mrclark Posted January 11, 2014 ID:776738 Share Posted January 11, 2014 Hi, I apologize if this has been posted already, feel free to redirect me there if that's the case, but I couldn't find anything on this one on Google or the forums. A few days ago I was noticing a lot of annoying adds coming up (even with AdBlock on) and chrome would crash every once in a while. I looked in my extensions window and noticed this (see attachment). I delete it from Chrome every time I boot up, but it comes back every time. And after using Spybot, Malware Bytes, and several other programs, it's still there. I scanned through my programs/updates list in Windows control panel as well and don't see anything suspicious. If anyone has any ideas, please let me know! Thank you. Link to post Share on other sites More sharing options...
kevinf80 Posted January 11, 2014 ID:776776 Share Posted January 11, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Double click zip file and extract to your Desktop: you will now have 3 versions of the tool on the Desktop: Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/] Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open: Copy and paste the following script from the code box and paste into the field. standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs; Select the "Run Script" tab. The following window will open: Please be patient and do not use the PC when the scan is in progress. When complete you maybe asked to re-boot your PC, if so please do Post the produced log in your next reply….. Kevin..... Link to post Share on other sites More sharing options...
mrclark Posted January 11, 2014 Author ID:776778 Share Posted January 11, 2014 Thanks for the tips, I'll give it a try when I am off work. Thanks again! Link to post Share on other sites More sharing options...
mrclark Posted January 12, 2014 Author ID:776935 Share Posted January 12, 2014 Ok, here's the log after the scan and reboot. I do see the "DiscouNNtExtensi" listed under "Deleting Files \ Folders" section. And it IS still showing up in Chrome. Thanks again.zoek-results.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 12, 2014 ID:776955 Share Posted January 12, 2014 Run Zoek again, (accept UAC) The following window will open: Copy and paste the following script from the code box and paste into the field. autoclean;CHRdefaults; Select the "Run Script" tab. The following window will open: Please be patient and do not use the PC when the scan is in progress. When complete you maybe asked to re-boot your PC, if so please do Post the produced log in your next reply….. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Kevin.... Link to post Share on other sites More sharing options...
mrclark Posted January 12, 2014 Author ID:777096 Share Posted January 12, 2014 Ok, here are the 3 logs. ThanksAddition.txtFRST.txtzoek-results2.txt Link to post Share on other sites More sharing options...
mrclark Posted January 12, 2014 Author ID:777098 Share Posted January 12, 2014 Update: After running those programs, I don't see either Adblock or that "DiscouNNt Extensi" extensions. I'll wait to see your reply but hopefully...problem solved. Link to post Share on other sites More sharing options...
kevinf80 Posted January 12, 2014 ID:777103 Share Posted January 12, 2014 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Full scanMake sure that everything is checked, and click Remove Selected on any found items. Post the produced logs, aalso let me know if any remaining issues/concerns.. Kevin Fixlist.txt Link to post Share on other sites More sharing options...
mrclark Posted January 13, 2014 Author ID:777504 Share Posted January 13, 2014 Here's the log. Thanks again for all the help! I had no idea what to do. I'll post another reply if I see anything fishy.Fixlog.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 13, 2014 ID:777509 Share Posted January 13, 2014 Did you run Malwarebytes as requested? Link to post Share on other sites More sharing options...
mrclark Posted January 13, 2014 Author ID:777596 Share Posted January 13, 2014 Yes. Sorry I couldn't reply right away. No objects detected during the Malwarebytes scan. Link to post Share on other sites More sharing options...
kevinf80 Posted January 13, 2014 ID:777599 Share Posted January 13, 2014 What is the status of your system now, any issues or concerns? Run this please: Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exeSave it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Link to post Share on other sites More sharing options...
mrclark Posted January 15, 2014 Author ID:778431 Share Posted January 15, 2014 Here's the log from the security check... Otherwise I haven't noticed anything suspicious. I appreciate all the help immensely! checkup.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 15, 2014 ID:778449 Share Posted January 15, 2014 Ok we can clean up: We need to remove FRST, first it is very important to deal with its own Quarantine folder by using FRST itself.. OK, we continue: Delete any fixlist.txt file previously used, continue: Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. Next, Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST Next, Download "Delfix by Xplode" and save it to your desktop. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Activate UAC Remove disinfection tools Purge System Restore Reset system settings Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Next, Navigate to and delete (if present) C:\zoek_backup folder Any tools/logs left on the Desktop or downloads folder can be deleted.... Let me know if the above steps complete ok, also if any remaining issues or concerns.... Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Kevin.....fixlist.txt Link to post Share on other sites More sharing options...
mrclark Posted January 16, 2014 Author ID:778573 Share Posted January 16, 2014 Followed your instructions and everything seems to be clean and removed. I will check out the link, and thanks a million, again! Link to post Share on other sites More sharing options...
kevinf80 Posted January 16, 2014 ID:778633 Share Posted January 16, 2014 You`re very welcome..... Kevin... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 21, 2014 Root Admin ID:780588 Share Posted January 21, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts