nhatlong0605 Posted April 9, 2015 ID:954410 Share Posted April 9, 2015 Hi all I have problem with random ad keeps spamming me while i am surfing web. I have read the topic im infected what-do i do now and follow those steps there by trying: MBAM, FARBAR RECOVERY SCAN TOOL but those ads still keep coming back. i have been bombed with those annoying ads for 1 month. Please help me if you can. Thanks,LongFRST.txtAddition.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 9, 2015 ID:954479 Share Posted April 9, 2015 Welcome to the forum. (Do what you can) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. 2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. 1. Please run a Threat Scan with Malwarebytes Start Malwarebytes 2.0.......... Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware Same for PUM (Potentially Unwanted Modifications) Quarantine all that's found Post the log (save the log as a .txt file not .xml) Then...... 2. Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Which system am I using? You can also use this version of RogueKiller which works on both 32 and 64 bit: RogueKiller 32 & 64 bit Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Wait for the Prescan to finish Click Scan to scan the system. When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here. Don't run any other options, they're not all bad!!!!!!! RogueKiller logs will also be located here: %programdata%/RogueKiller/Logs <-------W7 C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running. Create a new restore point Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Sometimes when clearing out an infection the winsock stack will become corrupt and you'll loose your internet connection. To resolve this....reset the stack as outlined HERE <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear". ------->Your topic will be closed if you haven't replied within 3 days!<-------- If I don't respond within 24 hours, please send me a PM Link to post Share on other sites More sharing options...
nhatlong0605 Posted April 10, 2015 Author ID:954609 Share Posted April 10, 2015 Thank you for your generous help Charlie, I have followed your instructions and here is the result fileMalwarebytes.txtRKreport_SCN_04102015_121950.log Link to post Share on other sites More sharing options...
MrCharlie Posted April 10, 2015 ID:954683 Share Posted April 10, 2015 Make sure you have created a restore point and..... Download Delfix from Here and save it to your desktop.Place a check mark in front of .......Create registry backup <---only!Uncheck the rest!Click the Run button. Close the tool out when it's done....we'll use it later. ============================ Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe. Run FRST.exe/FRST64.exe and click Fix only once and wait The tool will create a log (Fixlog.txt) in the folder, please post it to your reply. ========================== Lets check for any adware/spyware now: Please download AdwCleaner from HERE or HERE to your desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program that may have been targeted by mistake.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Next.................. Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Next......... Please Update and run a Threat Scan (Malwarebytes) Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware Same for PUM (Potentially Unwanted Modifications) Quarantine All that's found MrC Link to post Share on other sites More sharing options...
nhatlong0605 Posted April 10, 2015 Author ID:954712 Share Posted April 10, 2015 Thank you Charlie.Fixlog.txtAdwCleanerS0.txtJRT.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 10, 2015 ID:954714 Share Posted April 10, 2015 Is there any difference???? MrC Link to post Share on other sites More sharing options...
nhatlong0605 Posted April 11, 2015 Author ID:954841 Share Posted April 11, 2015 It still be the same . I 've just found out that when i open a new Google Doc, Sheets, Slide...or any Google office tool, it will link directly to the ad and i can't create any Google office tool. Link to post Share on other sites More sharing options...
MrCharlie Posted April 11, 2015 ID:954843 Share Posted April 11, 2015 So it's only Google Chrome that's giving you a problem??? Please re-scan with FRST and Make sure the Addition Box is checked.Post or attach the 2 logs FRST.txt and Addition.txt MrC Link to post Share on other sites More sharing options...
nhatlong0605 Posted April 11, 2015 Author ID:954844 Share Posted April 11, 2015 I still can use Google Tool in Firefox, but Firefox still has random ad displaying. Google Chrome both has random ad and disabled Google Tool. Link to post Share on other sites More sharing options...
MrCharlie Posted April 11, 2015 ID:954891 Share Posted April 11, 2015 I need the 2 logs from FRST. MrC Link to post Share on other sites More sharing options...
nhatlong0605 Posted April 11, 2015 Author ID:954912 Share Posted April 11, 2015 Sorry, my bad, i didn't notice your second comment..Addition.txtFRST.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 11, 2015 ID:954923 Share Posted April 11, 2015 Did you install this program? (If not please uninstall it)Internet Download Manager=====================================Please re-install Google Chrome: (it has been altered)CHR dev: Chrome dev build detected! <======= ATTENTION===========================Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.Run FRST.exe/FRST64.exe and click Fix only once and waitThe tool will create a log (Fixlog.txt) in the folder, please post it to your reply.==========================Please download and run AVAST-Browser-Cleanup: (let it clean what it finds)http://files.avast.com/files/tools/avast-browser-cleanup.exe<----AVAST browser cleanup Let me know....MrC Link to post Share on other sites More sharing options...
nhatlong0605 Posted April 12, 2015 Author ID:955040 Share Posted April 12, 2015 Thank you CharlieFixlog.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 12, 2015 ID:955124 Share Posted April 12, 2015 What about the rest of it???Internet Download Manager <-------did you uninstall or leave itGoogle Chrome <---did you reinstall ChromeAVAST-Browser-Cleanup <---did you run it and if so, did it find anything?? How is it????MrC Link to post Share on other sites More sharing options...
nhatlong0605 Posted April 12, 2015 Author ID:955157 Share Posted April 12, 2015 I have done everything you said. Avast has found multiple malware in IE, Firefox and Chrome. I can use Google Office in Chrome now. Link to post Share on other sites More sharing options...
MrCharlie Posted April 12, 2015 ID:955174 Share Posted April 12, 2015 So it's OK now???? MrC Link to post Share on other sites More sharing options...
nhatlong0605 Posted April 13, 2015 Author ID:955285 Share Posted April 13, 2015 i once reinstalled Chrome and the ad disappeared for about 2 weeks and then it came back. I am not sure if it has really gone this time. Link to post Share on other sites More sharing options...
MrCharlie Posted April 13, 2015 ID:955287 Share Posted April 13, 2015 If you're signed into Chrome, then everything is stored on their servers. So if you reinstalled Chrome...the malware will still be there.That's why I had you do this:Please re-install Google Chrome: (it has been altered)CHR dev: Chrome dev build detected! <======= ATTENTION We cleaned out a bunch of malware from your computer and Chrome.I think it should be OK now but if not.....run this tool:1. Download and run this tool (Software removal tool), immediately it will start searching for suspicious programs on your computer and then shows a message how many programs it found.https://www.google.com/chrome/srt/2. Click ‘Remove suspicious programs ‘and wait for the tool to show ‘removal complete’ message.3. Click ‘Continue’ to quit the tool (you may be prompted to restart your computer, do so)4. After that, Chrome will automatically open and asks to reset browser settings, click ‘Reset’.Let me know....MrC Link to post Share on other sites More sharing options...
nhatlong0605 Posted April 13, 2015 Author ID:955297 Share Posted April 13, 2015 For now, it seem to has disappeared. I will let you know if something go wrong. Thank you for your help Charlie Link to post Share on other sites More sharing options...
MrCharlie Posted April 13, 2015 ID:955336 Share Posted April 13, 2015 ** Link to post Share on other sites More sharing options...
nhatlong0605 Posted April 16, 2015 Author ID:955981 Share Posted April 16, 2015 Here is the resultAddition.txtFRST.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 16, 2015 ID:956052 Share Posted April 16, 2015 Make sure you have created a restore point and..... Download Delfix from Here and save it to your desktop.Place a check mark in front of .......Create registry backup <---only!Uncheck the rest!Click the Run button. Close the tool out when it's done....we'll use it later. ================================ Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe. Run FRST.exe/FRST64.exe and click Fix only once and wait The tool will create a log (Fixlog.txt) in the folder, please post it to your reply. ================================= Reset Chromes home page to something other than Conduit: CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M98C7E1C7-8CA9-4C18-87C5-4A8854C5FEB8&SearchSource=55&CUI=&UM=5&UP=SP1AD919B3-6757-413D-B092-5EB31E957779&SSPV= https://support.google.com/chrome/answer/95314?hl=en<<<----Home page change Same for StartupUrls: CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/08&hid=15714338341998471622&lg=EN&cc=VN", "hxxp://websearch.fastosearch.info/?pid=1387&r=2014/06/11&hid=15714338341998471622&lg=EN&cc=VN&unqvl=55", "hxxp://websearch.fastsearchings.info/?pid=1387&r=2014/07/16&hid=15714338341998471622&lg=EN&cc=VN&unqvl=56", "hxxp://search.gboxapp.com/", "hxxp://www.bacdau.vn/?tn=gcb_425" https://support.google.com/chrome/answer/95421?hl=en<<<---CHR StartupUrls ================================== Did you install these extensions: CHR Extension: (Invincea Chrome Redirector Extension) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\pddempbcjigobopccdnnkpbkpncnajcf [2015-04-12] CHR Extension: (Invincea Chrome Redirector Extension) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pddempbcjigobopccdnnkpbkpncnajcf [2015-04-12] CHR HKU\S-1-5-21-2116305133-3899410676-2901690238-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx CHR Extension: (Bible) - C:\Users\Long\AppData\Local\Google\Chrome\User Data\Default\Extensions\adplcelpohamiijahbaanmoimmnoaiaf [2015-04-12] ======================================= Please download fresh copies of these programs: Please download AdwCleaner from HERE or HERE to your desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program that may have been targeted by mistake.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Next.................. Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Next.................. Please download and run AVAST-Browser-Cleanup: (let it clean what it finds) http://files.avast.com/files/tools/avast-browser-cleanup.exe<----AVAST browser cleanup Next: 1. Download and run this tool (Software removal tool), immediately it will start searching for suspicious programs on your computer and then shows a message how many programs it found. https://www.google.com/chrome/srt/ 2. Click ‘Remove suspicious programs ‘and wait for the tool to show ‘removal complete’ message. 3. Click ‘Continue’ to quit the tool (you may be prompted to restart your computer, do so) 4. After that, Chrome will automatically open and asks to reset browser settings, click ‘Reset’. Last: Update and run a scan with Malwarebytes MrCfixlist.txt Link to post Share on other sites More sharing options...
nhatlong0605 Posted April 18, 2015 Author ID:956467 Share Posted April 18, 2015 Here your are, CharlieJRT.txtAdwCleanerS1.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 18, 2015 ID:956554 Share Posted April 18, 2015 How is it???? ============================== If you're still having problems........... Download zoek.exe to your Desktop: http://hijackthis.nl/smeenk/ Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here http://www.bleepingcomputer.com/forums/topic114351.html On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator Give it a few seconds to appear Next, copy/paste the entire script inside the codebox below to the input field of Zoek: autoclean; emptyalltemp; emptyclsid; CHRdefaults; Now... Close any open programs. Click the Run script button, and wait. It takes a few minutes to run. When the tool finishes, the zoek-results.log is opened in Notepad. The log is also found on the systemdrive, normally C:\ If a reboot is needed, the log is opened after the reboot. MrC Link to post Share on other sites More sharing options...
nhatlong0605 Posted April 20, 2015 Author ID:956888 Share Posted April 20, 2015 Thanks Charlie, it seem to be fine now. zoek-results.txt Link to post Share on other sites More sharing options...
Recommended Posts