Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with im.loadbanks.ru virus - Help!!!!!


  • Please log in to reply
13 replies to this topic

#1 ibewsparky55

ibewsparky55

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 12 February 2017 - 04:00 PM

To all,
 
Just today I seem to have become infected with what appears to be the im.loadbanks.ru virus. It has disabled / hijacked my Chrome browser and websites you don't even see are running in the background playing movie promos, etc.and under Processes in Task manager. Any help that you can provide to get rid of this would be greatly appreciated. Thanks in advance for your help w/ this!
 
Monty

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 dmeskin

dmeskin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 12 February 2017 - 04:14 PM

Download AVG rescue CD/USB here install it, you should be able to do this on any computer with administrator access and a usb port. Boot to AVG with your computer's boot manager and clean your system from mini xp, or if you are an advanced user, use the command line it is faster.



#3 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:59 AM

Posted 12 February 2017 - 04:58 PM

If you are unable to download and run the scans below in regular mode....try doing it in Safe Mode With Networking. If that doesn't work then

first download to a flash drive or CD or DVD using another computer and then move them to the infected one.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 dmeskin

dmeskin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 15 February 2017 - 07:46 PM

 

If you are unable to download and run the scans below in regular mode....try doing it in Safe Mode With Networking. If that doesn't work then

first download to a flash drive or CD or DVD using another computer and then move them to the infected one.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

He said he cannot open thebrowser! And it is a definite possibility that the flashdrive that he uses for this will also get infected, rendering MB useless.



#5 ibewsparky55

ibewsparky55
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 18 February 2017 - 10:45 AM

buddy215 and dmeskin,
 
Thanks for your replies and help with this problem. Below are the scan results requested. I'll look forward to hearing back from you on the scan results and fully solutions. Thanks again for your help!
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/18/17
Scan Time: 7:16 AM
Logfile: MB3scan2-17-17.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1294
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: owner-PC\owner
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 424592
Time Elapsed: 1 min, 57 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 1
Trojan.ProxyAgent, C:\USERS\OWNER\APPDATA\LOCAL\VOXDFF.DLL, No Action By User, [546], [371805],1.0.1294
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 2
Trojan.ProxyAgent, HKU\S-1-5-21-2945372938-4220415437-655982743-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|voxdff, No Action By User, [546], [371805],1.0.1294
Trojan.Boaxxe, HKU\S-1-5-21-2945372938-4220415437-655982743-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|VOXDFF, No Action By User, [81], [371307],1.0.1294
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 12
Trojan.ProxyAgent, C:\USERS\OWNER\APPDATA\LOCAL\VOXDFF.DLL, No Action By User, [546], [371805],1.0.1294
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [212], [365171],1.0.1294
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [212], [365171],1.0.1294
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [212], [365171],1.0.1294
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [212], [365171],1.0.1294
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [212], [365171],1.0.1294
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [212], [365171],1.0.1294
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [212], [365171],1.0.1294
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [212], [365171],1.0.1294
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [212], [365171],1.0.1294
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [212], [365175],1.0.1294
Adware.DotDo.Generic, C:\WINDOWS\SUPERCEDES.EXE, No Action By User, [1745], [370417],1.0.1294
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
# AdwCleaner v6.043 - Logfile created 18/02/2017 at 07:21:04
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : owner - OWNER-PC
# Running from : C:\Users\owner\Downloads\AdwCleaner\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
File Found:  C:\Users\owner\AppData\Local\uninstallro.exe
File Found:  C:\Program Files (x86)\Internet Explorer\iexplore.bat
File Found:  C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKU\S-1-5-21-2945372938-4220415437-655982743-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
Key Found:  HKLM\SOFTWARE\IDOT
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found:  [x64] HKLM\SOFTWARE\IDOT
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1924 Bytes] - [18/02/2017 07:21:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1997 Bytes] ##########
 
 
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64 
Ran by owner (Administrator) on Sat 02/18/2017 at  7:21:50.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 27 
 
Successfully deleted: C:\Program Files (x86)\google\chrome\application\chrome.bat (File) 
Successfully deleted: C:\Program Files (x86)\internet explorer\iexplore.bat (File) 
Successfully deleted: C:\Users\owner\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02XCKYDO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04BHL1IW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42GIBNV1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O7KA0ID (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIH8XH6J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YX9PPV0V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9ZU5DD5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPHQQUWU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02XCKYDO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04BHL1IW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42GIBNV1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8O7KA0ID (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIH8XH6J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YX9PPV0V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z9ZU5DD5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPHQQUWU (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/18/2017 at  7:23:28.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:59 AM

Posted 18 February 2017 - 12:35 PM

Rerun both MBAM and AdwCleaner scans and allow them to delete/ quarantine what they found.

MBAM...When the scan is complete, make sure that all Threats are selected, and click Remove Selected.

AdwCleaner....when scan finishes click on Clean

Post the new logs

 

After doing the above, scan using the directions below.

 

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 ibewsparky55

ibewsparky55
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 19 February 2017 - 09:51 AM

Hi buddy215,

 

Thanks again for your help with this. I followed your instructions and here's the MBAM and AdwCleaner logs after running the scans and deleting/quarantining the results. I'll perform the third step now and report back once that is completed.

Thanks again!

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/19/17
Scan Time: 6:07 AM
Logfile: MB3scan2-19-17.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1299
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: owner-PC\owner
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 424607
Time Elapsed: 2 min, 16 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 1
Trojan.ProxyAgent, C:\USERS\OWNER\APPDATA\LOCAL\VOXDFF.DLL, Quarantined, [546], [371805],1.0.1299
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 2
Trojan.ProxyAgent, HKU\S-1-5-21-2945372938-4220415437-655982743-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|voxdff, Quarantined, [546], [371805],1.0.1299
Trojan.Boaxxe, HKU\S-1-5-21-2945372938-4220415437-655982743-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|VOXDFF, Quarantined, [81], [371307],1.0.1299
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 12
Trojan.ProxyAgent, C:\USERS\OWNER\APPDATA\LOCAL\VOXDFF.DLL, Quarantined, [546], [371805],1.0.1299
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [212], [365171],1.0.1299
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [212], [365171],1.0.1299
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [212], [365171],1.0.1299
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [212], [365171],1.0.1299
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [212], [365171],1.0.1299
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [212], [365171],1.0.1299
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [212], [365171],1.0.1299
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [212], [365171],1.0.1299
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [212], [365171],1.0.1299
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [212], [365175],1.0.1299
Adware.DotDo.Generic, C:\WINDOWS\SUPERCEDES.EXE, Quarantined, [1745], [370417],1.0.1299
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
# AdwCleaner v6.043 - Logfile created 19/02/2017 at 06:41:59
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : owner - OWNER-PC
# Running from : C:\Users\owner\Downloads\AdwCleaner\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\owner\AppData\Local\uninstallro.exe
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-2945372938-4220415437-655982743-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
[-] Key deleted: HKLM\SOFTWARE\IDOT
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: [x64] HKLM\SOFTWARE\IDOT
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: fat32-format.en.softonic.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2058 Bytes] - [19/02/2017 06:41:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [2092 Bytes] - [18/02/2017 07:21:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [2302 Bytes] - [19/02/2017 06:41:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2277 Bytes] ##########
 


#8 ibewsparky55

ibewsparky55
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 19 February 2017 - 10:28 AM

buddy215,

 

I've tried downloading, installing and running the Eset program you recommended but I get the error message "Can not get update. Is proxy configured". Any ideas or suggestions? Thanks again for your help!

 

sparky55



#9 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:59 AM

Posted 19 February 2017 - 11:20 AM

Try using the IE browser if you are using Chrome.

 

Note that using a browser other than IE requires:

  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 ibewsparky55

ibewsparky55
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 19 February 2017 - 12:47 PM

buddy215,

 

I tried using IE as you suggested and I get the error message "Can not update virus signature database. Make sure your computer is connected to the internet. If a proxy is used check your proxy configuration". I'm definitely connected to the internet. I'm not sure or understand what the proxy configuration means. Any suggestions on what to do from here? Thanks again!

 

sparky55



#11 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:59 AM

Posted 19 February 2017 - 01:16 PM

Try this....Scan with rkill first. DO NOT reboot before trying to use Eset again. Don't waste much time doing that. If you

get the error right away then go on and download and scan using Zemana.

 

Please download rKill to your desktop.

  • Right click the file Run As Administrator.
  • If you have any difficulty running the the tool please use an alternative from this page
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • Please copy and paste the log that appears in your reply

 

Please download Zemana AntiMalware and install it

  • Run the application
  • Click "Next" and then Scan
  • When the scan has finished click Next to remove any threats.
  • Click the bars in the top right corner to display the logs, double click your log

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 ibewsparky55

ibewsparky55
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 24 February 2017 - 03:36 PM

Hi buddy215,

 

Sorry I couldn't get back to you sooner. I was out of town working the past few days. Below are the scan results for rkill and Zemana. Itried to run Eset again after rkill but still received the same error message "Can not update virus signature database. Make sure your computer is connected to the internet. If a proxy is used check your proxy configuration". Let me know what you think of the scan results below. I'll look forward to hearing back from you and thanks again for your help!

 

sparky55

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)

Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/24/2017 12:29:07 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 02/24/2017 12:29:28 PM
Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)
 
 
Zemana AntiMalware 2.72.2.101 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/2/24
Operating System       : Windows 7 64-bit
Processor              : 8X Intel® Core™ i7-3770 CPU @ 3.40GHz
BIOS Mode              : Legacy
CUID                   : 12AD107387E742F8A1DC52
Scan Type              : System Scan
Duration               : 7m 20s
Scanned Objects        : 111004
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : 98F6326977B93EAB8BC39252294FF83B
Publisher          : -
Size               : 850
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Related Objects    :
                Hosts file - Too many empty lines in Hosts file
                File - %systemroot%\system32\drivers\etc\hosts
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0
 


#13 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:59 AM

Posted 24 February 2017 - 03:56 PM

I think it best that you start a new topic in the malware removal forum by following the directions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 ibewsparky55

ibewsparky55
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 25 February 2017 - 01:20 PM

buddy215,

 

OK. I'll start a new topic in the other forum as you suggested. Thanks again for your attempts to help!

 

sparky55






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users