ad.xtendmedia infection

[aardvark2012]

Hey Robybel,

Well, I ran scandisk on both drives with the "Automatically fix..." option checked. No change, though. Very odd :-\

Any other suggestions?

[Robybel]

Ok aardvark2012

Please try this Tool

Let me know if you have still crash IE problem

[aardvark2012]

^{Well *that* was weird. Good call on ShellExView -- the problem seems to be fixed... but in a completely bizarre and rather unsettling way. None of the extensions were flagged, so I went through and disabled all the non-Microsoft extensions (and my right-clicking problems were solved), and then started reactivating them one by one and checking to see which one broke the context menu. It turned out to be a couple of Java extensions ("Plugin SSV helper" and "Plugin 2 SSV helper"). Fine. So I unsystematically reactivated all the others, which broke my context menu again. Okay, so there's more problems. So I went through them all more systematically, and by the end of it I had *everything* reactivated and my context menu still worked. Could the order that they're activated in make a difference?}

^{Anyway, the problem seems to be fixed (unless the bizarreness of the solution rings any alarm bells for you).}

^{Another slightly worrying thing was finding non-Microsoft files in Windows\system32 (wuaucpl.cpl, xpsrchvw.exe and BWContextHandler.dll). I suspect I'm just being clueless, but should they be there?}

^{Anyway, everything seems to be working (installing IE10 fixed the 32 bit crashing). Is there any special clean up I need to do?}

^Cheers

^Toby

[Robybel]

Hi aardvark2012

it was a pretty hard work, but we managed to solve the problem

^{Could the order that they're activated in make a difference?}

I do not thinkcertainly deactivate / reactivate, contributed to fix the problem

Ok I'm very happy, please follow this:

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!!

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

• Click START then RUN
  
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  

Unistall AdwCleaner

• Double click on adwcleaner.exe to run the tool.
  
• Click on Uninstall.
  
• Confirm with yes.

Clean up with OTL:

• Double-click OTL.exe to start the program.
  
• Close all other programs apart from OTL as this step will require a reboot
  
• On the OTL main screen, press the CLEANUP button
  
• Say Yes to the prompt and then allow the program to reboot your computer.
  

Java is very easily exploited these days and it's a good idea to disable Java in the browser

Please read here

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

MOST IMPORTANT: You Need to Update Windows and IE to get all the Latest Security Patches to protect your computer from the malware that is around on the internet.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button.
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
• Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

• NoScript
  
• AdBlockPlus
  

2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

• Open Internet Explorer
  
• Click on Tools > Internet Options
  
• Press Security tab
  
• Select Internet zone then place check next to Enable Protected Mode if not already done
  
• Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  
• Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall

Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:

Online Armor Free

Agnitum Outpost Firewall Free

5.SPYWARE PREVENTION

This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

• 
  
  • How Did I Get Infected In The First Place? by TonyKlein
    
  • How to Prevent Malware by miekiemoes
    
  • PC Safety and Security--What Do I Need?

6. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002

Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

7. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

[aardvark2012]

_{Okay, I think we're done :-). It turned out that I was a bit premature with the results of ShellExView -- there was a delay in blocking the extensions. It turned out that it was actually the NVidia context menu that was messing things up.}

_{While I was using ShellExView, I discovered that IObit's ASC has left a bunch of things sitting around in a folder (as well as a now defunct shell extension). Ordinarily I would just delete the folders, but some applications (and I'm guessing IObit might be one) leave things lying around all over the place so you're never truly rid of them. Do you know of any good general cleanup/maintenance software? Ironically, that was what I initially got IObit software for (they have an uninstaller that checks for bits left lying around) but of course, I just uninstalled it. I'd like to give my PC a thorough cleanup after this, so do you have any suggestions? If not for software, then a tutorial that can guide me through a good cleanup and optimisation?}

_{Anyway, thanks so much for all your help.}

_Toby

[Robybel]

Hi aardvark2012

For your complete IObit's removal please

Try this tool

Let me know when you have done

[aardvark2012]

Hi Robybel,

That tool didn't do a whole lot. I think it's out of date -- it kept trying to remove ASC3, when my version was ASC6. It got rid of one registry entry, and so I just deleted the rest. Hopefully I won't end up regretting it.

Any suggestions for where to look for a general cleanup/optimisation?

Thanks

Toby

[Robybel]

Hi aardvark2012

You can use these tools at least once every 15 days:

CCleaner

Malwarebytes

Once every 30 days you must

Defraggler your HD

Then follow the instructions that I gave in my post all clean, and safe surf

For any problem you may have, we are at your complete disposal

[aardvark2012]

Hi Robybel,

I guess that wraps things up. :-)

Thanks so much for all your time. It's much appreciated!

All the best.

Toby

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!