Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirecting to iLivid and other websites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Redirecting to iLivid and other websites

Unread postby goalie79 » March 25th, 2015, 5:54 pm

Replied in detail within private message. Thanks!
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am
Advertisement
Register to Remove

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » March 26th, 2015, 1:18 pm

Hello goalie79,

Thank you for your detailed PM - I see your points and I got info I requested.
Let continue our treatment... :)

We are going to re-install your Google Chrome browser. How to do it? Please see steps below...

Step 1.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value in blue, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Step 2.
Backup Your Google Chrome Bookmarks
  1. Please go to this article and read it.
  2. If you have Google Account and familiar with it, please sync your Bookmarks to Google. Otherwise - do it manually by Option 2.

Step 3.
Remove Programs
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Google Chrome
    Google Update Helper
  4. Take extra care in answering questions posed by any Uninstaller.
    Note:
    If you're asked if you would like to keep any personalized settings or folders, say NO! <- IMPORTANT!
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Now make sure that the folders from Chrome are deleted!!!, otherwise - delete the below if they exist:
    • C:\Users\Dawn\AppData\Local\Google
    • C:\Program Files (x86)\Google
  7. Reboot (restart) your computer.

Step 4.
Download and reinstall Google Chrome
  1. Please download and reinstall Google Chrome from Here
  2. After installation will be completed successfully, please set the Google Chrome as your default browser and rebuild you Bookmarks were backup-ed or synced in the Step 2 by using the import option of the Bookmarks menu or automatically in case of sign to Google Account.

Then:
Please examine the newly installed Google Chrome for redirection and let me know results...

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Redirecting to iLivid - question b4 startting

Unread postby goalie79 » March 26th, 2015, 6:09 pm

If we are going to uninstall and reinstall browsers...should we consider both Firefox AND Chrome at the same time, then scan to see if anything is lingering?
- With the most recent intervention, the redirects now appear to go to mulitple different places instead of just the few. The ilivid redirect seems to be gone, but we still see them to primarily youradexchange.com.
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » March 26th, 2015, 6:35 pm

Hello goalie79,

If we are going to uninstall and reinstall browsers...should we consider both Firefox AND Chrome at the same time, then scan to see if anything is lingering?
I was going to ask you to reinstall the Google Chrome only - see my steps above.

Do you have redirections under Firefox too?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Redirecting to iLivid -ChromeReinstall

Unread postby goalie79 » March 27th, 2015, 12:35 am

All steps completed successfully for the uninstall, reinstall and bookmark import.
- no redirects at this time.
- I used firefox to send this reply, no redirects observed here.
- will monitor for redirects in Chrome over weekend.
Thanks!
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby goalie79 » March 27th, 2015, 10:20 am

No redirects in Chrome this am, but Firefox had a restart message popup. No other symptoms as of yet.
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » March 27th, 2015, 10:38 am

Hello goalie79,

All steps completed successfully for the uninstall, reinstall and bookmark import.
- no redirects at this time.
- I used firefox to send this reply, no redirects observed here.
Nice to read it! :D

Please run one more scan:

ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the ESETScan.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Redirecting to iLivid and other websites

Unread postby goalie79 » March 30th, 2015, 8:56 am

was out of town on wkend. Running scan now and will provide results. Thanks!
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby goalie79 » March 30th, 2015, 10:41 pm

E:\Dawn\2014\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
E:\Dawn\2014\Firefox 27.0.1 (en-US) - 2014-03-26.pcv a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
E:\Dawn\2014\Firefox 27.0.1 (en-US) - 2014-03-28.pcv a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
E:\Dawn\2014\Firefox 28.0 (en-US) - 2014-04-04.pcv a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
E:\Dawn\2014\Downloads\ColoringSetup.exe Win32/Toolbar.Inbox.D potentially unwanted application
E:\Dawn\2015\conversion\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Dawn\2015\download\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Dawn\2015\download\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Jeff\PremiereCS6\Adobe.Premiere.Pro.CS6.v6.0.1.014.Multilingual.mundomanuales.com\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application
E:\Jeff\SchoolWorkLocal\DTLite4481-0347.exe Win32/DownWare.L potentially unwanted application
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » March 30th, 2015, 10:51 pm

Hello goalie79,

Step 1.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 2.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

E:\Dawn\2014\APNSetup.exe
E:\Dawn\2014\Downloads\ColoringSetup.exe
E:\Jeff\PremiereCS6\Adobe.Premiere.Pro.CS6.v6.0.1.014.Multilingual.mundomanuales.com\disable_activation.cmd
E:\Jeff\SchoolWorkLocal\DTLite4481-0347.exe


Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to -one- of the files in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Please repeat this procedure for each file listed above.
  9. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. The resulting web links after online file scan by Virus Total or Jotti.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Redirecting to iLivid-CKscanner

Unread postby goalie79 » March 31st, 2015, 1:58 pm

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.WFAPPZ
----- EOF -----
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid - virus total

Unread postby goalie79 » March 31st, 2015, 2:13 pm

E:\Dawn\2014\APNSetup.exe
https://www.virustotal.com/en/file/5943 ... 427825178/

E:\Dawn\2014\Downloads\ColoringSetup.exe
https://www.virustotal.com/en/file/8860 ... 427824911/

E:\Jeff\PremiereCS6\Adobe.Premiere.Pro.CS6.v6.0.1.014.Multilingual.mundomanuales.com\disable_activation.cmd
https://www.virustotal.com/en/file/53ff ... 427825329/

E:\Jeff\SchoolWorkLocal\DTLite4481-0347.exe
https://www.virustotal.com/en/file/83e0 ... 427825563/
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » April 1st, 2015, 12:29 am

Hello goalie79,

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Files
    E:\Dawn\2014\APNSetup.exe
    E:\Dawn\2014\Firefox 27.0.1 (en-US)
    E:\Dawn\2014\Firefox 27.0.1 (en-US)
    E:\Dawn\2014\Firefox 28.0 (en-US)
    E:\Dawn\2014\Downloads\ColoringSetup.exe
    E:\Dawn\2015\conversion\ccsetup502.exe
    E:\Dawn\2015\download\ccsetup416.exe
    E:\Dawn\2015\download\ccsetup417.exe
    E:\Jeff\SchoolWorkLocal\DTLite4481-0347.exe
    ipconfig /flushdns /c
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Please close it.

Step 2.
OTL - Run Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 3.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 4.
Hide Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    change search options for files and folders
  5. Click on the View tab, then under the "Hidden files and folders" section
    • UNSELECT "Show hidden files and folders"
    • Place check mark in check box "Hide extensions for known file types"
    • Place check mark in check box "Hide protected operating system files"
  6. Press the Apply, then the OK buttons.

Step 5.
Please download delfix and save it to your desktop.
  1. Right-click on delfix.exe and select "Run as administrator"to run it.
  2. Check the following boxes then click on Run.
    1. Activate UAC
    2. Remove disinfection tools
    3. Create registry backup
    4. Reset system settings
  3. All tools we used to clean your computer should be gone now.
  4. You can now delete any tools/logs we used if they remain on your computer.

Then:
  • Please don't forget to enable and update all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Redirecting to iLivid and other websites- Finis

Unread postby goalie79 » April 2nd, 2015, 9:11 am

All of the above steps were accomplished successfully. Thanks for this service and for staying with the challenge until resolved! You are all a great service! Thanks! Keith
goalie79
Regular Member
 
Posts: 34
Joined: March 22nd, 2015, 10:39 am

Re: Redirecting to iLivid and other websites

Unread postby pgmigg » April 2nd, 2015, 11:07 am

Thanks for this service and for staying with the challenge until resolved! You are all a great service! Thanks!
You are very welcome, Keith! :D

Stay Safe! ;)
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3177
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware