Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted popups, fake search engines


  • This topic is locked This topic is locked
12 replies to this topic

#1 Serb91

Serb91

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 25 March 2017 - 05:38 PM

This time i need a help with my friend's computer. She has problems with popups and fake search engines. I attached FRST.txt and Addition.txt files in this post.

Attached Files


Edited by Serb91, 25 March 2017 - 05:39 PM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:10 PM

Posted 25 March 2017 - 06:06 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

STEP 1

 

 

Please download the following file => Attached File  fixlist.txt   804bytes   2 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for you, for use on that particular machine.

 

 

STEP 2

 

 

Also please set the Google DNS servers.

 

Right click the Network icon in the task bar notification area, and then click Open Network and Sharing Center.

Click Change adapter settings.

 

Right click your network adapter and select Properties.

Highlight Internet Protocol Version 4 (TCP/IPv4) and click the Properties button.

Now change the option Obtain DNS server address automatically to Use the following DNS server addresses.

Set google's public DNS server as your alternate DNS server.

Preferred DNS server should be: 8.8.8.8

Alternate DNS server should be: 8.8.4.4

When you’re finished click OK.

 

Restart the computer.

 

 

Let me know how are things after the steps above.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Serb91

Serb91
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 26 March 2017 - 06:17 AM

Thank you, Georgi. It seems that problems disappeared. I attached Fixlog.txt in this post.

Attached Files


Edited by Serb91, 26 March 2017 - 07:35 AM.


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:10 PM

Posted 26 March 2017 - 11:20 AM

Hello,
 
Nice work! :)
 
Let's check for malware remnants:
 
 
STEP 1
 
 
Please download AdwCleaner and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2
 
 
icon_zps423a0d9f.jpg Please download ZHPCleaner (by NicolasCoolman) to your desktop.

  • Double click on ZHPCleaner to run the tool. (Vista/Windows 7/8 users right-click and select Run As Administrator).
  • Please click the UkPwoUf.png button.
  • Then press the AQMsoLm.png button.
  • During the scan any open instances of the browsers will be closed automatically.
  • When the scan complete please click the mqEaoP1.png button.
  • Save the log file to your desktop and post the contents of that logfile with your next reply.

 

 

That's it for now. :)
 
 
Regards,
Georgi


cXfZ4wS.png


#5 Serb91

Serb91
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 26 March 2017 - 04:09 PM

Problems again. After she turned off the computer and turned it on after some time, something like this appears in the browser address bar instead of the start page address:

search.queryrouter.com/?pid=exp

I attached again FRST.txt, Addition.txt, and also ZHPCleaner.txt.

Attached Files



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:10 PM

Posted 26 March 2017 - 04:25 PM

Hi,

 

You attached the FRST logs instead of the Adwcleaner log.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Serb91

Serb91
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 27 March 2017 - 09:40 AM

Here is the AdwCleaner log file.

Attached Files



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:10 PM

Posted 27 March 2017 - 11:43 AM

Hi,

 

 

The logs looks ok. Does the problem occur only in Google Chrome or in every browser?

 

Go ahead and disable browsers sync:

 

For Google Chrome:

 

Reset your Chrome sync

 

For Mozilla Firefox:

 

How do I set up Sync on my computer?

 

 

Make sure that you export your passwords and favorites/bookmarks if you have any before you proceed with the steps below.

 

Next please temporary disable your AntiVirus and AntiSpyware protection. See here on how to do this.

  • Right-click 51a612a8b27e2-Zoek.png the zoek icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.

52b6de58f1952-Zoek_Startpagina_5.0.0.0.P

  • In the main box please paste in the following script:

createsrpoint;
IEDefaults;
FFDefaults;
CHRDefaults;
autoclean;

  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive).
  • Post its content into your next reply.

 

Regards,

Georgi


cXfZ4wS.png


#9 Serb91

Serb91
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 27 March 2017 - 02:17 PM

Here is the zoek-results logfile.

Attached Files


Edited by Serb91, 27 March 2017 - 02:17 PM.


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:10 PM

Posted 27 March 2017 - 02:32 PM

Hi,

 

Do you still have problems? If so you may need to reset the browsers or even to uninstall them and reinstall them (at least for Mozilla Firefox and Google Chrome).

 

Reset Internet Explorer

Reset Mozilla Firefox

Reset Google Chrome

 

And finally if the issue is still there then you need to reset the router settings to default.

Check this post for more detailts

 

Let me know about the results.

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Serb91

Serb91
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 27 March 2017 - 04:17 PM

Thank you, Georgi. For now everything is ok. I will inform you if something goes wrong.



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:10 PM

Posted 28 March 2017 - 04:34 AM

Hi,

 

 

Ok, I will leave the topic opened for a couple of days in case you experience further problems.

 

 

In the meantime here are the last set of steps just to make sure nothing is lurking in the dark corners.

 

 

STEP 1

 

 

Please download the following file => Attached File  fixlist.txt   764bytes   2 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for you, for use on that particular machine.

 

 

STEP 2

 
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-consumer-3.0.6.1469.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

 

 

STEP 3


1.Please download HitmanPro.

2.Launch the program by double clicking on the HitmanPro icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 5 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
96QH4u9.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.
 

 

STEP 4
 

 

  • Download EmsisoftEmergencyKit, run the exe and extract the content in a folder of your choice like (C:\EEK) by clicking the Extract button.
  • Double-click the desktop-shortcut called Start Emsisoft Emergency Kit to start the tool.
  • Click on the "Yes" button when asked to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Click on the "Yes" button when asked to enable the scan for Potentially Unwanted Applications.
  • Next click on the Custom Scan and select only drive C:\ to be scanned and remove the rest of the drives from the list. When the scan complete, click on the View Report button (don't delete or quarantine anything).
  • Please attach the content of the report in your next reply.

 

 

STEP 5

 

 

And finally I'd like us to scan your machine with ESET OnlineScan

 

  • Please download and run ESET Online Scanner
  • Check qy7AMI8.jpg (if available) and click on the ePL5oyv.jpg button.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:

 

  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth Technology

 

  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.

yKulboi.jpg

 

  • Push the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • Push save to text file and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the do not clean button.
  • Push a3dBJq5.jpg and the close the application.

 

 

Regards,

Georgi


cXfZ4wS.png


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:10 PM

Posted 01 April 2017 - 04:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users