Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problems with ads virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problems with ads virus

Unread postby Joshua18 » February 18th, 2015, 7:37 pm

hallo, my name is Joshua and i have a problem with unideals ads virus
i have tried to see how to erase it from the questions in this forum, and i am already successfull in preventing the ads to appear again
however everytime i scan with adwcleaner i always see this log (attached)

i wonder if it's a problem or not because i think that somehow my computer is still infected. i dont know about this, but i think it's also the cause of my high PING when i play online games(??), for example dota2, is it true??

i have searched all over the internet but i cant remove these registry files completely
please help thanksssss

if i need to run other programs pls just tell me, thanks
You do not have the required permissions to view the files attached to this post.
Joshua18
Active Member
 
Posts: 8
Joined: February 18th, 2015, 7:26 pm
Advertisement
Register to Remove

Re: Problems with ads virus

Unread postby Gary R » February 19th, 2015, 2:32 am

Hi Joshua,

It's not entirely clear that the two registry keys that ADWCleaner finds are of themselves problematic, so before we waste a lot of time trying to remove something that may be harmless, I think we need to have a look at them, and see exactly what it is that they contain, and therefore what they might be doing.

Please download SystemLook from one of the links below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: (don't include Code: Select all)
Code: Select all
:reg
HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems with ads virus

Unread postby Joshua18 » February 19th, 2015, 11:36 am

Hello Gary,
thanks to be wanting to help me...
and soo i have run the program and this is the result(attached)
You do not have the required permissions to view the files attached to this post.
Joshua18
Active Member
 
Posts: 8
Joined: February 18th, 2015, 7:26 pm

Re: Problems with ads virus

Unread postby Gary R » February 19th, 2015, 12:33 pm

According to SystemLook the two keys are not present on your computer, so it's curious that ADWCleaner is finding them.

Lets check that it's not a problem with SystemLook by trying another tool.

  • Download FRST to your Desktop. (for 32 bit systems)
  • Download FRST64 to your Desktop. (for 64 bit systems)

  • Double click Frst.exe to launch it. (or Frst64.exe if you have a 64 bit system)
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    12A61307-94CD-4F8E-94BC-918E511FAA81;12DA0E6F-5543-440C-BAA2-28BF01070AFA

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems with ads virus

Unread postby Joshua18 » February 19th, 2015, 2:24 pm

hmm okay i have done it and the results are as attached....
You do not have the required permissions to view the files attached to this post.
Joshua18
Active Member
 
Posts: 8
Joined: February 18th, 2015, 7:26 pm

Re: Problems with ads virus

Unread postby Gary R » February 19th, 2015, 7:13 pm

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12A61307-94CD-4F8E-94BC-918E511FAA81}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}]
[-HKEY_USERS\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}]
EmptyTemp:
Hosts:
Cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems with ads virus

Unread postby Joshua18 » February 20th, 2015, 8:14 am

okay i have done as you said and i have attached the fixlog here...
You do not have the required permissions to view the files attached to this post.
Joshua18
Active Member
 
Posts: 8
Joined: February 18th, 2015, 7:26 pm

Re: Problems with ads virus

Unread postby Gary R » February 20th, 2015, 1:36 pm

FRST looks to have deleted the keys successfully, so please try running ADWCleaner again, and see if it is still detecting them.

Let me know if it does.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems with ads virus

Unread postby Joshua18 » February 20th, 2015, 7:20 pm

okay i have checked it with adwcleaner once again, however i still find it there.... i have attached the log here...
now i am so curious, what are these 2 registries actually and are they dangerous?
ahaha thanks by the way for giving your time...
You do not have the required permissions to view the files attached to this post.
Joshua18
Active Member
 
Posts: 8
Joined: February 18th, 2015, 7:26 pm

Re: Problems with ads virus

Unread postby Gary R » February 20th, 2015, 8:27 pm

The problem we have here, is that different tools are showing different results.

ADWCleaner shows that the following registry keys are present ...

HKEY_LOCAL_MACHINE\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
HKEY_LOCAL_MACHINE\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

... which on a 64 bit system indicate keys controlling a 64 bit process.

FRST and SystemLook said that they weren't present and FRST said instead that the following were present ...

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12A61307-94CD-4F8E-94BC-918E511FAA81}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
HKEY_USERS\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

... which on a 64 bit system indicate keys controlling a 32 bit process.


I need to find out which I can trust, so I'd like if I can to have 2 scans that tell me the same thing.

Can you run another search with me using FRST, using the instructions in my earlier post ... viewtopic.php?p=641088#p641088

Can you also run a new search for me using SystemLook, using the directions below ...

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: (don't include Code: Select all)
Code: Select all
:regfind
12A61307-94CD-4F8E-94BC-918E511FAA81
12DA0E6F-5543-440C-BAA2-28BF01070AFA

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems with ads virus

Unread postby Joshua18 » February 21st, 2015, 11:14 am

sp i have done the search and here are the logs you need...
You do not have the required permissions to view the files attached to this post.
Joshua18
Active Member
 
Posts: 8
Joined: February 18th, 2015, 7:26 pm

Re: Problems with ads virus

Unread postby Gary R » February 21st, 2015, 2:11 pm

The SystemLook log looks like you've done a Reg export, like the one I asked you to do in ... viewtopic.php?p=641075#p641075 ... rather than the Search that I asked you to do in ... viewtopic.php?p=641155#p641155

If you'd run the scan as I directed, and it had not found anything, it would have produced a log like the one below ...

SystemLook 04.09.10 by jpshortstuff
Log created at 23:04 on 21/02/2015 by USER
Administrator - Elevation successful

========== regfind ==========

Searching for "12A61307-94CD-4F8E-94BC-918E511FAA81"
No data found.

Searching for "12DA0E6F-5543-440C-BAA2-28BF01070AFA"
No data found.

-= EOF =-


as opposed to the one you posted ...

SystemLook 04.09.10 by jpshortstuff
Log created at 23:04 on 21/02/2015 by USER
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}]
(Unable to open key - key not found)

-= EOF =-


So, can you please run the search that I asked you to run, so that I can see what Systemlook actually finds ... viewtopic.php?p=641155#p641155
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems with ads virus

Unread postby Joshua18 » February 21st, 2015, 2:35 pm

aw, im so sorry, i think i see the wrong part of the post...
okay i have run it and yah.. it actually finds something..
never know that it can be this different..
You do not have the required permissions to view the files attached to this post.
Joshua18
Active Member
 
Posts: 8
Joined: February 18th, 2015, 7:26 pm

Re: Problems with ads virus

Unread postby Gary R » February 21st, 2015, 6:24 pm

No problem, it's kind of confusing performing a lot of scans which are very similar, it's easy to make mistakes. But stick with it, I think we're getting there.

OK, so FRST and SystemLook are pretty much finding the same things when they do a Registry Search, so what we now want to see is what those keys actually contain (which is what we tried to do earlier on, but we used the data supplied by ADWCleaner, which it appears is incorrect).

So, one more scan to run with SystemLook .....

This time we're getting a Registry export of the keys scripted, so we can see if they're actually worth removing or not.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:Reg
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12A61307-94CD-4F8E-94BC-918E511FAA81} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} /s
HKEY_USERS\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} /s
HKEY_USERS\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} /s

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Problems with ads virus

Unread postby Joshua18 » February 21st, 2015, 8:39 pm

okay i do it, this time the scan takes no time at all to finish tough
so here is the log
You do not have the required permissions to view the files attached to this post.
Joshua18
Active Member
 
Posts: 8
Joined: February 18th, 2015, 7:26 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 126 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware