Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

pop-up or whatever

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: pop-up or whatever

Unread postby dan12 » May 16th, 2008, 2:19 am

Hi,
I down loaded (Eset N032 antivirus)

The scan I asked for is an online scan! I didn't ask that you download nod32 a\v.
Ok, let's see if we can't use another scanner to make things a little easier, I will include some pics to help.
Note: This scan will require Internet explorer



1 - Kaspersky Online Scan
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available otherwise Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)

    Image

  • In the Save as... prompt, select Desktop
  • In the File name box, name the file KasScan-ddmmyy (or similar)
  • In the Save as type prompt, select Text file (see below)

    Image

  • Copy and paste the report in your next post.
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Re: pop-up or whatever

Unread postby bushed51 » May 16th, 2008, 11:20 am

Dan
I found my problem
In Firefox, I went into cookies-under Exception,I found (GameColony.com) -blocked.
I found another (GameColony.com)-allow. I deleted both of them, & I can now get
into rubl.com
My CUP has been well scanned.
In Anti-Malware I have 70 infections in quarantine to delete
Thanks Dan
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby dan12 » May 16th, 2008, 11:33 am

Can you let me have the kaspersky scan so I can clear-up for you.
Thanks
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: pop-up or whatever

Unread postby bushed51 » May 16th, 2008, 2:26 pm

Dan
Kasersky Online Scan
I did your inst. &the down load wants me to del. my AVG
kav7.0.1.325en.exe
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby bushed51 » May 16th, 2008, 2:36 pm

Dan
I lost my E-mail logon, I'll check my settings or my sever is down
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby dan12 » May 16th, 2008, 2:40 pm

Did you do the scan from Internet explorer?
Just post the scan results to me when your able.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: pop-up or whatever

Unread postby bushed51 » May 18th, 2008, 11:31 pm

Dan
Here are some files from (Malwarebytes' Anti-MalwareMalwarebytes' Anti-Malware 1.12
Database version: 752

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 150683
Time elapsed: 48 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 57

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sysvideo32.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{71314e7c-1713-49fa-90f2-54d275023981} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71314e7c-1713-49fa-90f2-54d275023981} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kel\My Documents\DownUpdater.exe (Adware.CWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kel\My Documents\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
C:\Old\Old System\System Volume Information\_restore{22460E2F-C87F-47B6-9D17-30459BB719FD}\RP8\A0009892.vxd (Adware.Winad) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001497.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001498.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001499.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001500.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001501.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001502.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001503.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001504.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001505.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001506.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001507.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001508.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001509.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001510.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001511.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001512.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001513.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001514.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001515.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001516.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001517.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001519.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001520.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001521.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001522.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001524.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001525.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001526.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001527.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001528.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001529.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP13\A0001530.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP17\A0004606.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP17\A0004607.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP17\A0004608.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP17\A0004609.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP18\A0004695.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP22\A0006075.exe (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP22\A0006099.exe (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000069.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000070.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000071.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000072.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000073.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000074.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000075.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000077.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000079.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000080.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000081.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000082.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000084.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000085.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6CCDBE31-55E0-4614-B123-1BB916F52E13}\RP5\A0000092.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby bushed51 » May 18th, 2008, 11:33 pm

attc.2Malwarebytes' Anti-Malware 1.12
Database version: 752

Scan type: Quick Scan
Objects scanned: 56
Time elapsed: 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby bushed51 » May 18th, 2008, 11:34 pm

attc.3Malwarebytes' Anti-Malware 1.12
Database version: 752

Scan type: Quick Scan
Objects scanned: 56
Time elapsed: 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
bushed51
Regular Member
 
Posts: 24
Joined: May 7th, 2008, 10:38 pm

Re: pop-up or whatever

Unread postby dan12 » May 19th, 2008, 5:39 pm

Can you let me have the kaspersky scan so I can clear-up for you.
Thanks


This is what I asked for, not the malwarebytes scan!

I think we have reached a point where by I'm unable to assist you any more.
I've been patient as I didn't want to rush you,however, we seem to be going around in circles.
Countless times throughout the fix I've asked for particular scans and you have given me a scan that I have not asked for.
I'm sorry that I have to bring this to an end but believe this will be best for you. My time taken up with having to keep repeating my posts is not a good way to continue,as many other people are waiting for my help also.
I've wanted to help you as I know how daunting it can be to some people to try and understand Instruction,we some times find that online help isn't suitable for every one.
I honestly think it will be in your best Interest if you take your pc in to a repair shop to have hands on help with these issues.
That way you have not the worry,stress, and within a day or so you should be up and running and enjoying surfing the net once again.
I hope you understand and are able to resolve your Issues soon.
Kind regards dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: pop-up or whatever

Unread postby NonSuch » May 19th, 2008, 5:55 pm

As this issue appears to have been resolved to the best of our ability, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware