Jump to content

YTD Video Downloader mess of malware and cr*p


Recommended Posts

While I was off for a moment, my dad managed to install YTD video downloader on here.

 

Now after rebooting the CPU usage would go up and things like clicking on the start bar or dragging the vertical bar in the task manager window started to get interrupted almost immediately, as if I'd double clicked.

 

I removed YTD Video Downloader but this particular issue still persisted on the next reboot. I did notice this seems to be a Chrome related issue as I had both Chrome and Firefox on at the same time and disabling one of the Chrome processes in Task Manager stopped this weird phenomenon from happening. I did notice that at about the same time I got a message on the side of the screen talking about "synchronisation".

 

I did a system restore, deleted YTD Video through the Add or Remove Hardware feature directly instead of running the uninstal from the window, then used CCleaner to delete things and block a few isolated things which may or may not be related as they seemed rather minor.

 

Now as for the things I see mentioned in relation to YTD in various forums and online tutorials, I did not find any folder with the title of Spigot in the files, nor any Searchsettings, Searchsettings64, nor Application Updater like this person for example

 

http://www.digitalfaq.com/forum/computers/4621-warning-ytd-video.html

 

As for the Toolbar, I found it mentioned in the list of Programes, as well as via UnHack Me but both tell me that the programe could not be found, I'll post the exact quote when the full scan I'm running now is done.

 

Currently running a full scan with Malwarebytes. I tried running ADWCleaner but that one seems to hang for me when I push scan or delete, basically getting stuck.

 

I'd really appreciate if someone can help me figure things out, as the various places I go to, be it forum threads or invidivual pages talking about this almost all have different programes they suggest.

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

QUOTE
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your next reply..

Thank you,

Kevin...
Link to post
Share on other sites

Here's the Log, it might be a bit different from your specifications because I started it a long time before posting in this thead and only finished it now.

Which of these may be safe to remove ? I made a System Restore Point but I'm just making sure. It would take more then an hour and a half to redo the scan again.

Oh and removed the YTD entries from the registry as well, but I backed them up and can send them along too if I put it in a zip file.

MBAM-log-2016-04-02 (23-47-56).txt

Edited by Elizabello
Link to post
Share on other sites

How do I quarantine those ? It's pretty late so sorry if I'm being a bit dense.

 

Also I accidentally removed only two things and the scan disappeared. Fat chance that I can restore it quickly somehow, via the log or whatever, and not have to wait another hour and a half for it to finish again ?

Link to post
Share on other sites

The trial version of Malwarebytes has Detection and Protection option... Open Malwarebytes, select "Settings" Detction and Protection should be listed in left hand pane..

If you closed out Malwarebytes after "No Action" was taken you will have to run the scan again... Please use the settings I listed in my opening reply...

Thank you,

Kevin

Link to post
Share on other sites

Run a clean install and get latest version....

Please download mbam-clean and save it to your desktop.

 

  •    Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  •    It will ask you to reboot the machine - please do so.
  •    Run the cleaner tool again, re-boot when complete. <<<---do not miss this step

 

Download & install the newset MBAM version.

Please download 51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware

 

  •    Install the progam and select update.
  •    Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  •    In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  •    Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  •    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  •    Upon completion of the scan (or after the reboot), click the History tab.
  •    Click Application Logs and double-click the Scan Log.
  •    At the bottom click Export and choose Text file.

 

Save the file to your desktop and include its content in your next reply.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.