Jump to content

RiskWare.IFEOHijack again


Recommended Posts

Hello!

2 Weeks ago I had a problem with  RiskWare.IFEOHijack, solved on this forum.

Since then my PC was protected by Kapersky (useless for  RiskWare.IFEOHijack) and Malwarebytes - trial version.

Everything was fine, until the yesterday when trial version of Malwarebytes  expired. In the same day, I could not open any page on Mozilla Firefox again.

I scanned and disinfected  RiskWare.IFEOHijack manually with Malwarebytes and after that I could use Firefox again.

Today I boot the PC and can not load any page on browser again. I scanned and disinfected again and everything works fine.

But it seems that the problem persists, as everyday I am removing the malware and in the next day is there again, always the same malware.

I attached the reports for the last 2 days.

Any support would be highly appreciated.

Malwarebytes 14.10.2019.txt Malwarebytes 15.10.2019.txt

Link to post
Share on other sites

Hi, 

My name is Maurice. I will be helping and guiding you, going forward on this case.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

.

To start,  

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Version 7.4 of Adwcleaner  detects factory Preinstalled applications too!

I  encourage you to take a look at the announcement blogpost to learn more this new detection category: https://blog.malwarebytes.com/malwarebytes-news/2019/07/your-device,-your-choice:-adwcleaner-now-detects-preinstalled-software/.

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

 

Link to post
Share on other sites

Thanks for the Adwcleaber report.   That found & removed a few adwares.   However, not the IFEO glitches that are the central issue.

 

On your preceding report from Malwarebytes for Windows, it essentially showed that you had not selected all tagged lines for removal.

Take your time in reviewing all directions below.

 

Let’s start by doing a new thorough scan with Malwarebytes for Windows.   The goal is to see whether there is an infection or P U P.

 

Let's do one new run with Malwarebytes for Windows.

Start Malwarebytes.

Click Settings. Click Protection tab & scroll down to Scan options.

On the section "Potential Threat Protection"
look down at the one "Potentially Unwanted Programs (PUPs)" look and make sure it is set to
"Always detect PUPS ".

and

look down at the one "Potential Unwanted Modifications (PUM)" look and make sure it is set to
"Always detect PUM ".

and
scroll all the way down to the section Automatic Quarantine
On the line "Automatically quarantine detected malware" be sure it is ON



Then once all set there, click on SCAN button
Then insure Threat scan has a check mark. Then click Start scan.
Review the results list.
Then I would suggest you make sure all lines have a check mark

To that end, if you click the very top left checkbox you can force all detected lines ( if any are detected)  to be selected for removal. Be sure each line is checked.

 

image.png.a77a4828a89c16f124650b246c1fc46b.png

 

Then you can proceed to click on the blue button Quarantine selected.


In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your next reply 

Link to post
Share on other sites

That is very fine.   But let's have you run a report so I can do a general review.

 

I would like to have you run a report tool known as FRST. This has no personal information. It is a well-known & widely used &safe.
FRST will help provide me with a list of installed programs and other information about your computer that will help me see if there are any other problems that are not being detected. Please follow the steps below to run FRST.


1: Please download FRST from the link below and save it to your desktop:

"Download link for 64-Bit Version Windows"

Please wait and look toward the top or bottom of your browser for the option to Run or Save.
Click Save to save the file version to the Downloads folder.

Then open Windows File Explorer and go to the Downloads folder.

Run report with FRST

Right-click on FRST icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.

Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.





The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Thank you.

Link to post
Share on other sites

Thanks for the FRST reports.   The IFEO is all gone.   We can close this case.

I would recommend that you get the Malwarebytes Browser Guard for Firefox browser.

To get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser  

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

.

You may delete FRST64.exe,  Frst.txt, Addition.txt

 

My suspicion is that the program called "TuneUp Utilities 2014"  is at the source of getting IFEO in the first place.

You do not need that program.  Uninstall it.

1. Type the Windows key+R to open the Run command.

2. Type appwiz.cpl 

and press Enter.
The Programs and Features window will appear.

 

3. Locate  "TuneUp Utilities 2014"     and right-click once to select it, then click the Uninstall button.

 

For more   uninstall help, you may also refer to these links:

Windows Vista, 7, 8:
https://www.bleepingcomputer.com/tutorials/uninstall-a-program-in-windows/

 

Link to post
Share on other sites

I will follow your advice regarding Malwarebytes Browser Guard .

Regarding the "TuneUp Utilities 2014", your suspicions might be very right.

I just realized now that the malware was affecting my browser at short time after I was using it for different cleaning/optimizing tasks, but I was not doing a connection between the two facts. I uninstalled it using Revo Uninstaller.

Thank you once again for your time and useful advices.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.