Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow page loading and Hotmail account hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 10th, 2013, 8:55 pm

C:\Users\Nick\DLdApps\YTDSetup.exe a variant of Win32/Bundled.Toolbar.Ask.C application
C:\Users\Nick\Downloads\cbsidlm-tr1_9-SMAC_MAC_Address_Changer-ORG2-10536535.exe multiple threats
C:\Users\Nick\Downloads\GOMPLAYERENSETUP (1).EXE Win32/OpenCandy application
C:\Users\Nick\Downloads\InstallFreeRARExtractFrog.exe a variant of Win32/Bundled.Toolbar.Ask.C application
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am
Advertisement
Register to Remove

Re: Slow page loading and Hotmail account hijacked

Unread postby Gary R » June 11th, 2013, 1:17 am

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
 C:\Users\Nick\DLdApps\YTDSetup.exe 
C:\Users\Nick\Downloads\cbsidlm-tr1_9-SMAC_MAC_Address_Changer-ORG2-10536535.exe
C:\Users\Nick\Downloads\GOMPLAYERENSETUP (1).EXE
C:\Users\Nick\Downloads\InstallFreeRARExtractFrog.exe

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 11th, 2013, 9:56 am

========== FILES ==========
C:\Users\Nick\DLdApps\YTDSetup.exe moved successfully.
C:\Users\Nick\Downloads\cbsidlm-tr1_9-SMAC_MAC_Address_Changer-ORG2-10536535.exe moved successfully.
C:\Users\Nick\Downloads\GOMPLAYERENSETUP (1).EXE moved successfully.
C:\Users\Nick\Downloads\InstallFreeRARExtractFrog.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06112013_145552
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Gary R » June 11th, 2013, 10:17 am

Looks like we've got everything now, time for a little tidying up, and then I'll make a few suggestions about security.

First

Let's clear out OTL and the files and folders it created. This will also remove SystemLook.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Next

Please delete ....

AdwCleaner.exe
AdwCleaner[R1].txt
AdwCleaner[s1].txt


Next

Please go to Control Panel > Add/Remove Programs and Uninstall the following:

Tweaking.com Registry Backup


As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

You asked earlier whether it was safe to re-install uTorrent, please read the section about P2P in the article I've linked to above, and you will see why we do not recommend the use of torrent programs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 11th, 2013, 11:23 am

OK, did all that. I will study the article and come back to you.

Did you discover how my Hotmail account was hijacked? A keystroke logger maybe? The password seemed strong to me. It was two numerals and a Placename.

Did I have two dodgy toolbars, Conduit plus one other? Did I get them bundled with the uTorrent application, or with data I had downloaded using uTorrent? Did I also get something dodgy with Gomplayer or Free RAR Extract Frog? Or with Iobit Malware Fighter? I also had two other applications from the Iobit stable, Advanced System Care and Smart Defrag. Are they also dodgy? I uninstalled them both the other day, after you said I had failed to uninstall Iobit Malware Fighter (I thought I had.)

Regarding uTorrent, are there any trustworthy alternatives?
http://torrentfreak.com/top-10-utorrent ... es-120819/

Or how about an earlier release of uTorrent from the days when they didn't bundle malware with it?
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Gary R » June 11th, 2013, 12:14 pm

Usually Hotmail accounts get hacked at the site end rather than your end, so if your password gets compromised, then the "fix" is usually to change your password. if it gets hacked again, then delete/close your existing account and create a new one.

Conduit is just one variant of the "bandoo media" toolbars, there's a whole mass of them, and parts of several different ones are usually found when cleaning them off someone's machine. What they came with I couldn't say, they get bundled with all sorts of things, and keeping up with which ones they're currently attached to is a pointless and unending job, so we generally don't try. We just remove them when we find them.

IOBit's programs are not malicious as such, but they do steal other people's work, so their morals are questionable at best, and I do not recommend their programs. In any case, most "Tune Up" utilities do more harm than they do good. Windows Registry is remarkably tolerant of orphans, and you can remove thousands of them without any noticeable improvement in performance. However, remove just one necessary Registry entry, and you can easily create an unbootable machine. The gain vs risk equation is not a good one, so I do not recommend any of these type of programs.

As for torrent programs, IMO there are no safe P2P programs. Not because the individual programs are malicious, but because the methods they use, and the sources of the files they "share" are uncheckable, and therefore easily open to abuse by unscrupulous individuals (and there's an awful lot of them about).

The biggest single thing you can do, to reduce your chance of picking up another infection, is to stop using P2P. I don't think I can say things any clearer than that.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 13th, 2013, 10:18 am

Ok, I've read the article, all very clear, thank you.

I have installed the free versions of Superantispyware and MBAM. Do I need to uninstall one? Mbamgui.exe and Superantispware.exe are both in my list of running processes. They're both really tiny - are they providing just a taskbar icon, for marketing purposes? If that's the case I suppose I don't have any real time malware protection. Can you recommend any free solutions?

I have also installed the MVPS Hosts file, WinPatrol, FileHippo and the NoScript and WOT extensions for Firefox. NoScript seems impressive - maybe I should use Firefox as my main browser.

A Superantispyware scan said I had the Gen-Kazy Trojan in my FastIPChanger directory. But MSE and MBAM said the directory had no threats. So I reported a false positive to the Superantispyware people.

My router is a BT Home Hub. The network name and passwords issued by BT seem to be unique to each router. Is there an argument for changing them?

The Scars site doesn't seem to do anything at all.

Any thoughts on what might have caused the mystery 1 GB per hour downloading problem which I had a few months ago?

Thanks again for your expertise.
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Undinist » June 13th, 2013, 10:31 am

Correction - both Superantispyware and MBAM have quite chunky Services running. But studying their features lists and comparing the free and paid for versions I am still confused as to what they are doing.
Undinist
Regular Member
 
Posts: 15
Joined: June 6th, 2013, 11:00 am

Re: Slow page loading and Hotmail account hijacked

Unread postby Gary R » June 13th, 2013, 3:35 pm

IMO there is nothing to be gained by having two programs on a computer that perform similar functions. Although MBAM and SAS are known to sit happily side by side, they really only duplicate each others functionality, having both installed will not materially improve your security. I would advise you to uninstall one or other of them.

The free version of MBAM does not have Real Time Protection, though there is an option on install for free 30 days trial with RTP. SAS free does come with RTP as standard. The choice of which you choose to keep is yours to make.

As you supposed, BT Home Hubs come pre-configured with a unique security code enabled, so there's no need for you to alter anything, it is already as secure as it can be.

SCARS has now been discontinued, so I've removed it from the article I linked to it from, thanks for bringing it to my attention.

Slow downloads can be caused by so many different factors, that it's impossible for me to give any kind of reason why yours occurred, and certainly not in retrospect. Sorry.

Hope the above information is helpful, and as your Malware issues now appear to have been resolved .....

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 17 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware