Delta-Home hijack

[kmcphotog]

Hello, I have run Malware a few times and restarted...I can not get rid of the Delta-home hijack....help..

[kmcphotog]

heres the last log

 

alwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2014.01.10.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Kellie :: BADAZZ [administrator]

1/10/2014 12:00:55 PM
mbam-log-2014-01-10 (12-00-55).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1148983
Time elapsed: 3 hour(s), 48 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[kmcphotog]

Heres the one prior to that

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.10.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Kellie :: BADAZZ [administrator]

1/9/2014 10:07:18 PM
mbam-log-2014-01-09 (22-07-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323290
Time elapsed: 18 minute(s), 40 second(s)

Memory Processes Detected: 1
C:\Users\Kellie\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> 5000 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Users\Kellie\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Kellie\AppData\Roaming\OpenCandy\C67579B715A4410D851CBA7A836B6E06 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Kellie\AppData\Roaming\OpenCandy\OpenCandy_C67579B715A4410D851CBA7A836B6E06 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Kellie\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Delete on reboot.
C:\Users\Kellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Users\Kellie\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> Delete on reboot.

(end)

[MrCharlie]

Welcome to the forum, please start with this procedure:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[kmcphotog]

Ok, is this suggested by malwarebytes...I am leary about downloading software ...

[MrCharlie]

Ok, is this suggested by malwarebytes...I am leary about downloading software ...

No, it's suggested by me.

MrC

[kmcphotog]

appears to have good reviews online...

[kmcphotog]

I had a tech log in to my system last night...he thought he got rid of it...but didnt....uugh

 

So I just downloaded and ran adwcleaner like you said...

 

Heres the log file...I still see that damn delta homes there

 

# AdwCleaner v3.016 - Report created 11/01/2014 at 12:12:10
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista Ultimate Service Pack 2 (64 bits)
# Username : Kellie - BADAZZ
# Running from : G:\downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\delta-homes.xml
File Found : C:\Users\Kellie\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Found : C:\Users\Kellie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
File Found : C:\Users\Kellie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JustCloud.lnk
File Found : C:\Windows\System32\Tasks\LaunchApp
Folder Found : C:\Users\Kellie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Folder Found C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\WPM
Folder Found C:\Users\Kellie\AppData\LocalLow\Conduit

***** [ Shortcuts ] *****










***** [ Registry ] *****



Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WsysControl
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Somoto
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Somoto
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\delta-homesSoftware
Key Found : HKLM\Software\Description
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\Software\supWPM
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526












-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Kellie\AppData\Roaming\Mozilla\Firefox\Profiles\wv803re5.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Kellie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [10076 octets] - [11/01/2014 12:12:10]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10137 octets] ##########

[MrCharlie]

I had a tech log in to my system last night...he thought he got rid of it...but didnt....uugh

Why would you do that?????? What's a tech know about adware/malware?????

You ran AdwCleaner but not a Full scan with Malwarebytes.

Please do so and then let me know what problems remain (please be specific)

MrC

[kmcphotog]

The guy I was talking about builds systems and has just built my new computer system for me...I had him do it as he knows more about malware than I do as I am a professional photographer...

 

It appears to be gone now, but I am running malware now, however it is not showing up when start explorer or firefox.  The scan does take a few hours on my system...but I will see what comes of it after it is finished and post.

[kmcphotog]

done

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.10.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Kellie :: BADAZZ [administrator]

1/11/2014 12:49:00 PM
mbam-log-2014-01-11 (12-49-00).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 1137776
Time elapsed: 3 hour(s), 36 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[MrCharlie]

It's OK now?? MrC

[Hirsutum]

New face from Europe arrives to this discussion. For three days I attempt to win over a Delta-Homes instance. 64bit notebook with Win 8.1, stuffed w avast! Internet Security. The user is a senior s/w engineer, however newby with malwares.

 

It's about midnight in our zone, I rest a while then come bact to the shared experiment . Thank you for your appreciated conciliation. Hope, together we can sort D-H soon out from our systems.

I plan to review this thread in details, run the projected scan(s) and then return reporting the results to you.

Regards, Peter

[MrCharlie]

@Hirsutum, please start your own topic.

MrC

[kmcphotog]

Yes it is working fine.  thank you so much for the assistance, it worked!!! 

[MrCharlie]

OK.......

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.