Jump to content

ShoppingDealFactory Zombie


Recommended Posts

Hi -

I'm helping my elderly father clean up his computer, which I found to be pretty infested with malware last weekend. I'm remotely accessing his computer to perform this service, just so you know. I went through a pretty lengthy set of software tools, including installing the pro version of Malwarebytes. It found 76 files and they've been deleted, but one continues to return - ShoppingDealFactory. Each time Chrome is restarted, it's back as an extension. Malwarebytes finds a file each scan and I delete it, but there's obviously replication going on that MWB can't squish.

  So, I ran the Farbar tool and created the two attached logs. Thanks for the help on this pesky problem.

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  • Post its content into your next reply.
Link to post
Share on other sites

I've had a bit of trouble with the Zoek program. Though I disabled MSE and MWB, I forgot that MSE was doing a scan. It appeared as though Zoek had troubles, as I kept getting a notice that a script wasn't running properly. I clicked Continue when it first showed up, stop once, and then tried to close it (at least ten minutes had passed). I then killed the .exe in Task Manager but the Zoek window stayed up. I then tried to close it and it kept re-opening. I've now restarted the computer and will attempt to rerun Zoek.

  It did create a log file and I've attached it here, but I figure it's a partial.

zoek-results.log

Link to post
Share on other sites

First off - thanks for the quick help. There is at least some beer money in this for you :)

  I did restart and then disabled MSE and closed MWB. I then relaunched Zoek with the commands you provided. Again the "Error occurred running the script on this page" (BTW, Chrome is shut down). The error is a path not found, though I didn't write it down. I clicked continue and we'll see if it does anything. So far, it's still up saying the program is running but in Task Manager it shows zero CPU use.

  So, the log file I attached to the last post wasn't complete? I wasn't sure.

Link to post
Share on other sites

Third time, same problem. Here's the error text:

Line: 68

Char: 6

Error: Path not found

URL: file:///C:/Users/JOHN&P~1/AppData/Local/Temp/zoekrun.hta

 

I'll click Continue once more but I'm thinking we're not going to get there. Could it be because I'm running the computer remotely through Teamviewer?

Link to post
Share on other sites

Yes, it's interesting that the log doesn't show the malware it's finding - though it's reported upon completion of the daily scan. I have it here, written down manually: PUP.Optional.AppdataFR.A

 

I also found it in the original scan done last week, but nothing shows up after that.

Link to post
Share on other sites

You mentioned that MalwareBytes isn't updated? Is database current?

  • Download the MBAM-Check tool from this page.
  • Run the MBAM-Check tool.
  • A black command prompt window will open briefly, then close. Afterwards a log file will open.
  • A new log file, CheckResults.txt, will be created on your desktop.
Once the CheckResults.txt file is created, please attach it here.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.