Jump to content

HBLITE keeps popping up to quarantine


Bruski
 Share

Recommended Posts

Ok, I haven't posted any hijack or other logs yet b/c I want to figure out something.

On a laptop running Windows Visa 32 bit I have run MalwareBytes (the purchased version) with the latest updates and a full scan and it shows zero infections. Internet is working and speed is normal.

However, while the computer is running occasionally MalwareBytes will pop up with various files from HBLITE and ask to quarantine them (which I do)

Usually it shows the file to quarantine as (adwar.Hotbar) "c:\Program Files\HBLITE\BIN\11.0.181.0\HBLITESAHOOK.DLL"

I have all folders and files unhidden and when I do a complete search of the C: drive it can't find any files or folders that match HBLITE.

I've done a search in the registry using regedit and again can't find anything that matches HBLITE.

Any help is greatly appreciated ;)

Link to post
Share on other sites

DDS.txt

Ok, I haven't posted any hijack or other logs yet b/c I want to figure out something.

On a laptop running Windows Visa 32 bit I have run MalwareBytes (the purchased version) with the latest updates and a full scan and it shows zero infections. Internet is working and speed is normal.

However, while the computer is running occasionally MalwareBytes will pop up with various files from HBLITE and ask to quarantine them (which I do)

Usually it shows the file to quarantine as (adwar.Hotbar) "c:\Program Files\HBLITE\BIN\11.0.181.0\HBLITESAHOOK.DLL"

I have all folders and files unhidden and when I do a complete search of the C: drive it can't find any files or folders that match HBLITE.

I've done a search in the registry using regedit and again can't find anything that matches HBLITE.

Any help is greatly appreciated ;)

I attached my DDS and ark txt files if you need them at least I think I attached them?

Also, here's more info if you need it.

I am working on the following:

Gateway Laptop T-series, 2GB Ram, 2Ghz CPU, Windows Vista Home Premium 32bit, SP2 with all the updates installed.

Security Software running:

MalwareBytes v1.46 (Paid version) fully updated

Norton 2011 Security with all the updates

Spybot S&D 1.6.20 with all the updates

It was badly infected and I have been able to remove most of the infections except for one called HBLITE.

I have run MalwareBytes (the purchased version) with the latest updates and a full scan and it shows zero infections.

Norton and Spybot also show 0 infections after a full scan.

Internet is working and speed is normal.

ark.txt

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Hi,

Please download OTM

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Processes

    :Services

    :Reg
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable"=-
    "ProxyOverride"=-
    "ProxyServer"=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.