Jump to content

Infected with Adware.Zugo virus & SAS cannot remove it

ShanG

By ShanG
in Resolved Malware Removal Logs

 Share

Recommended Posts

ShanG

ShanG

Posted
Posted

Two days ago I did a complete scan of my Win7 PC. I have Adaware, CCleaner, Avast, RegSeeker, Malwarebytes & SAS. All ran and came up clean except SAS. It said I have a Adware.Zugo virus/malware. I clicked to remove it, rebooted, ran the scan again just to be sure & the virus is still there. I have run SAS at least 8 times and each time it finds the Adware.Zugo virus and removes it but it keeps coming back. I Googled and found this has something to do with the Bing Bar but I have never installed that on my browsers. I used FF & Chrome most of the time and ocassionally Safari. I have to have IE on my PC for the updates from HP & Microsoft.

There were also a couple of other viruses/trojans found ONLY by SAS but the were successfully removed:

Adware.Zugo

(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}

(x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9D425283-D487-4337-BAB6-AB8354A81457}

(x86) HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}

(x86) HKU\S-1-5-21-1382834613-1822904797-1030768890-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9D425283-D487-4337-BAB6-AB8354A81457}

(x86) HKU\S-1-5-21-1382834613-1822904797-1030768890-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9D425283-D487-4337-BAB6-AB8354A81457}

Heur.Agent/Gen-WhiteBox

C:\USERS\QUEENMOMMY1\DOWNLOADS\PROGRAM DOWNLOADS\NPP.5.9.INSTALLER.EXE

Trojan.Agent/Gen-Koobface

C:\USERS\QUEENMOMMY1\DOWNLOADS\PROGRAM DOWNLOADS\REALPLAYER.EXE

How do I get rid of this Adware.Zugo once and for all? I have attached the logs from dds. Please help?

attach.txt

dds.txt

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello,

This is a pretty harmless detection, but I understand its frustrating to see it come back. :)

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AdAware or Avast.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites
  • 1 month later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.