Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Tricked by fake iTunes, need Adware Malware removal [Solved]

quickshare

  • This topic is locked This topic is locked
52 replies to this topic

#46 jhess23a

jhess23a

    Authentic Member

  • Authentic Member
  • PipPip
  • 101 posts

Posted 15 December 2013 - 03:52 PM

OK, I'm about to reinstall the Java and Adobe, will post again after that step. Thanks!

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:46 on 15/12/2013 by jeffhess
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*QuickShare*"
No files found.
 
Searching for "*Scorpion*"
No files found.
 
Searching for "*Adpeak*"
C:\AdwCleaner\Quarantine\C\Windows\System32\AdpeakProxy.ini.vir --a---- 5360 bytes [20:42 06/11/2013] [20:42 06/11/2013] 18DFC8C69730221B2CFEFFCCB565A90E
C:\AdwCleaner\Quarantine\C\Windows\System32\AdpeakProxyOff.ini.vir --a---- 2312 bytes [20:32 06/11/2013] [20:32 06/11/2013] 1ED56540E72D15EA63DF19D70636A347
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\AdpeakProxy.ini.vir --a---- 5360 bytes [20:42 06/11/2013] [20:42 06/11/2013] 18DFC8C69730221B2CFEFFCCB565A90E
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\AdpeakProxyOff.ini.vir --a---- 2312 bytes [20:32 06/11/2013] [20:32 06/11/2013] 1ED56540E72D15EA63DF19D70636A347
C:\_OTL\MovedFiles\12102013_132949\C_Windows\SysNative\AdpeakProxy64.dll --a---- 439296 bytes [11:07 02/12/2013] [15:18 16/10/2013] 78857BF5996E9BC8E82C1B671CBF85E6
 
========== regfind ==========
 
Searching for "QuickShare"
No data found.
 
Searching for "Scorpion"
No data found.
 
Searching for "ScorpionSaver"
No data found.
 
Searching for "Adpeak"
No data found.
 
-= EOF =-

    Advertisements

Register to Remove


#47 jhess23a

jhess23a

    Authentic Member

  • Authentic Member
  • PipPip
  • 101 posts

Posted 16 December 2013 - 04:58 AM

Internet Explorer is not working, but Chrome is. When I open IE I see a blank page. It will not refresh. When I manually type a page address it says "Navigation to the webpage was cancelled."



#48 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,208 posts

Posted 16 December 2013 - 09:09 AM

Hi jhess23a,

http://support.micro...kb/318378/en-us
try to repair or re-install IE!
Graduate of the WTT Classroom
Cheers,
Jo

#49 jhess23a

jhess23a

    Authentic Member

  • Authentic Member
  • PipPip
  • 101 posts

Posted 17 December 2013 - 08:26 PM

Thank you, I did successfully re-install IE. I also, unfortunately, had to uninstall Java 7 and re-install version 6 in order to use a program that we use at work. According to the most recent logs, does the computer look clean?



#50 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,208 posts

Posted 18 December 2013 - 12:35 PM

Hi jhess23a,

well done. :)

It Appears That Your Pc Is Now Clean!
 

***


Clean up:
We used Combofix.

Press the Windows key + R and this will open the Run text box. Copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..x and the /U that needs to be there.)

CF-Uninstall.png


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL

:Commands
[emptytemp]
[clearallrestorepoints]
  • Close all other programs apart from OTL as this step may require a reboot
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Say Yes to the prompt and then allow the program to reboot your computer.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/


***


Graduate of the WTT Classroom
Cheers,
Jo

#51 jhess23a

jhess23a

    Authentic Member

  • Authentic Member
  • PipPip
  • 101 posts

Posted 18 December 2013 - 03:35 PM

You did a GREAT job. Very thorough. I will start these attempts today and tomorrow and post if I have any problems. Do you recommend keeping MalWareBytes? What anti-virus do you recommend. Which Internet browser do you prefer, IE, Chrome, or Firefox?



#52 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,208 posts

Posted 19 December 2013 - 04:59 PM

You are very welcome, jhess23a.
Glad we could help.
 

Do you recommend keeping MalWareBytes?
Which Internet browser do you prefer, IE, Chrome, or Firefox?

You can keep Malwarebytes Anti-Malware.
I'm using IE; if you use FF too, you should have installed the following add-ons to help make your Firefox browser more secure:
NoScript
AdBlock Plus
Graduate of the WTT Classroom
Cheers,
Jo

#53 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 19 December 2013 - 05:21 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users