Jump to content

daggma1107

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by daggma1107

  1. Have tried malwarebytes to remove cleanserp, still coming back as on the computer, these are the Farbar logs Addition.txt FRST.txt
  2. The free version found it and quarantined it, but wouldn't delete it. When I tried, it said I had to "upgrade to premium" to actually delete it. So against my better judgement, I purchased the upgrade. Once I did, and I installed the full version, it no longer found the virus. Now, it finds the same "threats" on a daily basis (29 of them), and still no detection of cleanserp. Here is a copy of the log for both malwarebytes and adwcleaner. I also tried providing a screen shot of my startup page so you can see the address bar that now shows up instead of my usual google pages. I can't paste the copy of the screenshot. In my address bar this comes up: https://secure-surf.net/ Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/26/17 Scan Time: 7:51 PM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.141 Update Package Version: 1.0.2237 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: DAWN\Dawn -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 381100 Threats Detected: 32 Threats Quarantined: 32 Time Elapsed: 5 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.SpyHunter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SpyHunter, Quarantined, [944], [345850],1.0.2237 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 5 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\_metadata, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\assets, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\images, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\USERS\DAWN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PPHNMCJOLBJLAHHDEGNBNBHJBGNLCEID, Quarantined, [9234], [402906],1.0.2237 File: 26 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\assets\mithril.min.js, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\assets\moment.min.js, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\assets\reset.min.css, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\assets\sortable.min.js, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\assets\style.css, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\images\logo.svg, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\images\remove.svg, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\images\untabs_browser-icon-128px.png, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\images\untabs_browser-icon-16px.png, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\images\untabs_browser-icon-32px.png, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\images\untabs_ext-icon-128px.png, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\images\untabs_ext-icon-16px.png, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\images\untabs_ext-icon-256px.png, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\images\untabs_ext-icon-32px.png, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\images\untabs_ext-icon-48px.png, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\images\untabs_ext-icon-96px.png, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\_metadata\computed_hashes.json, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\_metadata\verified_contents.json, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\manifest.json, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\popup.html, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\popup.js, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\untabs-ui.js, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\untabs.html, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.unTabs, C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pphnmcjolbjlahhdegnbnbhjbgnlceid\0.9.4_1\untabs.js, Quarantined, [9234], [402906],1.0.2237 PUP.Optional.SpyHunter, C:\USERS\DAWN\APPDATA\ROAMING\ENIGMA SOFTWARE GROUP\SH_INSTALLER.EXE, Quarantined, [944], [345850],1.0.2237 PUP.Optional.SpyHunter, C:\USERS\DAWN\DESKTOP\SPYHUNTER-INSTALLER.EXE, Quarantined, [944], [345850],1.0.2237 Physical Sector: 0 (No malicious items detected) (end) This is the same every day for the last 4 days. In frustration, I tried spyhunter, which also detected cleanserp, and wanted me to pay to remove it, just like malwarebytes. It was recommended that I use malewarebytes instead, so I uninstalled spyhunter and stuck with the paid version of malwarebytes. I also tried using the adwcleaner that is part of malwarebytes. It did not remove cleanserp either. Here is a copy of adwcleaner log: # AdwCleaner v6.047 - Logfile created 26/06/2017 at 20:11:25 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-06-26.1 [Server] # Operating System : Windows 10 Home (X64) # Username : Dawn - DAWN # Running from : C:\Users\Dawn\Desktop\adwcleaner_6.047.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: CouponPrinterService Service Found: couponprinterservice ***** [ Folders ] ***** Folder Found: C:\Users\Dawn\AppData\Roaming\Enigma Software Group Folder Found: C:\Program Files\Enigma Software Group Folder Found: C:\sh4ldr Folder Found: C:\ProgramData\apn Folder Found: C:\ProgramData\Trymedia Folder Found: C:\ProgramData\Application Data\apn Folder Found: C:\ProgramData\Application Data\Trymedia Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons Folder Found: C:\Program Files (x86)\Coupons Folder Found: C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pphnmcjolbjlahhdegnbnbhjbgnlceid ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxps://launchpage.org/?uid=oTlCGGjMgxocXWGzMf4B590V%2F9qpTrFZc4fGn1E%2B5pZ0aM%2F3h8ZA1Q2Dclc4z2IsPyo%3D ) Shortcut infected: C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxps://launchpage.org/?uid=oTlCGGjMgxocXWGzMf4B590V%2F9qpTrFZc4fGn1E%2B5pZ0aM%2F3h8ZA1Q2Dclc4z2 Shortcut infected: C:\Users\Dawn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxps://launchpage.org/?uid=oTlCGGjMgxocXWGzMf4B590V%2F9qpTrFZc4fGn1E%2B5pZ0aM%2F3h8ZA1Q2D ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} Key Found: HKLM\SOFTWARE\Trymedia Systems Key Found: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup Key Found: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vosteran.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vosteran.com Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [ApnTBMon] ***** [ Web browsers ] ***** No malicious Firefox based browser items found. Chrome pref Found: [C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com Chrome pref Found: [C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com Chrome pref Found: [C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - cigiagpbkapepgklncnajbakkpkopmam Chrome pref Found: [C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - majjphhgppkndjjkmhhnbgafooenebhd Chrome pref Found: [C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pphnmcjolbjlahhdegnbnbhjbgnlceid Chrome pref Found: [C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://search.conduit.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M581E26EB-97CD-4193-9A71-63CD013A5EE7&Searc [!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!] ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [3878 Bytes] - [26/06/2017 20:11:25] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3951 Bytes] ########## This virus has attached itself to Internet Explorer, which I haven't used on this device in years.
  3. I purchased the premium version of malware so I could remove a virus called cleanserp. It takes over google and becomes the default search engine that redirects you to outside sources. When I searched on how to remove it, malwarebytes came up as the tool to use. I downloaded the free trial, and it found the virus.. however, I couldn't remove it without paying the premium membership. Now that I have done that and updated the software, it is no longer finding cleanserp to quarantine or remove. It's still on my computer and it's hiding. Why would the trial version find it and the premium version not? How can I get rid of it if the software won't recognize it? This is bogus and I'm really pissed that I just paid $40 and got nothing for it. I want cleanserp off my machine. It came as a rider that attached itself to another download and set itself up as my google default search engine. I can't remove it, disable it, uninstall it, or make any other search engine my default. It has added another extension "unTabs" to my address bar and I can't get rid of that one either. I need help or a refund so I can get a program that actually works.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.