7b&from=opt&uid=ST1000LM024XHN-M101MBB_S32XJ9AH209728&type=hp
FF Keyword.URL: hxxp://www.trotux.com/search/?z=7b2fcdae645b8f21eaea06bg0z7mfg0t5caz1z3q7b&from=opt&uid=ST1000LM024XHN-M101MBB_S32XJ9AH209728&type=sp&q=
S2 terrercultckirdommonitortofsyjdotion.exe; C:\Program Files (x86)\Sterjotioncajucult\terrercultckirdommonitortofsyjdotion.exe [398424 2016-08-22] ()
C:\Program Files (x86)\Sterjotioncajucult
S1 djurkvam; \??\C:\Windows\system32\drivers\djurkvam.sys [X]
U0 msahci; system32\drivers\msahci.sys [X]
S2 thcmppWocerdomgiverge.exe; C:\Program Files (x86)\Ziftion\thcmppWocerdomgiverge.exe [377432 2016-08-23] ()
C:\Program Files (x86)\Ziftion
2016-08-22 21:14 - 2016-08-22 21:14 - 00009118 _____ C:\Windows\System32\Tasks\Terrercultckirdom Monitor
2016-08-08 19:02 - 2016-08-08 19:02 - 00002234 _____ C:\Users\Emalriko\Desktop\Play iWin Games.lnk
Emptytemp:
Hosts:
*****************
 
C:\Users\Emalriko\Desktop\Play iWin Games.lnk => Shortcut argument removed successfully.
C:\Users\Emalriko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Windows 10 Pro Permanent Activator 2016.url => not found.
FF ProfilePath: C:\Users\Emalriko\AppData\Roaming\Profiles\a7uk56lb.default => FRST is scripted not to move this directory.
FF NewTab: hxxp://www.trotux.com/?z=7b2fcdae645b8f21eaea06bg0z7mfg0t5caz1z3q7b&from=opt&uid=ST1000LM024XHN-M101MBB_S32XJ9AH209728&type=hp => not found
Firefox DefaultSearchEngine removed successfully
Firefox DefaultSearchEngine.US removed successfully
FF SelectedSearchEngine: trotux => not found
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
terrercultckirdommonitortofsyjdotion.exe => service not found.
C:\Program Files (x86)\Sterjotioncajucult => moved successfully
djurkvam => service removed successfully
msahci => service removed successfully
thcmppWocerdomgiverge.exe => service not found.
C:\Program Files (x86)\Ziftion => moved successfully
C:\Windows\System32\Tasks\Terrercultckirdom Monitor => moved successfully
C:\Users\Emalriko\Desktop\Play iWin Games.lnk => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 308208 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 152740125 B
Java, Flash, Steam htmlcache => 8172 B
Windows/system/drivers => 17924643 B
Edge => 24273901 B
Chrome => 0 B
Firefox => 397224815 B
Opera => 386967371 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 572 B
systemprofile32 => 128 B
LocalService => 12950 B
NetworkService => 213488 B
Emalriko => 396027079 B
 
RecycleBin => 3457292 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 00:34:54 ====

 

2.

 

.# AdwCleaner v6.000 - Logfile created 24/08/2016 at 00:40:34

# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-22.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : Emalriko - DESKTOP-VDV1L50
# Running from : C:\Users\Emalriko\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\iwin games
[#] Folder deleted on reboot: C:\ProgramData\Application Data\iwin games
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [7223 Bytes] - [23/08/2016 17:08:29]
C:\AdwCleaner\AdwCleaner[C2].txt - [936 Bytes] - [24/08/2016 00:40:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [6716 Bytes] - [23/08/2016 17:06:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [1353 Bytes] - [24/08/2016 00:34:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [1425 Bytes] - [24/08/2016 00:39:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1227 Bytes] ##########
 

Attached Files



#4 Habulabiso

Habulabiso
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney,Australia
  • Local time:12:52 PM

Posted 23 August 2016 - 09:52 AM

Thank you

Attached Files



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 PM

Posted 23 August 2016 - 10:02 AM

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 Habulabiso

Habulabiso
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney,Australia
  • Local time:12:52 PM

Posted 24 August 2016 - 04:37 AM

not too bad



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 PM

Posted 24 August 2016 - 08:01 AM

Is the browser still redirecting or no?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 Habulabiso

Habulabiso
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney,Australia
  • Local time:12:52 PM

Posted 24 August 2016 - 10:33 AM

no browser is fine now. I guess thats it.

Thnaks for your help



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 PM

Posted 24 August 2016 - 10:59 AM

It Appears That Your Pc Is Now Clean!

***



Clean up:

***



Right-click  AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.


***



Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***



Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***



Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure


:step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).

:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.

:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 PM

Posted 29 August 2016 - 12:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users