Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware Problem


  • Please log in to reply
10 replies to this topic

#1 KrazyMonkey

KrazyMonkey

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 19 September 2017 - 05:09 PM

Hi, hope this is the right forum.

 

Yesterday i performed a MalwareBytes scan and it found 3 PUPs and an Adware called "adware.hicosmea". i quarantined them and have performed another scan today and adware.hicosmea has been found again, again quarantined it.

 

How do i get rid of it? is it as simple as using AdwCleaner or is there more to be done?

 

Thanks for any advice



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 AM

Posted 20 September 2017 - 07:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Wait for further instructions.
==============================

#3 KrazyMonkey

KrazyMonkey
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 20 September 2017 - 11:55 AM

Hi, thanks for the help.

 

Tried to run the above but was blocked by both windows and Avast Antivirus

 

DIKYDDI.png

 

eFRfxvq.jpg

 

On the windows block: i did right click and run as admin


Edited by KrazyMonkey, 20 September 2017 - 12:18 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 AM

Posted 21 September 2017 - 05:38 AM


Hi,

If you have downloaded the Farbar tool from the link I gave you the file is clean.

Dequarantine the file from the Avast chest and run it as suggested.

How to restore the file.


#5 KrazyMonkey

KrazyMonkey
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 22 September 2017 - 05:00 PM

Followed the above, the Farbar tool reappeared on desktop. double clicked and it was blocked again.

 

In the avast viruschest it has "Win32:Malware-gen"


Edited by KrazyMonkey, 22 September 2017 - 05:01 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 AM

Posted 23 September 2017 - 06:34 AM

Hi,

Followed the above, the Farbar tool reappeared on desktop. double clicked and it was blocked again.


Dequarantine the file again.
This time DO NOT double click the file.

RIGHT CLICK THE FILE AND SELECT RUN AS AN ADMINISTRATOR.

===

If that fails try to run this tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#7 KrazyMonkey

KrazyMonkey
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 25 September 2017 - 11:32 AM

Same thing happened.

 

tried Zoek and kept getting this

 

6jcz9f.png

 

Do i just press continue?

 

also there were options for "scan all users" or "scan current user" should i select one of them?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 AM

Posted 25 September 2017 - 12:07 PM

Hi

Are you running the Zoek program from a temporary folder ?

Copy the .exe file to your Desktop and run it as an administrator.

If all the users are having program choose all users, other wise select current user

#9 KrazyMonkey

KrazyMonkey
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 29 September 2017 - 11:05 AM

First time around i download to my download file and dragged to desktop.

 

Tried again, saving straight to desktop, selected run as administrator and got the same error as above



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 AM

Posted 29 September 2017 - 12:31 PM

Hi,

I suspect that AVAST is blocking all actions on the tools we suggested.

Remove Avast using this removal tool.

Follow the instructions on this page.
https://www.avast.com/uninstall-utility

Restart the computer normally when done.

Run the Farbar programs and post the logs.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 AM

Posted 04 October 2017 - 07:27 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users