Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ASK and AOL search providers / Spyware Blaster problems


  • Please log in to reply
1 reply to this topic

#1 hatorihonzo

hatorihonzo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 21 June 2017 - 02:19 PM

ASK and AOL search providers keep showing up after AdwCleaner is run. Also, Spyware Blaster keeps showing partial protection of Mozilla Firefox, even after running its own FIX THIS NOW setting for site preferences removal. I will rerun that one again after running CCleaner.

I noticed problems when starting FF last night. A popup window containing configuration settings for 'RIP' management of media files of some online videos started. I killed it from Task Manager. I immediately checked on No Script settings and Spyware Blaster settings. I have stopped short of running system restore. Also, I ran RKill first before running AdwCleaner as recommended. Its log file showed some items that I am not sure whether I need to address or not - Windows services and HOSTS file entries.

 

RKill log file:

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/21/2017 02:25:19 PM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Disabled

 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]

 * agp440 [Missing ImagePath]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1 localhost
  ::1 localhost #[IPv6]
  0.0.0.0 fr.a2dfp.net
  0.0.0.0 m.fr.a2dfp.net
  0.0.0.0 mfr.a2dfp.net
  0.0.0.0 ad.a8.net
  0.0.0.0 asy.a8ww.net
  0.0.0.0 static.a-ads.com
  0.0.0.0 atlas.aamedia.ro
  0.0.0.0 abcstats.com
  0.0.0.0 ad4.abradio.cz
  0.0.0.0 a.abv.bg
  0.0.0.0 adserver.abv.bg
  0.0.0.0 adv.abv.bg
  0.0.0.0 bimg.abv.bg
  0.0.0.0 ca.abv.bg
  0.0.0.0 track.acclaimnetwork.com
  0.0.0.0 accuserveadsystem.com
  0.0.0.0 www.accuserveadsystem.com
  0.0.0.0 achmedia.com

  20 out of 13404 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 06/21/2017 02:28:20 PM
Execution time: 0 hours(s), 3 minute(s), and 1 seconds(s)
 

Not sure if I am infected or just using browser settings in the wrong manner.



BC AdBot (Login to Remove)

 


#2 hatorihonzo

hatorihonzo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 21 June 2017 - 04:14 PM

Update: Running on HP Probook 4530s with Intel i3/8 GB ram/HD 3000 graphics and SATA HDD at 7200 rpm; Windows 10 Home (10.0.14393) after free W10 upgrade from Windows 7.

I ran CCleaner v5.3 before running Spyware Blaster v5.5. I used its FIX THIS NOW setting and enabled all protection. Rebooted and SB now shows all protection enabled. Will run the RKill app and then AdwCleaner to double check AOL and ASK search listings in Google Chrome. I had previously run the Chrome Cleanup tool about a month ago, and have not used it much. Not sure if it helped any with the issue of AOL and ASK search settings, but I did it for general security purposes.

 

I first became concerned about security issues when I first noticed that MBAM lost its Self Protection setting earlier this year. I have since installed MBAM v 3.12.

As well, I had installed WinZip v21 after a few years of not using it since v 14. I think I had been unable to unzip some new files, so I used what had worked before.

 

Upon installation of WinZip v21, ESET32 AV quarantined 8 files contained in the WinZip temp folder. Hmmm, not good. I noticed some minor browsing issues after that, such as search results being focused on adware. FF ran a bit slower than I liked and there was cursor hesitation. As well, I have noticed that Netflix and Amazon Prime movies had no sound as well as some Flash videos had no sound. When I run the 'Troubleshoot Sound Problems' app from the system taskbar, the sound plays as long as the troubleshooter app is open. I installed Autoruns and ran it. Sure enough, it found the WinZip entries as possible data miners and 1 of 64 scanners on VirusTotal said it was PUP. I recovered the uninstaller from ESET quarantine and ran it and got rid of any remaining WinZip entries on the HDD. Registry entries were cleaned as well. I installed 7 Zip afterward, although AUTORUNS shows 'unverified' in the publisher column. (Same for WinZip.)

I keep Windows updated.as well as Adobe and Java.


Edited by hatorihonzo, 21 June 2017 - 04:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users