Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Chrome

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Chrome

Unread postby Wingman » April 7th, 2011, 11:06 pm

Hello AsahiBeer,

Sorry you had problems... :(

If you look at the instructions provided... you can find the log file
  • A log (text) file created in "C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log"

Please locate the log file and copy and past the contents into you next reply.
Please also include a description of how your computer is behaving.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Re: Google Chrome

Unread postby AsahiBeer » April 7th, 2011, 11:18 pm

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ares deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Messenger (Yahoo!) deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
========== FILES ==========
File/Folder C:\Program Files (x86)\Ares not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Home
->Temp folder emptied: 13499401 bytes
->Temporary Internet Files folder emptied: 3694552 bytes
->Java cache emptied: 8037026 bytes
->Google Chrome cache emptied: 69867210 bytes
->Flash cache emptied: 107777 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2827788 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 3667994 bytes

Total Files Cleaned = 97.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 04072011_223756

Files moved on Reboot...
File C:\Users\Home\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
AsahiBeer
Regular Member
 
Posts: 28
Joined: March 27th, 2011, 12:44 am

Re: Google Chrome

Unread postby AsahiBeer » April 7th, 2011, 11:18 pm

My computer seems to be working, behaving fine nothing unusual. The way the computer restarted was weird though.
AsahiBeer
Regular Member
 
Posts: 28
Joined: March 27th, 2011, 12:44 am

Re: Google Chrome

Unread postby Wingman » April 8th, 2011, 9:54 am

Hello AsahiBeer,

Your machine running normal... sounds good. ;) I'd like to get some final scans run, before I let you go...

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
    VISTA - W7 users: right-click on ERUNT from the menu, select "Run As Administrator", to run the process.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Malwarebytes' Anti-Malware
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Step 3.
Kaspersky Online Scanner.
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

Please go to Kaspersky Online Virus Scanner © Kaspersky Lab to perform an online antivirus scan.
  1. Read the "Advantages - Requirements and Limitations" then press... the ACCEPT...button.
    If you are warned about other anti-virus programs running, disable your AV realtime protection, for the duration of this scan.
    The latest program and definition files will be downloaded. It takes time, please be patient, let it finish.
  2. Once the files have been downloaded, click on the SETTINGS...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the SAVE...button, if you made any changes.
  3. Now under the Scan section on the left:
      Select My Computer
    The program will start scanning your system. This takes a while, be patient... let it run.
    Once the scan is complete it will display if your system has been infected.
  4. Save the scan results as a Text file ... save it to your desktop.
  5. Copy and paste the saved scan results file in your next reply.
Don't forget to enable your realtime anti-virus protection before continuing.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. New MBAM log.
  3. KAS online scan results.
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Google Chrome

Unread postby AsahiBeer » April 9th, 2011, 9:14 pm

Here is the log from the first scan and the online scanner says my laptop doesn't meet system requirements.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6321

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/04/2011 9:07:27 PM
mbam-log-2011-04-09 (21-07-27).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 346689
Time elapsed: 46 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
AsahiBeer
Regular Member
 
Posts: 28
Joined: March 27th, 2011, 12:44 am

Re: Google Chrome

Unread postby AsahiBeer » April 9th, 2011, 9:26 pm

I tried turning of my AV didn't help.
AsahiBeer
Regular Member
 
Posts: 28
Joined: March 27th, 2011, 12:44 am

Re: Google Chrome

Unread postby Wingman » April 10th, 2011, 10:54 am

Hello AsahiBeer,

Sorry you had problems with the Kaspersky scanner. Please run the ESET online scanner again...

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
    VISTA - W7 users: right-click on ERUNT from the menu, select "Run As Administrator", to run the process.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
ESET NOD32 Online Scan
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.

Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
Remember to enable your Anti-virus protection... before continuing!

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. ESET Online scan results.
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Google Chrome

Unread postby AsahiBeer » April 10th, 2011, 9:49 pm

Here are scan log.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=a5da3ede460cc141a8203971b118445d
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-03 09:19:39
# local_time=2011-04-03 05:19:39 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3589 16777213 100 82 8723533 65143131 0 0
# compatibility_mode=5893 16776574 66 85 7938508 53408286 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=45581
# found=0
# cleaned=0
# scan_time=743
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=a5da3ede460cc141a8203971b118445d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-11 12:48:43
# local_time=2011-04-10 08:48:43 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 349643 349643 0 0
# compatibility_mode=3589 16777213 100 82 9337715 65757313 0 0
# compatibility_mode=5893 16776574 66 85 8552690 54022468 0 0
# compatibility_mode=8192 67108863 100 0 528159 528159 0 0
# scanned=193847
# found=0
# cleaned=0
# scan_time=3905
AsahiBeer
Regular Member
 
Posts: 28
Joined: March 27th, 2011, 12:44 am

Re: Google Chrome

Unread postby AsahiBeer » April 10th, 2011, 9:50 pm

Computer is behaving fine.
AsahiBeer
Regular Member
 
Posts: 28
Joined: March 27th, 2011, 12:44 am

Re: Google Chrome

Unread postby Wingman » April 12th, 2011, 12:11 pm

Hello AsahiBeer,

Your computer appears to be malware free! :)

Step 1.
OTM - Clean up
  1. Right click on OTMoveIt3.exe and select Run As Administrator to run it. If Windows UAC prompts, please allow it.
  2. Click on CleanUp!
  3. When done, you will be prompted to restart your computer. Please do so at this time.
If your computer does not automatically restart, please restart it manually.

You may manually remove any program or report left behind from the following processes:
OTM
CKScanner
RSIT
DDS

Create a System Restore Point
  1. Right-click on Computer ... select Properties.
  2. In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.
    Now you have a clean restore point to use if you need to restore your system.
Perform Disk Cleanup
Note: You have to have administrative rights to run Disk Cleanup for "All" users.
  1. Click the Vista Start... button. Type disk in the Start Search text entry box.
  2. Double click the Disk Cleanup entry, from the matching program list.
  3. In the Disk Cleanup options...select "Files from all users on this computer"
    If the Disk Cleanup: Drive Selection dialog box appears:
    • Select the drive where Windows Vista is installed. (Normally, this would be C:\ drive)
    • Press the "OK"...button.
    Disk Cleanup will begin space saving calculations.
  4. When the calculations are finished... Press the More Options tab.
  5. In the "System Restore and Shadow Copies" section... select "Clean up" button.
  6. Press the "Delete"... button, at the "Are you sure..." prompt.
    Disk Cleanup will begin cleaning up old files and restore points.
  7. Exit Disk Cleanup.
    This will remove all restore points except the one you just created.

Please follow these simple guidelines in order to help keep your computer more secure:

Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia. F-secure Health Check - Copyright © F-Secure Corporation.

Visit Microsoft often.
Keep on top of critical updates , as well as other updates for your computer.
Using Windows Update in Windows Vista
What is Windows Update?
Microsoft Update Home

Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want. :)

Malwarebytes' Anti-Malware
You have this installed already, run scans weekly (at least)... make sure you check for updates before running scans.
Download it from Malewarebytes © Malwarebytes Corporation.
Tutorials are available for installing and running, Malwarebytes' Anti-Malware.
Powerful, easy to use and free. For real-time protection you will have to purchase the product.

WinPatrol
Do not install if you have installed Spybot Search & Destroy and enabled Teatimer protection. System conflicts can occur.
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here
(The free version of WinPatrol... provides limited real-time protection)

Read - stay informed.
COMPUTER SECURITY - a short guide to staying safer online

Please check out this article: Some information may be old but the basic safeguards still apply.
How to prevent Malware:© miekiemoes - Microsoft MVP - Consumer Security .

Please let me know that you completed the cleanup steps, the create/purge System Restore point steps and reviewed the rest of the post. Once I receive your reply, unless there are other malware questions or concerns, I will have this topic closed as resolved.

Stay Safe! ;)
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Google Chrome

Unread postby AsahiBeer » April 13th, 2011, 9:28 pm

Thanks for the help and i have made two restore points just in case, and i checked out the website how to be safe and i think this is how i got the malware at first, (Be careful when watching online videos, especially when they ask you to install a certain codec to watch the video. By default, your mediaplayer should already have the necessary codecs installed to watch online videos. In case you're prompted to install an additional codec while trying to watch a movie online, it may be a false alert and this so called codec may install malware)this was one of the points. Would've been helpful if i knew before hand lol. Anyways thank you for the support and help. Computer is behaving fine.

AsahiBeer
AsahiBeer
Regular Member
 
Posts: 28
Joined: March 27th, 2011, 12:44 am

Re: Google Chrome

Unread postby Wingman » April 13th, 2011, 9:33 pm

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 122 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware