Jump to content

Recommended Posts

While finding a software, downloaded a file from onhax which was malware-ridden. Eversince, my laptop has been infected by an adware which has taken over my mozilla. As soon as I open google on mozilla, an unknown search bar takes over. I have looked on the internet for hours and found no solutions to get rid of it. Here's the steps I've taken to get rid of it

- Refreshed Firefox.

-Uninstalled firefox and re-installed it.

-Checked Control Panel forany unwanted programs (and found none.)

-Checked Task Manager for any weird background processes. (I'm no expert but I couldn't find anything suspicious.)

-Ran a full scan on Windows defender (found nothing.)

-Ran a full scan on Malwarebytes' most recent version (found nothing.)

-Ran a full scan on Bit Defeders Anti-Adware software (found nothing.)

-Re-ran a full scan on Malwarebytes. (Still found nothing.)

Please help. Attaching a screenshot of the searchbar that appears on google, in case anyone is familiar with it.

Screenshot (279).png

Link to post
Share on other sites

Google Chrome is similarly infected and the home page has been taken over by the site in the following screenshot. Mozilla's home page was taken over too and I was unable to fix it just through settings. It got fixed eventually, after I reinstalled Mozilla.

Screenshot (280).png

Link to post
Share on other sites

Yeah but my problem seems to lie with the browser and my PC. I don't think the attack/infection on cloudfare has to do anything with my problem. I'm considering using the premium features of Malwarebyte anyway. Though, that's not gonna help me with my current problem and I'm looking forward to a solution for that first.

Link to post
Share on other sites

Found another isssue. Scrolling with the help of scroll-bar at the side of firefox opens a new tab with an advertisement. (Please see: The problems might as well be there on the other browsers too but I'm mentioning firefox time and again as that's the default browser I use.)

Link to post
Share on other sites

  • Root Admin

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

STEP 01

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 8.1 x64
Ran by Akyy (Administrator) on 26/02/17 at 15:08:58.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 0

 


Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/02/17 at 15:11:15.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

STEP 02

# AdwCleaner v6.043 - Logfile created 26/02/2017 at 15:13:57
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-24.1 [Local]
# Operating System : Windows 8.1  (X64)
# Username : Akyy - AKY
# Running from : C:\Users\Akyy\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

 

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

 

***** [ Web browsers ] *****

[-] [C:\Users\Akyy\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Akyy\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6860 Bytes] - [25/02/2017 00:39:30]
C:\AdwCleaner\AdwCleaner[C2].txt - [1037 Bytes] - [26/02/2017 15:13:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [6350 Bytes] - [25/02/2017 00:36:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [1434 Bytes] - [26/02/2017 15:13:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1256 Bytes] ##########

 

 

STEP 03

2017-02-26 09:52:43.131    Sophos Virus Removal Tool version 2.5.6
2017-02-26 09:52:43.131    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-02-26 09:52:43.131    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-02-26 09:52:43.131    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2017-02-26 09:52:43.131    Checking for updates...
2017-02-26 09:52:43.146    Update progress: proxy server not available
2017-02-26 09:52:50.756    Option all = no
2017-02-26 09:52:50.756    Option recurse = yes
2017-02-26 09:52:50.756    Option archive = no
2017-02-26 09:52:50.756    Option service = yes
2017-02-26 09:52:50.756    Option confirm = yes
2017-02-26 09:52:50.756    Option sxl = yes
2017-02-26 09:52:50.756    Option max-data-age = 35
2017-02-26 09:52:50.756    Option vdl-logging = yes
2017-02-26 09:52:50.865    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-02-26 09:52:50.865    Machine ID:    b1fe3bce160c41f1a36424d2ef4e8b5d
2017-02-26 09:52:50.881    Component SVRTcli.exe version 2.5.6
2017-02-26 09:52:50.881    Component control.dll version 2.5.6
2017-02-26 09:52:50.881    Component SVRTservice.exe version 2.5.6
2017-02-26 09:52:50.881    Component engine\osdp.dll version 1.44.1.2280
2017-02-26 09:52:50.881    Component engine\veex.dll version 3.68.0.2280
2017-02-26 09:52:50.881    Component engine\savi.dll version 9.0.7.2280
2017-02-26 09:52:50.881    Component rkdisk.dll version 1.5.31.1
2017-02-26 09:52:50.881    Version info:    Product version    2.5.6
2017-02-26 09:52:50.881    Version info:    Detection engine    3.68.0
2017-02-26 09:52:50.881    Version info:    Detection data    5.36
2017-02-26 09:52:50.881    Version info:    Build date    2/7/2017
2017-02-26 09:52:50.881    Version info:    Data files added    206
2017-02-26 09:52:50.881    Version info:    Last successful update    (not yet updated)
2017-02-26 09:53:20.088    Downloading updates...
2017-02-26 09:53:20.088    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-02-26 09:53:20.088    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-26 09:53:20.088    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-26 09:53:20.088    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-02-26 09:53:20.088    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-02-26 09:53:20.088    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-02-26 09:53:20.088    Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-02-26 09:53:20.088    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
2017-02-26 09:53:20.088    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
2017-02-26 09:53:20.088    Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
2017-02-26 09:53:20.088    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
2017-02-26 09:53:20.088    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
2017-02-26 09:53:20.088    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-26 09:53:22.463    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-02-26 09:53:22.463    Update progress: [I19463] Product download size 158884372 bytes
2017-02-26 09:54:13.637    Update progress: [I19463] Syncing product IDE537 LATEST path=
2017-02-26 09:54:13.637    Update progress: [I19463] Product download size 2537599 bytes
2017-02-26 09:54:26.060    Update progress: [I19463] Syncing product IDE538 LATEST path=
2017-02-26 09:54:26.060    Update progress: [I19463] Product download size 1574009 bytes
2017-02-26 09:54:29.013    Installing updates...
2017-02-26 09:54:29.638    Error level 1
2017-02-26 09:54:54.186    Update successful
2017-02-26 09:55:19.984    Option all = no
2017-02-26 09:55:19.984    Option recurse = yes
2017-02-26 09:55:19.984    Option archive = no
2017-02-26 09:55:19.984    Option service = yes
2017-02-26 09:55:19.984    Option confirm = yes
2017-02-26 09:55:19.984    Option sxl = yes
2017-02-26 09:55:19.984    Option max-data-age = 35
2017-02-26 09:55:19.984    Option vdl-logging = yes
2017-02-26 09:55:20.000    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-02-26 09:55:20.000    Machine ID:    b1fe3bce160c41f1a36424d2ef4e8b5d
2017-02-26 09:55:20.000    Component SVRTcli.exe version 2.5.6
2017-02-26 09:55:20.000    Component control.dll version 2.5.6
2017-02-26 09:55:20.000    Component SVRTservice.exe version 2.5.6
2017-02-26 09:55:20.000    Component engine\osdp.dll version 1.44.1.2280
2017-02-26 09:55:20.000    Component engine\veex.dll version 3.68.0.2280
2017-02-26 09:55:20.000    Component engine\savi.dll version 9.0.7.2280
2017-02-26 09:55:20.000    Component rkdisk.dll version 1.5.31.1
2017-02-26 09:55:20.000    Version info:    Product version    2.5.6
2017-02-26 09:55:20.000    Version info:    Detection engine    3.68.0
2017-02-26 09:55:20.000    Version info:    Detection data    5.36
2017-02-26 09:55:20.000    Version info:    Build date    2/7/2017
2017-02-26 09:55:20.000    Version info:    Data files added    207
2017-02-26 09:55:20.000    Version info:    Last successful update    2/26/2017 3:24:54 PM

2017-02-26 13:40:07.283    >>> Virus 'Mal/VMProtBad-A' found in file C:\Games\Battle.Chess.Game.of.Kings.Early.Access-TPTB\steam_api.dll
2017-02-26 13:45:26.474    Could not open C:\hiberfil.sys
2017-02-26 13:45:36.462    Could not open C:\pagefile.sys
2017-02-26 14:44:25.431    Could not open C:\swapfile.sys
2017-02-26 14:44:26.306    Could not open C:\System Volume Information\{040eae86-fac5-11e6-8064-84a6c82b11fe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-26 14:44:26.306    Could not open C:\System Volume Information\{3478f867-f2f6-11e6-805f-84a6c82b11fe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-26 14:44:26.306    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-26 14:44:26.306    Could not open C:\System Volume Information\{763ad8dd-fc06-11e6-8067-84a6c82b11fe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-26 14:44:26.306    Could not open C:\System Volume Information\{ab5fdb51-f93b-11e6-8062-84a6c82b11fe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-26 14:44:26.322    Could not open C:\System Volume Information\{d5cb6931-ed7d-11e6-805f-84a6c82b11fe}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-02-26 15:53:47.305    Could not open C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-02-26 15:53:47.321    Could not open C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-02-26 15:54:12.745    Could not open C:\WINDOWS\System32\config\BBI
2017-02-26 15:54:13.307    Could not open C:\WINDOWS\System32\config\RegBack\DEFAULT
2017-02-26 15:54:13.323    Could not open C:\WINDOWS\System32\config\RegBack\SAM
2017-02-26 15:54:13.354    Could not open C:\WINDOWS\System32\config\RegBack\SECURITY
2017-02-26 15:54:13.354    Could not open C:\WINDOWS\System32\config\RegBack\SOFTWARE
2017-02-26 15:54:13.401    Could not open C:\WINDOWS\System32\config\RegBack\SYSTEM
2017-02-26 16:47:23.968    Could not open LOGICAL:0003:00000000
2017-02-26 16:47:23.983    Could not open D:\
2017-02-26 16:47:24.263    The following items will be cleaned up:
2017-02-26 16:47:24.273    Mal/VMProtBad-A
2017-02-26 17:02:04.443    Threat 'Mal/VMProtBad-A' has been cleaned up.
2017-02-26 17:02:04.443    File "C:\Games\Battle.Chess.Game.of.Kings.Early.Access-TPTB\steam_api.dll" belongs to malware 'Mal/VMProtBad-A'.
2017-02-26 17:02:04.443    File "C:\Games\Battle.Chess.Game.of.Kings.Early.Access-TPTB\steam_api.dll" has been cleaned up.
2017-02-26 17:02:04.521    Removal successful
2017-02-26 17:02:06.365    Error level 0

2017-02-26 17:02:35.008    Scan completed.
2017-02-26 17:02:35.008    

------------------------------------------------------------

2017-02-26 17:31:29.531    Sophos Virus Removal Tool version 2.5.6
2017-02-26 17:31:29.531    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-02-26 17:31:29.531    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-02-26 17:31:29.531    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2017-02-26 17:31:29.531    Checking for updates...
2017-02-26 17:31:29.547    Update progress: proxy server not available
2017-02-26 17:32:01.478    Downloading updates...
2017-02-26 17:32:01.479    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-02-26 17:32:01.479    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-26 17:32:01.479    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-26 17:32:01.479    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-02-26 17:32:01.479    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-02-26 17:32:01.479    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-02-26 17:32:01.479    Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-02-26 17:32:01.479    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
2017-02-26 17:32:01.479    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
2017-02-26 17:32:01.479    Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
2017-02-26 17:32:01.479    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
2017-02-26 17:32:01.479    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
2017-02-26 17:32:01.479    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-02-26 17:32:06.684    Option all = no
2017-02-26 17:32:06.684    Option recurse = yes
2017-02-26 17:32:06.684    Option archive = no
2017-02-26 17:32:06.684    Option service = yes
2017-02-26 17:32:06.684    Option confirm = yes
2017-02-26 17:32:06.684    Option sxl = yes
2017-02-26 17:32:06.685    Option max-data-age = 35
2017-02-26 17:32:06.685    Option vdl-logging = yes
2017-02-26 17:32:06.946    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-02-26 17:32:06.946    Machine ID:    b1fe3bce160c41f1a36424d2ef4e8b5d
2017-02-26 17:32:22.175    Component SVRTcli.exe version 2.5.6
2017-02-26 17:32:22.175    Component control.dll version 2.5.6
2017-02-26 17:32:22.175    Component SVRTservice.exe version 2.5.6
2017-02-26 17:32:22.175    Component engine\osdp.dll version 1.44.1.2280
2017-02-26 17:32:22.176    Component engine\veex.dll version 3.68.0.2280
2017-02-26 17:32:22.176    Component engine\savi.dll version 9.0.7.2280
2017-02-26 17:32:22.499    Component rkdisk.dll version 1.5.31.1
2017-02-26 17:32:22.499    Version info:    Product version    2.5.6
2017-02-26 17:32:22.499    Version info:    Detection engine    3.68.0
2017-02-26 17:32:22.499    Version info:    Detection data    5.36
2017-02-26 17:32:22.499    Version info:    Build date    2/7/2017
2017-02-26 17:32:22.499    Version info:    Data files added    207
2017-02-26 17:32:22.500    Version info:    Last successful update    2/26/2017 3:24:54 PM
2017-02-26 17:32:27.221    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-02-26 17:32:30.787    Update progress: [I19463] Syncing product IDE537 LATEST path=
2017-02-26 17:32:33.841    Update progress: [I19463] Syncing product IDE538 LATEST path=
2017-02-26 17:32:33.841    Update progress: [I19463] Product download size 14849 bytes
2017-02-26 17:32:34.662    Installing updates...
2017-02-26 17:32:35.264    Error level 1
2017-02-26 17:32:35.810    Update successful
2017-02-26 17:32:53.467    Option all = no
2017-02-26 17:32:53.467    Option recurse = yes
2017-02-26 17:32:53.467    Option archive = no
2017-02-26 17:32:53.467    Option service = yes
2017-02-26 17:32:53.467    Option confirm = yes
2017-02-26 17:32:53.467    Option sxl = yes
2017-02-26 17:32:53.469    Option max-data-age = 35
2017-02-26 17:32:53.469    Option vdl-logging = yes
2017-02-26 17:32:53.479    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-02-26 17:32:53.479    Machine ID:    b1fe3bce160c41f1a36424d2ef4e8b5d
2017-02-26 17:32:53.479    Component SVRTcli.exe version 2.5.6
2017-02-26 17:32:53.479    Component control.dll version 2.5.6
2017-02-26 17:32:53.480    Component SVRTservice.exe version 2.5.6
2017-02-26 17:32:53.480    Component engine\osdp.dll version 1.44.1.2280
2017-02-26 17:32:53.480    Component engine\veex.dll version 3.68.0.2280
2017-02-26 17:32:53.480    Component engine\savi.dll version 9.0.7.2280
2017-02-26 17:32:53.480    Component rkdisk.dll version 1.5.31.1
2017-02-26 17:32:53.480    Version info:    Product version    2.5.6
2017-02-26 17:32:53.480    Version info:    Detection engine    3.68.0
2017-02-26 17:32:53.480    Version info:    Detection data    5.36
2017-02-26 17:32:53.480    Version info:    Build date    2/7/2017
2017-02-26 17:32:53.480    Version info:    Data files added    208
2017-02-26 17:32:53.480    Version info:    Last successful update    2/26/2017 11:02:35 PM
2017-02-26 17:33:05.908    Error level 1

2017-02-26 17:33:05.909    Scan completed.
2017-02-26 17:33:05.909    

------------------------------------------------------------

 

STEP 04

Attached below, as asked.

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome.

You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed.

Then I need you to go to >> Google Sync << and sign into your account.
Scroll down until you see the reset sync button and click on the button
At the prompt click on Ok.

.
Reset Your Browser Settings
.

  1. In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines)
  2. Select Settings.
  3. At the bottom, click Show advanced settings…
  4. Scroll down until you see “Reset settings”, Then click on the button Reset Settings.
  5. In the dialog that appears, click Reset.

.
Close Chrome and restart it and check it out for me please

Link to post
Share on other sites

I performed a reset on all my browsers as asked. It didn't solve the problem.

While reading on a particular forum, I was asked to go to Internet Options>Connections>LAN Settings. It then asked me to clean the Address and to uncheck "Use automatic configuration script." I saved the settings and closed it. It sure has fixed the hijack of google (by the unknown search bar appearing on it called "Secure Search") but as soon as I return to the LAN Settings, I see that the address (http://blockerstop.net/wpad.dat?1c2c6e5d5b05b98399203e1673247aa425721583) gets filled again. I think something is repetitively modifying my settings. Even though my Firefox is completely fixed at the moment, I don not think that the adware has gotten completely removed. Also, the start page for Internet Explorer and Chrome are still being hijacked (which got fixed on Firefox when I uninstalled and reinstalled it).

I hope this information might be of some use to you in helping me.

Link to post
Share on other sites

  • Root Admin

I did not see anything in the log that would actively restore the entry once you put it back to normal, but let me get a new set of logs and we'll double-check again.

Please run FRST again and make sure you place a checkmark in the Additions.txt check box and post back both new logs as an attachment.

 

Thanks

 

 

Link to post
Share on other sites

  • Root Admin

Okay, let me have you run the following.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites

I've gotten rid o all the disinfection tools now. Went through all those topics and a few subtopics as well. As for now, my problem is solved and the topic can be closed. I thank you for taking the pain to help me with this. You're a hero!

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.