Jump to content

Tradeadexchange malware problem


kunalv
 Share

Recommended Posts

  • Staff

Since you were away, let's scan with FRST again:
 
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

fixlist.txt

Link to post
Share on other sites

  • Staff

There is a high chance that Google account is synchronizing ads, it happened before.

 

Please completely uninstall all browsers and do not login into your Google account after installing browsers again.

 

 

Uninstall Chrome
 
Export your bookmarks
 
 
Close all Chrome windows and tabs.
Go to the Start menu > Control Panel.
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.
 
 
Click Start, copy in search %LOCALAPPDATA%\ and remove folder Google
 
Download Chrome
 
 
 
 
- Uninstall Firefox (Programs and Features)
 
Then
 
Click Start, copy in search %appdata%\ Then delete folder Mozilla
Click Start, copy in search %LOCALAPPDATA%\ delete folder Mozilla
 
Then delete following folders:
 
C:\Program Files (x86)\mozilla firefox
C:\Program Files (x86)\Mozilla Maintenance Service
 
 
Restart your PC.
Then install Firefox again.
 
Link to post
Share on other sites

 

There is a high chance that Google account is synchronizing ads, it happened before.

 

Please completely uninstall all browsers and do not login into your Google account after installing browsers again.

 

 

Uninstall Chrome
 
Export your bookmarks
 
 
Close all Chrome windows and tabs.
Go to the Start menu > Control Panel.
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.
 
 
Click Start, copy in search %LOCALAPPDATA%\ and remove folder Google
 
Download Chrome
 
 
 
 
- Uninstall Firefox (Programs and Features)
 
Then
 
Click Start, copy in search %appdata%\ Then delete folder Mozilla
Click Start, copy in search %LOCALAPPDATA%\ delete folder Mozilla
 
Then delete following folders:
 
C:\Program Files (x86)\mozilla firefox
C:\Program Files (x86)\Mozilla Maintenance Service
 
 
Restart your PC.
Then install Firefox again.
 

 

Hello. I did all this. Hasn't seemed to solve the problem. I'm still getting the damn re-directions! So annoying!!

Link to post
Share on other sites

  • 2 weeks later...
On 3/4/2016 at 5:22 PM, kunalv said:

I need you to reset your router, I see no other reason for this.

 

I'll do that and let you know.

Okay so it's been a while since my last update. I resetted my router and it seems to have fixed the problem in that PC. Now this infection appears to have inexplicably spread to another PC which did not have this problem earlier.

Should I follow the same procedure like before?

Link to post
Share on other sites

  • Root Admin

Hello, I will go ahead and take over and assist you with this. Please do the following on the original computer. Once we're done with that we can then move onto the next computer.

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)


  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

Please download AdwCleaner by Xplode and save to your Desktop.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.


Click Scan
Wait for the scan to finish
If any threats were found, click the 'List of found threats' , then click Export to text file....
Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.


  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
    Link to post
    Share on other sites

    • 2 weeks later...
    On 3/19/2016 at 3:58 PM, AdvancedSetup said:

    Hello, I will go ahead and take over and assist you with this. Please do the following on the original computer. Once we're done with that we can then move onto the next computer.

    Please go ahead and run through the following steps and post back the logs when ready.
     
    STEP 04
    Please download Junkware Removal Tool to your desktop.

    STEP 05
    Lets clean out any adware now: (this will require a reboot so save all your work)


    • Shutdown your antivirus to avoid any conflicts.
    • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next reply message
    • When completed make sure to re-enable your antivirus

    Please download AdwCleaner by Xplode and save to your Desktop.

    STEP 06
    Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
    Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
    Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
    Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


    STEP 07
    button_eos.gif

    Please go here to run the online antivirus scannner from ESET.


    Click Scan
    Wait for the scan to finish
    If any threats were found, click the 'List of found threats' , then click Export to text file....
    Save it to your desktop, then please copy and paste that log as a reply to this topic.

    STEP 08
    Please download the Farbar Recovery Scan Tool and save it to your desktop.


    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked
    • Click on Advanced Settings and ensure these options are ticked:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

    Sorry for the inordinate delay as Ive been too busy to carry out all these activities. Finally managed to take some time out. Enclosed are the log files for your reference.

    Please note this is from the newer PC facing this problem and NOT the original one.

     

    KV

    mb.txt

    eset.txt

    FRST.txt

    Addition.txt

    JRT.txt

    Link to post
    Share on other sites

    On 3/31/2016 at 10:13 AM, AdvancedSetup said:

    Them MBAM log says you did not tell it to remove the items. Please run MBAM again and this time make sure you tell it to remove the threats found.

    Where is the log from AdwCleaner ?

     

     

    Quote

     

    I ran MBAM again and it did not detect a single infection. So it must have deleted what it detected last time. My MBAM is a free trial which has expired, thus the Self protection & malware protection modules are disabled. Adwcleaner logs are attached.

    AdwCleaner[C1].txt

    AdwCleaner[C2].txt

    Edited by kunalv
    Link to post
    Share on other sites

    • 1 month later...

    Hey, its me again! After more than a month. I believe the problem on the original computer has been solved. But the other computer still has the infection. A new homepage redirecter has appeared as it re-directs to the page link removed.

    I'm attaching FRST logs for your reference.

    Can't believe I'm having this problem since January when i opened this thread. And this is even after having an ESET Smart Security package on all 3 computers in the office!

    FRST.txt

    Addition.txt

    Edited by exile360
    Link to post
    Share on other sites

    Guest
    This topic is now closed to further replies.
     Share

    • Recently Browsing   0 members

      • No registered users viewing this page.

    Back to top
    ×
    ×
    • Create New...

    Important Information

    This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.