Random Tabs are opening

[mightybeard]

1. Random tabs keeps opening up after every while or so. I noticed mainly these: pipeschannels , one which redirects to ucbrowser, eatyellowmango which redirects to Flipkart.com and cpmofferconvert.
2. Whenever I search in google chrome address bar, it automatically changes my default search engine to Yahoo.com. Every time I remove yahoo search engine from chrome settings but it gets back automatically.

 

i have scanned my laptop with hitman pro.. since my trial period has ended i am unable to remove the detected malwares.. pls help me.. thanks in advance

[kevinf80]

Hello mightybeard and welcome to Malwarebytes,

Follow the instructions at this link and post the requested logs:  https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Thank you,

Kevin

 

[mightybeard]

7 hours ago, kevinf80 said:

Hello mightybeard and welcome to Malwarebytes,

Follow the instructions at this link and post the requested logs:  https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

Thank you,

Kevin

 

These are the files You requested to attach !

Addition.txt

FRST.txt

[kevinf80]

Hello mightybeard,

Thanks for those logs, continue with the following:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:

• Click on the Report tab > from main interface.
  
• Double click on the Scan log which shows the Date and time of the scan just performed.
  
• Click Export > From export you have two options:

    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply  

  
  

• Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

AdwCleaner - Fix mode

AdwCleaner - Fix Mode

• Download AdwCleaner and move it to your Desktop
  AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)

  I accept), then click on Scan
• Right-click on
• Accept the EULA (
  
  checked and click on the Clean button. This will kill all active processes
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is
  
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
• After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Let me see those logs, also give an update on any remaining issues or concerns..

Thank you,

Kevin

[mightybeard]

I didn't found any fixlist.txt as u mentioned in the beginning of the post

[kevinf80]

Yes apologies, is attached now...

fixlist.txt

[mightybeard]

As you requested

Fixlog.txt

Malwarebytes log 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/15/17
Scan Time: 2:54 PM
Log File: be60d4dc-99f7-11e7-a404-204747535030.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2811
License: Free

-System Information-
OS: Windows 10 (Build 15063.608)
CPU: x64
File System: NTFS
User: MIGHTYBEARD\DELL

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375077
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 12 min, 5 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
Adware.Elex, C:\Users\DELL\AppData\Local\Plukotion\SwReporter\17.96.0, Quarantined, [1], [381902],1.0.2811
Adware.Elex, C:\Users\DELL\AppData\Local\Plukotion\SwReporter, Quarantined, [1], [381902],1.0.2811
Adware.Elex, C:\USERS\DELL\APPDATA\LOCAL\PLUKOTION, Quarantined, [1], [381902],1.0.2811

File: 1
Adware.Elex, C:\Users\DELL\AppData\Local\Plukotion\SwReporter\17.96.0\software_reporter_tool.exe, Quarantined, [1], [381902],1.0.2811

Physical Sector: 0
(No malicious items detected)

(end)

 

 

AdW cleaner log file

 

# AdwCleaner 7.0.2.1 - Logfile created on Fri Sep 15 09:51:21 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 09-15-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.Elex, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | SNARE
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved | KuaiZip Shell Extension
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | terana
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
PUP.Optional.ByteFence, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com
PUP.Optional.ByteFence, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\en.bytefence.com
PUP.Optional.ByteFence, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | ByteFence.exe

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [8869 B] - [2017/6/1 11:5:19]
C:/AdwCleaner/AdwCleaner[C2].txt - [2456 B] - [2017/6/1 11:30:28]
C:/AdwCleaner/AdwCleaner[S0].txt - [11764 B] - [2017/6/1 9:38:0]
C:/AdwCleaner/AdwCleaner[S1].txt - [11322 B] - [2017/6/1 9:46:55]
C:/AdwCleaner/AdwCleaner[S2].txt - [11396 B] - [2017/6/1 9:58:54]
C:/AdwCleaner/AdwCleaner[S3].txt - [8169 B] - [2017/6/1 10:31:31]
C:/AdwCleaner/AdwCleaner[S4].txt - [8404 B] - [2017/6/1 10:43:24]
C:/AdwCleaner/AdwCleaner[S5].txt - [8477 B] - [2017/6/1 10:54:16]
C:/AdwCleaner/AdwCleaner[S6].txt - [2726 B] - [2017/6/1 11:20:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt ##########

 

Fixlog.txt

[kevinf80]

How is your system responding now, any remaining issues or concerns...?

Edited September 15, 2017 by kevinf80
typing error

[mightybeard]

1 hour ago, kevinf80 said:

How is your system responding now, any remaining issues or concerns...?

its working fine... can u tell me wat caused the problem ??

[kevinf80]

Hello mightybeard,

Thanks for the update,  your issue was browser hijacker in Google Chrome, to clean up run the following:

Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked:   Remove disinfection tools <----- this will remove tools we may have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

[kevinf80]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!