Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

endless popups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: endless popups

Unread postby Gary R » February 9th, 2015, 6:57 pm

I'm not happy that e-set didn't run to completion, so what I'd like to do is take care of what it has found so far, and then try a different scan to ensure we haven't missed anything.

So, first ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\lsdb.js
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\qSgSVJBq.js
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\lsdb.js
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\qSgSVJBq.js
C:\Users\paula\AppData\Local\Temp\3D4f52D50CB.exe
C:\Users\paula\AppData\Local\Temp\57377.exe
C:\Users\paula\AppData\Local\Temp\AB166CB1E83.exe
C:\Users\paula\AppData\Local\Temp\cecabficcdg.exe
C:\Users\paula\AppData\Local\Temp\910F\temp\Download (1).exe
C:\Users\paula\AppData\Local\Temp\b290933802B\temp\Download (2).exe
C:\Users\paula\AppData\Local\Temp\b290933802B\temp\putfu.xyz
C:\Users\paula\AppData\Local\Temp\DA027A\temp\Download (1).exe
C:\Users\paula\AppData\Local\Temp\DA027A\temp\putfu.xyz
C:\Users\paula\Downloads\openofficesuite-setup.exe
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Then ...

Please run Microsoft Safety Scanner
  • Click Download Now (this is a large download, approx. 70Mb)
  • If you are asked about 32-bit or 64-bit, click on the type matching your Windows system.
  • If asked to Run or Save, choose Run.
  • OK the User Account Permission or the query "Do you want to run this software".
  • If you get a message saying "running this type of program could harm your computer" or similar, just ignore it and tell it to Run anyway.
  • Click the box to Accept the license agreement.
  • Click Next.
  • Click Next to run the Scan.
  • Click the Quick Scan button. (... also Full Scan option)
  • Click Next
    • (If it finds nothing, it will just Exit. It still creates a report.)
    • If it has found anything, check the box titled "Help Remove potentially unwanted software"
      • Click Next (the Dialog label will become "Cleaning your computer").
      • After this operation completes, click Finish.
      • When removals are complete, it will report through a link, "View detailed results of the scan"
      • Clicking the link will popup a report in Notepad.
      • Please post the contents of the file in your reply.
      • The file is also saved in C:\Windows\debug\msert.log
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: endless popups

Unread postby Honeybee » February 9th, 2015, 7:40 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015
Ran by paula at 2015-02-09 17:30:32 Run:2
Running from C:\Users\paula\Documents\New folder
Loaded Profiles: paula (Available profiles: paula)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\lsdb.js
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\qSgSVJBq.js
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\lsdb.js
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\qSgSVJBq.js
C:\Users\paula\AppData\Local\Temp\3D4f52D50CB.exe
C:\Users\paula\AppData\Local\Temp\57377.exe
C:\Users\paula\AppData\Local\Temp\AB166CB1E83.exe
C:\Users\paula\AppData\Local\Temp\cecabficcdg.exe
C:\Users\paula\AppData\Local\Temp\910F\temp\Download (1).exe
C:\Users\paula\AppData\Local\Temp\b290933802B\temp\Download (2).exe
C:\Users\paula\AppData\Local\Temp\b290933802B\temp\putfu.xyz
C:\Users\paula\AppData\Local\Temp\DA027A\temp\Download (1).exe
C:\Users\paula\AppData\Local\Temp\DA027A\temp\putfu.xyz
C:\Users\paula\Downloads\openofficesuite-setup.exe
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
*****************

C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\lsdb.js => Moved successfully.
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Default\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\qSgSVJBq.js => Moved successfully.
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\lsdb.js => Moved successfully.
C:\Users\paula\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\olgjplbbinpopmepmlnmhakgenlgjgbi\213\qSgSVJBq.js => Moved successfully.
C:\Users\paula\AppData\Local\Temp\3D4f52D50CB.exe => Moved successfully.
C:\Users\paula\AppData\Local\Temp\57377.exe => Moved successfully.
C:\Users\paula\AppData\Local\Temp\AB166CB1E83.exe => Moved successfully.
C:\Users\paula\AppData\Local\Temp\cecabficcdg.exe => Moved successfully.
C:\Users\paula\AppData\Local\Temp\910F\temp\Download (1).exe => Moved successfully.
C:\Users\paula\AppData\Local\Temp\b290933802B\temp\Download (2).exe => Moved successfully.
C:\Users\paula\AppData\Local\Temp\b290933802B\temp\putfu.xyz => Moved successfully.
C:\Users\paula\AppData\Local\Temp\DA027A\temp\Download (1).exe => Moved successfully.
C:\Users\paula\AppData\Local\Temp\DA027A\temp\putfu.xyz => Moved successfully.
C:\Users\paula\Downloads\openofficesuite-setup.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 17:31:10 ====
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Honeybee » February 9th, 2015, 7:59 pm

Just ran quick scan on microsoft safety scanner. Your directions have (also full scan)....do I need to run a full scan as well?
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Honeybee » February 9th, 2015, 10:02 pm

I ran the quick scan - said no viruses, etc. found. Ran the full scan and received the same message. No report was generated for either scan. Please advise.
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Gary R » February 10th, 2015, 1:41 am

Well unless you're suffering with some problems that I'm not aware of yet, I'd say that it looks like your computer is now clean of infection, so it's time to remove the programs that we've been using to clean your machine.

  • Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check all the boxes then click on Run.
  • Once it has finished, a notepad file named DelFix.txt will open. Post the contents of this notepad in your next reply.
  • The log can also be located at the root of the system drive, C:\DelFix.txt.

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: endless popups

Unread postby Honeybee » February 10th, 2015, 9:57 am

# DelFix v10.8 - Logfile created 10/02/2015 at 07:41:31
# Updated 29/07/2014 by Xplode
# Username : paula - MININT-8L86P5C
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\paula\Desktop\dds.txt
Deleted : C:\Users\paula\Downloads\Addition.txt
Deleted : C:\Users\paula\Downloads\adwcleaner_4.110.exe
Deleted : C:\Users\paula\Downloads\dds.scr
Deleted : C:\Users\paula\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\paula\Downloads\FRST64.exe
Deleted : C:\Users\paula\Downloads\Search.txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #3 [01/31/2015 | 02/04/2015 15:06:08]
Deleted : RP #4 [Windows Update | 02/07/2015 19:33:10]
Deleted : RP #5 [Windows Backup | 02/08/2015 17:39:08]
Deleted : RP #6 [Windows Update | 02/09/2015 00:10:25]
Deleted : RP #7 [Removed Java 7 Update 67 | 02/09/2015 12:03:27]
Deleted : RP #8 [Windows Backup | 02/09/2015 12:03:42]
Deleted : RP #9 [Removed Java 7 Update 67 | 02/09/2015 12:07:40]
Deleted : RP #10 [Removed Java 7 Update 67 | 02/09/2015 12:12:25]
Deleted : RP #11 [Removed Java 7 Update 67 | 02/09/2015 12:16:37]
Deleted : RP #12 [Removed Java 7 Update 67 | 02/09/2015 12:40:08]
Deleted : RP #13 [Windows Update | 02/10/2015 02:05:43]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Computer seems to be back to normal. I am getting a message each time I start up - AirNCFG.exe (located "C:\Programfiles (x86) D-Link-140 revB\ARNCFG.exe. asking me if I want to allow changes to my computer. I have not allowed it so far - should I? Just want to make sure it is not a potential problem.
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Gary R » February 10th, 2015, 10:24 am

AirNCFG.exe appears to be a legit process connected to your D-Link router ...

http://www.file.net/process/airncfg.exe.html
http://www.processlibrary.com/en/direct ... fg/421370/
http://www.shouldiblockit.com/airncfg.exe-18953.aspx

... I can't see any good reason not to allow it to make changes.

If you have problems once you've allowed it, then please get back to me, and let me know what they are, but I don't expect you will.

Other than that I think we're finished, and if I don't hear back from you within a couple of days, I'll assume you're OK and close this topic.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: endless popups

Unread postby Honeybee » February 10th, 2015, 10:36 am

Thank you so VERY much!!!!!!!!!!!!!!!
Honeybee
Regular Member
 
Posts: 16
Joined: February 7th, 2015, 4:20 pm

Re: endless popups

Unread postby Gary R » February 10th, 2015, 10:39 am

You're welcome. :)

Keep safe.

Gary
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: endless popups

Unread postby Gary R » February 15th, 2015, 2:13 am

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware