Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware problem, can't seem to solve.


  • Please log in to reply
2 replies to this topic

#1 pistol22cal

pistol22cal

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:08 PM

Posted 02 October 2016 - 05:57 PM

zodiac-game.info/newpager.html

 

This pops up in chrome everytime I restart my PC

 

OS Windows 10 Pro 64bit

 

I have ran the following tools in safe mode 

 

Hitman pro

adwcleaner

ccleaner

malwarebytes corporate edition

I also have malwarebytes anti-exploit installed

rkill64

rougekiller

Superantispyware

tdsskiller

Zemana

 

All come back clean except adwcleaner which detects and deletes but it doesn't seem to actually delete the offending program.

 

I have also reinstalled and reset chrome and reset internet explorer to default.

 

Further a blank cmd prompt screen will pop up randomly and stay up for about 20 secs then close.

 

----------------------------

 

# AdwCleaner v6.020 - Logfile created 02/10/2016 at 18:41:49
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-10-01.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : lower - DESKTOP-2RAUIM9
# Running from : C:\Users\lower\OneDrive\Computer Cleanup and Tools\adwcleaner_6.020.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\lower\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\lower\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\lower\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ajkgkhepjponelmnplpciplmhagpknbg
[-] [C:\Users\lower\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bgejkohjndfiooaomnpbacoeekdonkak
 
 
*************************
 
:: "Tracing" keys deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2245 Bytes] - [05/09/2016 13:11:56]
C:\AdwCleaner\AdwCleaner[C2].txt - [1867 Bytes] - [01/10/2016 16:43:53]
C:\AdwCleaner\AdwCleaner[C3].txt - [1355 Bytes] - [02/10/2016 18:41:49]
C:\AdwCleaner\AdwCleaner[S10].txt - [2401 Bytes] - [02/10/2016 18:41:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [1298 Bytes] - [16/05/2016 15:44:39]
C:\AdwCleaner\AdwCleaner[S2].txt - [2297 Bytes] - [24/08/2016 18:29:36]
C:\AdwCleaner\AdwCleaner[S3].txt - [2370 Bytes] - [24/08/2016 20:42:00]
C:\AdwCleaner\AdwCleaner[S4].txt - [2332 Bytes] - [05/09/2016 12:54:13]
C:\AdwCleaner\AdwCleaner[S5].txt - [2384 Bytes] - [05/09/2016 13:10:55]
C:\AdwCleaner\AdwCleaner[S6].txt - [2082 Bytes] - [23/09/2016 03:05:22]
C:\AdwCleaner\AdwCleaner[S7].txt - [1901 Bytes] - [29/09/2016 11:12:41]
C:\AdwCleaner\AdwCleaner[S8].txt - [1974 Bytes] - [29/09/2016 11:27:11]
C:\AdwCleaner\AdwCleaner[S9].txt - [2047 Bytes] - [01/10/2016 16:43:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2159 Bytes] ##########
 
----------------------------

Edited by pistol22cal, 02 October 2016 - 05:59 PM.

I Love Lamp!


BC AdBot (Login to Remove)

 


#2 pistol22cal

pistol22cal
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:08 PM

Posted 02 October 2016 - 06:19 PM

I just ran my malwarebytes in normal boot --- not safemode 

 

Looks like that did it......I am not sure why it did not find it in safemode.

 

Malwarebytes Anti-Malware (Corporate) 1.80.2.1012
www.malwarebytes.org
 
Database version:
  main:    v2016.10.02.04
  rootkit: v0000.00.00.00
 
Windows 10 x64 NTFS
Internet Explorer 11.187.14393.0
lower :: DESKTOP-2RAUIM9 [administrator]
 
Protection: Enabled
 
10/2/2016 6:48:06 PM
mbam-log-2016-10-02 (18-48-06).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: 
Objects scanned: 367434
Time elapsed: 19 minute(s), 37 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKU\S-1-5-21-2582813503-1151210935-872536534-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|lower (PUP.Optional.StartPage.USACVAR) -> Data: explorer.exe http://kb-ribaki.org -> Quarantined and deleted successfully. [7defa3f1c5d53204399c507348bc9b65]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

I Love Lamp!


#3 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:08 PM

Posted 02 October 2016 - 06:44 PM

When you uninstalled Chrome did you delete your Chrome profile, too? If not try that. If that doesn't solve the problem then start

a new topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users