Jump to content

deltalima

Experts
  • Posts

    305
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    UK
  1. Hi luismfv, Welcome to the forum. Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Because of this, I advise you to backup any personal files and folders before you start. Please note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please do not run any scans or make any changes to the system unless I ask you too. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Windows 7 and Vista users The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator. Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program. When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator Remove P2P Programs I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer. Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them. Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. Click on start Then Run In the open text entry box please copy/paste appwiz.cpl Then click enter. Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW. Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program. Download and run OTL Download OTL by Old Timer and save it to your Desktop. Double click on OTL.exe to run it (Right click and choose "Run as administrator" in Vista/Win7). Under Output, ensure that Minimal Output is selected. Under Extra Registry section, select Use SafeList. Click the Scan All Users checkbox. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. OTL.txt <-- Will be opened Extras.txt <-- Will be minimized [*]Please post the contents of these 2 Notepad files in your next reply. Upload a File to Virustotal Please go to Virustotal Copy/paste this file and path into the white box at the top: Press Scan it - this will submit the file for testing. Please wait for all the scanners to finish then copy and paste the results in your next response.
  2. Hi cellochick, Now that you are clean, please follow these steps in order to keep your computer clean and secure. Delete the BlitzBlank icon from your desktop. Clean up with OTL Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CleanUp! button Say Yes to the prompt and then allow the program to reboot your computer. Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Security Updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. Happy surfing and stay clean!
  3. Hi cellochick, Update Adobe Reader You should Download and Install the newest version of Adobe Reader for reading pdf files. Older versions may have vulnerabilities that malware can use to infect your system. Go Here to download and install Adobe Reader X. Note: remember to Uncheck Free McAfee® Security Scan Plus (optional) Update Java Runtime You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 7 Update 45. Download the latest version of Java Runtime Environment (JRE) 7 Here Scroll down to where it says "Java SE 7u45" Click the blue Download JRE button to the right Select the Windows platform from the dropdown menu Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 7 with JavaFX License Agreement". Click on Continue.The page will refresh Click on the link to download Windows Offline Installation & save the file to your desktop Close any programs you may have running - especially your web browser Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java ) in the name Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions Reboot your computer once all Java components are removed Then from your desktop double-click on jre-7u45-windows-i586.exe to install the newest version Now please run a new scan with DDS and paste only the DDS.txt log into your next reply.
  4. Hi cellochick, Run OTL Script Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7). Copy and Paste the following code into the textbox. Do not include the word Code :processeskillallprocesses:otlIE - HKLM\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value foundIE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value found:filesC:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}:commands[EMPTYTEMP][EMPTYFLASH][EMPTYJAVA][RESETHOSTS][REBOOT]Then click the Run Fix button at the top. Click . OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply. Please let me know how the computer is running now.
  5. Hi cellochick, Blitzblank. Download BlitzBlank and save it to your desktop. Open Blitzblank.exe Click OK at the warning (and take note of it, this is a VERY powerful tool!). Click the Script tab and copy/paste the following text there:DeleteFolder:"C:\Program Files (x86)\GorillaPrice""C:\ProgramData\GorillaPrice""C:\Users\All Users\GorillaPrice"Click Execute Now. Your computer will need to reboot in order to replace the files. When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\
  6. Hi cellochick, If it still is hung then please select end script then rerun OTL and use the following code :processeskillallprocesses:otlIE - HKLM\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value foundIE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value found:filesC:\Program Files (x86)\GorillaPriceC:\ProgramData\GorillaPriceC:\Users\All Users\GorillaPriceC:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}:commands[EMPTYTEMP][EMPTYFLASH][EMPTYJAVA][RESETHOSTS][REBOOT] Then click the Run Fix button at the top.
  7. Hi cellochick, It looks like you clicked Scan in OTL. Please run OTL again using the code from my previous post but make sure you click the Run Fix button at the top.
  8. Hi cellochick, Run OTL Script Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7). Copy and Paste the following code into the textbox. Do not include the word Code :Commands[CREATERESTOREPOINT]:processeskillallprocesses:otlIE - HKLM\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value foundIE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value found:filesC:\Program Files (x86)\GorillaPriceC:\ProgramData\GorillaPriceC:\Users\All Users\GorillaPriceC:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}:commands[EMPTYTEMP][EMPTYFLASH][EMPTYJAVA][RESETHOSTS][REBOOT]Then click the Run Fix button at the top. Click . OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply. Now please run a Quick scan with Malwarebytes then post the log in your next reply and let me know how the computer is running now.
  9. Hi cellochick, I agree, let's remove it another way. Download SystemLook 64 bit and save it to your Desktop Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :filefind*GorillaPrice*:folderfind*GorillaPrice*:RegfindGorillaPrice Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt
  10. Hi cellochick, No problem, the OTL log has enough information to show what was removed. Uninstall Program I need you to uninstall some program(s). Click on Start...then... Click the Start Search box on the Start Menu.Copy and paste the value below, into the open text entry box: control appwiz.cplDepending on your current view setting ... Double click on Programs and Features.Under Programs, click on Uninstall a program.Locate the following program(s): GorillaPrice Select the program and click on Uninstall to uninstall it. When finished... Close the Control Panel Run OTL Script Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).Copy and Paste the following code into the textbox. Do not include the word Code :Commands[CREATERESTOREPOINT]:processeskillallprocesses:otlIE - HKLM\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value foundIE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value found:filesC:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}:commands[EMPTYTEMP][EMPTYFLASH][EMPTYJAVA][RESETHOSTS][REBOOT]Then click the Run Fix button at the top.Click .OTL may ask to reboot the machine. Please do so if asked.The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply. Now please run a Quick scan with Malwarebytes then post the log in your next reply and let me know how the computer is running now.
  11. Hi cellochick, Welcome to the forum. Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop. Because of this, I advise you to backup any personal files and folders before you start. Please note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. Please do not run any scans or make any changes to the system unless I ask you too. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic. Windows 7 and Vista users The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator. Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program. When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator Please Uninstall GorillaPrice Please download Junkware Removal Tool and save it to your desktop. Shut down your protection software as shown in This topic now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Please post the contents of JRT.txt into your next reply. Download and run OTL Download OTL by Old Timer and save it to your Desktop. Double click on OTL.exe to run it (Right click and choose "Run as administrator" in Vista/Win7). Under Output, ensure that Minimal Output is selected. Under Extra Registry section, select Use SafeList. Click the Scan All Users checkbox. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. OTL.txt <-- Will be opened Extras.txt <-- Will be minimized [*]Please post the contents of these 2 Notepad files in your next reply.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.