Jump to content

Suspicious Local Extension


number8
 Share

Recommended Posts

  • Administrators

@number8, welcome to the Malwarebytes Forums!!

Just letting you know that I moved your topic to the Malware Removal for Windows area.

In the meantime while awaiting a helper, I recommended reading up on the following sticky post: https://forums.malwarebytes.org/topic/9573-im-infected-what-do-i-do-now/

Lastly, the Chrome Extension you listed appears to be Weather Blink.

 

Link to post
Share on other sites

  • Staff

Hello and :welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. button.

    x5o4gh.png

  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites

  • Staff

Okay, we will first perform an FRST maintenance fix and then we will scan your PC with MalwareBytes.

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

 

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.


Save the file to your desktop and upload your next reply.

 

 

fixlist.txt

Link to post
Share on other sites

  • Staff

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    autoclean;
    emptyclsid;
    chrdefaults:
    emptyalltemp;
    ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

Link to post
Share on other sites

You're not very forthcoming about what you think the problem is or what you hope to accomplish by running these programs. That said, this evening I plan to:

Shutdown Zoek, turn my AV software back on, and reinstall the latest saved system backup.

Then I will go to Control Panel, delete Firefox, restart my computer, then go online to Chrome and download a new version of Firefox.

If all that's successful, then I will turn off my AV software again and attempt to run Zoek again.

Does that sound like a plan? 

.BTW, while I've been typing this, I keep getting this message every 30 seconds: 1 Num Lock On. 

Link to post
Share on other sites

I deleted Foxfire. No effect on Zork. Zork still running but stopped at Firefox Extensions. Reactivated my AV software. Tried to close Zork, including using Windows Task Manager. Couldn’t. Tried to close it by restoring system to the Install Zoek.exe restore point. It hung up while scanning for affected programs. Chose the restore point before the Windows Update on 9/14 instead. Update was successful. Zork was gone. Got an error message from Norton. Downloaded and ran AdwCleaner again. Found only registry key threats. Tried to uninstall Firefox from the Control Panel. Could not. Found instructions online to do a “clean reinstall” of Firefox. Followed their instructions and was successful. Ran AdwCleaner again. This time it found 15 threats again. Did a threat scan with Malwarebytes. Clean.

As of now, my computer is back to where it was Wednesday night. I still have the 15 threats and my computer still freezes from time to time, but we now know that FRST isn’t effective and Zork is user unfriendly. That’s progress.

Link to post
Share on other sites

  • Staff

I am very sorry about this, I wasn't 100% yesterday, some injury and day after party combined made me do things without thinking.

 

Yes, Adwcleaner is detecting some entries. I know where they belong to.

We need to run one Fix first and then you need to uninstall some programs. Let's begin:

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.


remove%20outdated.jpg Uninstall some programs
 
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time


The list of programs to uninstall:

  • Google Toolbar for Internet Explorer
  • Google Toolbar for Internet Explorer


After completing uninstalls, please manually reboot your machine!
 
Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.


I would like to check your hard drive for errors, it could be a reason for freezes.

cmd_icon.png Check Disk

  • Press the WindowsKey.png on your keyboard. Type cmd and right click >> Run as Administrator.
  • Copy/Enter the command below and press Enter:
  • chkdsk C: > %userprofile%\Desktop\checkdiskreport.txt
  • Wait for it to finish. You should find checkdiskreport.txt on your Desktop that you need to attach in your next reply.

fixlist.txt

Link to post
Share on other sites

Recall that my computer is back to where it was on 9/14.

Part 1: Had to go to your original post to get a hyperlink for FRST. Downloaded and ran it. FRST.txt, Addition.txt, and Fixlog.txt is attached.

Part 2: Not done. Both entries are the same. Is one of them supposed to be Chrome or Firefox? What do you mean by manual reboot? Windows Task Manager?

Part 3: Copy/Paste your command, hit Enter, waited 30 minutes. No log created. Entered Exit.

FRST.txt

Addition.txt

Fixlog.txt

MWB 0918 3.jpg

Link to post
Share on other sites

  • Staff

Part 2.

Just uninstall both of them. It is only a toolbar for Internet Explorer. After you finish, simply restart your system.

Part 3. 

Not good. Can you just type  chkdsk and after that right click in black field > Select all and then just press Enter on your keyboard to copy all the text to the clipboard. Copy the text from clipboard to your next reply.

Link to post
Share on other sites

Something we did today did some good. I just ran AdwCleaner again and see that the Registry Key issues have been reduced from 12 to 4.

***** [ Registry ] *****

 

Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho

Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1

Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho

Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1

 

 

***** [ Web browsers ] *****

 

No malicious Firefox based browser items found.

Chrome pref Found:  [C:\Users\LARRY 8300\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com

Chrome pref Found:  [C:\Users\LARRY 8300\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

Chrome pref Found:  [C:\Users\LARRY 8300\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - jnnbmiailafajdkboegcjcdklooomfic

Link to post
Share on other sites

  • Staff

So, check disk won't finish at all?

 

FRST.gif FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

  • Copy protector_dll into the Search: field in FRST then click the Search Registry button.
  • FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  • Please attach it to your reply.

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    chrdefaults;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

Mondays are busy around here, and you're 7 hours ahead of me, so it will be very late this evening your time before I rerun things. I'm going to be very unhappy of Zoek causes me to reload a system backup to get rid of it again.

Meanwhile, I thought my problem might be add-ins to Word, so I went into Safe Mode to check the "freezing." When I clicked on the icon, I got a message telling me that there was a problem loading Word and it was going to shutdown. About that time my screen went into power saver mode and my hard drive beginning spinning loudly. Once again, the only way I could shut down was to press and hold the button. 

Link to post
Share on other sites

Start:

Ran CCleaner, cleaned Windows items

From CCleaner\Tools – deleted Avery Wizard 4.0

Opened Microsoft Word\Options\Add-Ins, confirmed that AVWiz14s.dotm is gone.

“Freezing” of cursor seems to be resolved.

Deleted Mozilla Firefox 48.0.2

Restart

Ran AdwCleaner – still 4 and 3

Downloaded Zoek

Norton 360: Disable Auto-Protect – 5 hrs

MWB: Protection Disabled

SuperAS: Real-time Protection Disabled

Pasted requests into Zork

Program started

Closed Chrome

Got note: A reboot is needed to complete Zoek.exe tasks.

Ran FRST again.

Done – txt documents complete

Ran AdwCleaner – now only 4 registry keys

Reset all my AV protection to on.

SearchReg.txt

zoek-results.txt

FRST.txt

Addition.txt

AdwCleaner[S11].txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.