Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browsers being hijacked and popups galore

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browsers being hijacked and popups galore

Unread postby Kenannee » December 8th, 2014, 9:27 am

First Scan Results: FRST Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02
Ran by ksa at 2014-12-08 08:19:21 Run:1
Running from C:\Users\ksa\Desktop
Loaded Profiles: ksa & QBDataServiceUser24 & QBDataServiceUser25 (Available profiles: ksa & QBDataServiceUser24 & QBDataServiceUser25)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
URLSearchHook: HKU\S-1-5-21-3471586700-3200612355-1300292554-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Toolbar: HKU\S-1-5-21-3471586700-3200612355-1300292554-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - No File
Tcpip\..\Interfaces\{E49CA6C1-70C6-4278-8802-F734A9BC85AC}: [NameServer] 31.168.224.106,5.135.12.52
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-3471586700-3200612355-1300292554-1000: @spoon.net/Spoon Plugin 3.32 -> C:\Users\ksa\AppData\Local\Spoon\3.32.4.17\npMozillaSpoonPlugin.dll No File
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found]
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=MC132A86C-AD78-4EDB-8464-576CC4E5087F&SearchSource=55&CUI=&UM=5&UP=SP50BA7093-FB0F-402C-B109-06FD3EBCE50F&SSPV=", "", "hxxp://start.mysearchdial.com/?f=1&a=suma_14_12_ch&cd=2XzuyEtN2Y1L1QzutCzztDtAyBtA0ByCzz0D0Bzz0C0ByEtDtN0D0Tzu0SzztCtDtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0EzzzzzytCyEyDtGyD0BzzyDtGzy0DyDyCtGyB0DtBzytGyEzz0AyB0BzztAtAzz0F0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0D0BtCyD0FtCyCtG0DyEyC0CtGyEtBzz0AtG0E0DtB0EtGtBtByDtCtDtAyByEyC0AtD0A2Q&cr=2026194831&ir=", "hxxp://www.msn.com/", "hxxp://Vosteran.com/?f=7&a=vst_dnldstr_14_49_ch_na01_mi01&cd=2XzuyEtN2Y1L1QzutCzztDtAyBtA0ByCzz0D0Bzz0C0ByEtDtN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtCyCtAtC0FyCtDtGtCyEyDtAtGyEyCtBtCtGyCyCtB0EtGyCtD0C0EzztCyDyCyE0A0E0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EtAzztC0A0AyCtG0BtD0CyBtGyEyByDtCtGzyyEtBtCtGyEtByB0ByDyEtD0DyCtBtDyB2Q&cr=1501281201&ir=", "hxxp://Vosteran.com/?f=7&a=vst_coinis_14_49_other_na01_mi01&cd=2XzuyEtN2Y1L1QzutCzztDtAyBtA0ByCzz0D0Bzz0C0ByEtDtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtCyBtDtC0Azz0BtGzytBzztDtG0A0A0BtDtGyD0F0EtAtGyCyE0B0C0B0CtCzy0FtB0Fzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0EtAzztC0A0AyCtG0BtD0CyBtGyEyByDtCtGzyyEtBtCtGyEtByB0ByDyEtD0DyCtBtDyB2Q&cr=1129609138&ir="
CHR HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ksa\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-03-29]
CHR HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 KromtechAccountService; "C:\Program Files\Kromtech\Common\AccountService.exe" [X]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
2014-12-04 17:31 - 2014-12-05 20:39 - 00000000 ____D () C:\Users\ksa\Documents\Ad-Aware
2014-12-04 14:33 - 2014-12-04 14:33 - 00004616 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-04 14:33 - 2014-12-04 14:33 - 00002448 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-04 14:33 - 2014-12-04 14:33 - 00002448 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-04 14:33 - 2014-12-04 14:33 - 00000000 ____D () C:\Users\ksa\AppData\Roaming\LavasoftStatistics
2014-12-04 14:33 - 2014-11-27 10:44 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-04 14:33 - 2014-11-27 10:44 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-02 14:51 - 2014-12-02 14:51 - 00002978 _____ () C:\Windows\System32\Tasks\{0790C947-D178-40EF-BB7F-92335EC5F734}
2014-11-30 15:37 - 2014-12-07 20:11 - 00001326 _____ () C:\Windows\Tasks\KIZO.job
2014-11-30 15:37 - 2014-11-30 15:37 - 00004344 _____ () C:\Windows\System32\Tasks\KIZO
2014-11-29 16:14 - 2014-12-07 20:11 - 00001322 _____ () C:\Windows\Tasks\ZG.job
2014-11-29 16:14 - 2014-11-29 16:14 - 00004340 _____ () C:\Windows\System32\Tasks\ZG
2014-11-26 05:58 - 2014-11-26 05:58 - 00002964 _____ () C:\Windows\System32\Tasks\{884B4890-C5B4-4B57-86E2-05F29758A603}
2014-11-26 05:58 - 2014-11-26 05:58 - 00002964 _____ () C:\Windows\System32\Tasks\{7B7570C7-75D6-40CC-87CE-6259661E4CAC}
C:\Users\ksa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpivxxvm.dll
Task: {054CE56F-0EC4-4084-B159-EAA719437A5E} - System32\Tasks\KIZO => C:\Users\ksa\AppData\Roaming\KIZO.exe <==== ATTENTION
Task: {057E8245-C861-4DD4-8A5B-3B4C9A5DF701} - System32\Tasks\ZG => C:\Users\ksa\AppData\Roaming\ZG.exe <==== ATTENTION
Task: C:\Windows\Tasks\KIZO.job => C:\Users\ksa\AppData\Roaming\KIZO.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZG.job => C:\Users\ksa\AppData\Roaming\ZG.exe <==== ATTENTION

EmptyTemp:
CMD: ipconfig /flushdns
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value deleted successfully.
HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
"HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key not found.
HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
"HKCR\PROTOCOLS\Handler\intu-help-qb5" => Key deleted successfully.
"HKCR\CLSID\{867FCB77-9823-4cd6-8210-D85F968D466F}" => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E49CA6C1-70C6-4278-8802-F734A9BC85AC}\\NameServer => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32" => Key deleted successfully.
C:\Users\ksa\AppData\Local\Spoon\3.32.4.17\npMozillaSpoonPlugin.dll not found.
FF Extension: No Name - web2pdfextension@web2pdf.adobedotcom [Not Found] not found.
Chrome StartupUrls deleted successfully.
"HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
C:\Users\ksa\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx => Moved successfully.
"HKU\S-1-5-21-3471586700-3200612355-1300292554-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
51cdb72 => Service deleted successfully.
KromtechAccountService => Service deleted successfully.
OutfoxTvService => Service deleted successfully.
SBRE => Service deleted successfully.
C:\Users\ksa\Documents\Ad-Aware => Moved successfully.
C:\Windows\SysWOW64\LavasoftTcpService.ini => Moved successfully.
C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini => Moved successfully.
C:\Windows\system32\LavasoftTcpServiceOff.ini => Moved successfully.
C:\Users\ksa\AppData\Roaming\LavasoftStatistics => Moved successfully.
C:\Windows\system32\LavasoftTcpService64.dll => Moved successfully.
C:\Windows\SysWOW64\LavasoftTcpService.dll => Moved successfully.
C:\Windows\System32\Tasks\{0790C947-D178-40EF-BB7F-92335EC5F734} => Moved successfully.
C:\Windows\Tasks\KIZO.job => Moved successfully.
C:\Windows\System32\Tasks\KIZO => Moved successfully.
C:\Windows\Tasks\ZG.job => Moved successfully.
C:\Windows\System32\Tasks\ZG => Moved successfully.
C:\Windows\System32\Tasks\{884B4890-C5B4-4B57-86E2-05F29758A603} => Moved successfully.
C:\Windows\System32\Tasks\{7B7570C7-75D6-40CC-87CE-6259661E4CAC} => Moved successfully.
"C:\Users\ksa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpivxxvm.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{054CE56F-0EC4-4084-B159-EAA719437A5E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{054CE56F-0EC4-4084-B159-EAA719437A5E}" => Key deleted successfully.
C:\Windows\System32\Tasks\KIZO not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KIZO" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{057E8245-C861-4DD4-8A5B-3B4C9A5DF701}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{057E8245-C861-4DD4-8A5B-3B4C9A5DF701}" => Key deleted successfully.
C:\Windows\System32\Tasks\ZG not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZG" => Key deleted successfully.
C:\Windows\Tasks\KIZO.job not found.
C:\Windows\Tasks\ZG.job not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 36.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Kenannee
Regular Member
 
Posts: 21
Joined: December 4th, 2014, 11:01 pm
Advertisement
Register to Remove

Re: Browsers being hijacked and popups galore

Unread postby Kenannee » December 8th, 2014, 9:40 am

# AdwCleaner v4.104 - Report created 08/12/2014 at 08:36:09
# Updated 05/12/2014 by Xplode
# Database : 2014-12-08.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : ksa - KSA-PC
# Running from : C:\Users\ksa\Desktop\adwcleaner_4.104.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v39.0.2171.71


*************************

AdwCleaner[R0].txt - [7993 octets] - [04/12/2014 21:11:23]
AdwCleaner[R1].txt - [8053 octets] - [04/12/2014 21:39:23]
AdwCleaner[R2].txt - [1026 octets] - [04/12/2014 21:47:47]
AdwCleaner[R3].txt - [1435 octets] - [05/12/2014 15:22:10]
AdwCleaner[R4].txt - [1268 octets] - [05/12/2014 20:08:02]
AdwCleaner[R5].txt - [1388 octets] - [08/12/2014 08:34:25]
AdwCleaner[S0].txt - [8022 octets] - [04/12/2014 21:40:41]
AdwCleaner[S1].txt - [1090 octets] - [04/12/2014 21:51:41]
AdwCleaner[S2].txt - [1502 octets] - [05/12/2014 16:36:35]
AdwCleaner[S3].txt - [1332 octets] - [05/12/2014 20:25:55]
AdwCleaner[S4].txt - [1311 octets] - [08/12/2014 08:36:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1371 octets] ##########
Kenannee
Regular Member
 
Posts: 21
Joined: December 4th, 2014, 11:01 pm

Re: Browsers being hijacked and popups galore

Unread postby Kenannee » December 8th, 2014, 9:50 am

Cypher,

Computer performance report: I have gone into all 3 browsers and am not currently seeing evidence of hijacking or rerouting. I am not seeing anything but appropriate "pathway banners or addresses" at the borrom lower left of the browser screens when I put my mouse pointer over a website link. (My phraseology!) I am hopeful!
Kenannee
Regular Member
 
Posts: 21
Joined: December 4th, 2014, 11:01 pm

Re: Browsers being hijacked and popups galore

Unread postby Cypher » December 8th, 2014, 10:32 am

Hi,
Kenannee wrote:Computer performance report: I have gone into all 3 browsers and am not currently seeing evidence of hijacking or rerouting. I am not seeing anything but appropriate "pathway banners or addresses" at the borrom lower left of the browser screens when I put my mouse pointer over a website link. (My phraseology!) I am hopeful!

Excellent :thumbleft:
I would like you to run another scan for me, this will check for anything the other scans might have missed.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browsers being hijacked and popups galore

Unread postby Kenannee » December 8th, 2014, 11:27 am

Hi - just fyi - I need to run this later today....
Kenannee
Regular Member
 
Posts: 21
Joined: December 4th, 2014, 11:01 pm

Re: Browsers being hijacked and popups galore

Unread postby Cypher » December 8th, 2014, 1:36 pm

Kenannee wrote:Hi - just fyi - I need to run this later today....

No problem.
That scan can take quite a while to run so just post the log when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browsers being hijacked and popups galore

Unread postby Kenannee » December 8th, 2014, 11:58 pm

ESET LOG:
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\Users\ksa\AppData\Local\Downloaded Installations\{B73C48EC-B96A-4B38-8EAD-7B1BBA358A97}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\ksa\Downloads\FLVPlayer-Chrome.exe NSIS/TrojanDownloader.Adload.AA trojan
C:\zoek_backup\C_Users_ksa_AppData_Roaming_SIRMWGPK.vir JS/Toolbar.Crossrider.C potentially unwanted application
C:\zoek_backup\C_Users_ksa_AppData_Roaming_XCBN.vir JS/Toolbar.Crossrider.C potentially unwanted application
H:\Kathryn's Documents\Katie Professional\Japan Audit Work\Install_AIM.exe Win32/Adware.WBug.A application
H:\KSA-PC\Backup Set 2014-10-19 204458\Backup Files 2014-10-19 204458\Backup files 35.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
H:\KSA-PC\Backup Set 2014-10-19 204458\Backup Files 2014-10-19 204458\Backup files 42.zip Win32/Bundled.Toolbar.Google.D potentially unsafe application
H:\KSA-PC\Backup Set 2014-10-19 204458\Backup Files 2014-10-19 204458\Backup files 44.zip multiple threats
H:\KSA-PC\Backup Set 2014-10-19 204458\Backup Files 2014-11-10 092438\Backup files 14.zip a variant of Win32/Toolbar.Widgi.G potentially unwanted application
H:\KSA-PC\Backup Set 2014-12-07 133950\Backup Files 2014-12-07 133950\Backup files 14.zip JS/Toolbar.Crossrider.C potentially unwanted application
H:\KSA-PC\Backup Set 2014-12-07 133950\Backup Files 2014-12-07 133950\Backup files 39.zip a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
H:\KSA-PC\Backup Set 2014-12-07 133950\Backup Files 2014-12-07 165000\Backup files 2.zip Win32/OutBrowse.BK potentially unwanted application
Kenannee
Regular Member
 
Posts: 21
Joined: December 4th, 2014, 11:01 pm

Re: Browsers being hijacked and popups galore

Unread postby Cypher » December 9th, 2014, 7:07 am

Hi,
Delete this from your downloads folder.
C:\Users\ksa\Downloads\FLVPlayer-Chrome.exe

Can you give me an update on how the computer is running, any problems before i give you final instructions ?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browsers being hijacked and popups galore

Unread postby Kenannee » December 9th, 2014, 12:31 pm

Cypher - Everything is looking good as far as I can tell. I have been in all 3 browsers and am not noticing any funny business. I have deleted the above file from my downloads folder.
Kenannee
Regular Member
 
Posts: 21
Joined: December 4th, 2014, 11:01 pm

Re: Browsers being hijacked and popups galore

Unread postby Cypher » December 9th, 2014, 12:43 pm

Hi,
Everything is looking good as far as I can tell. I have been in all 3 browsers and am not noticing any funny business. I have deleted the above file from my downloads folder.

Good work :)
Your latest logs appear to be clean so you should be good to go.
Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

We removed an outdated version of Java, if you use it you can reinstall the latest version.

Java SE Runtime Environment (JRE).

Please download from HERE

  • Find Java SE 8u25.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browsers being hijacked and popups galore

Unread postby Kenannee » December 9th, 2014, 7:43 pm

Cypher,
I can't thank you enough for your help and guidance through this. I've worked on the computer most of the day and have not encountered any problems! I do want to ask you about your comment regarding "connected to a computer in Israel". Was this likely my relative's laptop that was connected to our wireless when he was in the country?
I have not read the article on computer safety yet, but I will surely do so.
What about the threats that showed up in the final scan which were toolbars and such. Any concern about these?

Thank you again for your time and expertise!
In much gratitude,
Kenannee
Kenannee
Regular Member
 
Posts: 21
Joined: December 4th, 2014, 11:01 pm

Re: Browsers being hijacked and popups galore

Unread postby Cypher » December 10th, 2014, 7:08 am

Hi,
Thank you again for your time and expertise!

No problem, it's my pleasure :)
What about the threats that showed up in the final scan which were toolbars and such. Any concern about these?

Most of what the scan found were items that have already been Quarantined by the tools we ran, the cleanup will deal with those.
The other items are in the backup files you created, you can delete that backup now but they are nothing of real concern.
I do want to ask you about your comment regarding "connected to a computer in Israel". Was this likely my relative's laptop that was connected to our wireless when he was in the country?

That's the most likely case, did your relatives use this computer when they visited?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browsers being hijacked and popups galore

Unread postby Kenannee » December 11th, 2014, 10:56 am

Yes, my relatives used their laptop (which is now with them back in Israel) to log into our wireless network while they were in America last summer. I gave them our passwords to do so.
I have read your computer security - a short guide. I'm confused by what P2P is - this is not something like dropbox, is it?
Kenannee
Regular Member
 
Posts: 21
Joined: December 4th, 2014, 11:01 pm

Re: Browsers being hijacked and popups galore

Unread postby Cypher » December 11th, 2014, 12:16 pm

Hi,
I'm confused by what P2P is - this is not something like dropbox, is it?

No dropbox is not what the guide is referring to, it is referring to P2P (peer to peer) file sharing programs.
Programs such as BitTorrent, uTorrent, Vuze and so on.

Any other questions.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Browsers being hijacked and popups galore

Unread postby Kenannee » December 11th, 2014, 1:05 pm

No, not now. But thank you again!
Kenannee
Regular Member
 
Posts: 21
Joined: December 4th, 2014, 11:01 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 116 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware