Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Page popup, redirecting and while surfing steady ad popups. [Solved]

Dealin redirect

  • This topic is locked This topic is locked
65 replies to this topic

#31 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 12 December 2014 - 05:24 PM

I need to see what security you have because I think there is a big conflict somewhere.

Please try safe mode again and see if SecurityCheck will run.
 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#32 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 13 December 2014 - 05:10 AM

Security Check log from Safe Mode session:

 

Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
ESET NOD32 Antivirus 8.0      
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 32  
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome (38.0.2125.104) 
 Google Chrome (38.0.2125.111) 
 Google Chrome (chrome.dll..) 
 Google Chrome (chrome.exe..) 
 Google Chrome (debug.log..) 
 Google Chrome (Dictionaries...) 
 Google Chrome (First Run...) 
 Google Chrome (old_chrome.exe..) 
 Google Chrome (update.dll..) 
 Google Chrome (wow_helper.exe..) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 


#33 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 13 December 2014 - 06:01 AM

At the very beginning I asked you not to make any changes, (including installing/uninstalling programs), without my instruction.

Not only have you ignored that, but you’ve also ignored what I said about two antiviruses.

As I’ve been unable to trace any form of malware, (apart from some adware), your problem is likely to be just that. Two antiviruses cannot work together and can even render each other useless; so, far from making sure that your computer is protected, it is very under-protected and under great strain to work properly as two programs are constantly fighting against each other.

Please uninstall Eset antivirus and then run SecurityCheck in normal mode.

===================================================

There is also one entry that I want to check.

Please download SystemLook from one of the links below and save it to your Desktop.

SystemLook (32-bit)
SystemLook (64-bit)

  • double-click SystemLook.exe to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning:

    :filefind
    *2dopeboyz*
    
    :folderfind
    *2dopeboyz*
    
    :Regfind
    2dopeboyz
    
  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Please don't forget to include the SecurityCheck log.

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#34 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 13 December 2014 - 11:33 AM

First and foremost I've followed your instructions to the letter. The only changes I've made was uninstalling AVG and Popcorn Time per your instructions:

 

"You can not run two real-time ANTIVIRUSESarrow-10x10.png at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.


I would suggest you uninstall AVG but it is your choice.


  • click Start, Control Panel, Programs and Features
  • scroll down the list click on either Kaspersky Internet Secutity or AVG and then on Remove."

As far as EST Antivirus, I only have that per your instructions. It never prompted me to uninstall it once it was finished and it wont uninstall in Programs. The only option is change and that only leads to a install setup wizard.

-------------------------------------------------------------------------------------------

SystemLook 04.09.10 by jpshortstuff
Log created at 11:27 on 13/12/2014 by monroe county
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*2dopeboyz*"
C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-177457807-164583720-2097069978-1000\Chrome\Default\Local Storage\http_www.2dopeboyz.com_0.localstorage --a---- 3072 bytes [23:57 05/02/2014] [02:51 05/02/2014] EBA428AEA6D6FA5077605FB6A2660EB0
C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-177457807-164583720-2097069978-1000\Chrome\Default\Local Storage\http_www.2dopeboyz.com_0.localstorage-journal --a---- 3608 bytes [23:57 05/02/2014] [02:51 05/02/2014] 928B0981306FCA22F1546D9E9F6EBF1C
C:\Users\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-177457807-164583720-2097069978-1000\Chrome\Default\Local Storage\http_www.2dopeboyz.com_0.localstorage --a---- 3072 bytes [23:57 05/02/2014] [02:51 05/02/2014] EBA428AEA6D6FA5077605FB6A2660EB0
C:\Users\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-177457807-164583720-2097069978-1000\Chrome\Default\Local Storage\http_www.2dopeboyz.com_0.localstorage-journal --a---- 3608 bytes [23:57 05/02/2014] [02:51 05/02/2014] 928B0981306FCA22F1546D9E9F6EBF1C
C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_2dopeboyz.com_0.localstorage --a---- 7168 bytes [00:42 06/06/2014] [14:37 12/12/2014] 2FBC0717E53EE416C2F5C3E96DF3CF91
C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_2dopeboyz.com_0.localstorage-journal --a---- 7736 bytes [00:42 06/06/2014] [14:37 12/12/2014] 4D7CF451BD1781E16FFE649E7FD84D4C
C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.2dopeboyz.com_0.localstorage --a---- 6144 bytes [15:41 01/02/2014] [01:51 02/06/2014] 9A2336710951CAB55A5534F43ED5A946
C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.2dopeboyz.com_0.localstorage-journal --a---- 6704 bytes [15:41 01/02/2014] [01:51 02/06/2014] 09F0583EE527495C8621F23EE9AFAE30
 
========== folderfind ==========
 
Searching for "*2dopeboyz*"
No folders found.
 
========== Regfind ==========
 
Searching for "2dopeboyz"
No data found.
 
-= EOF =-


#35 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 13 December 2014 - 03:48 PM

My apologies if I'm wrong. :notworthy:

 

Eset has to go though so let’s try forcing the uninstall.

 

 

There is also an issue with Chrome, (normal these days), but we'll deal with that later.


Download Revo Uninstaller
 

  • double click the installation file on the desktop to run the installer
  • let it install to the default location
  • double click the new Revo Uninstaller Icon on the desktop to start the program.

You will now see a list of installed programs that Revo Uninstaller can remove.

  • locate the program you are uninstalling <Eset
  • right-click the icon then choose Uninstall
  • click Yes to the warning and choose the Uninstall Mode
  • choose the Advanced option and then click Next
  • this will launch the programs built in uninstaller. Be patient it can take several seconds
  • once the uninstaller is done click Next
  • Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
  • once this scan is done click Next
  • you will then be presented of the leftover entries found by Revo Uninstaller
  • look at ALL of the entries to ensure they relate to the uninstall
  • next, click Select All > Delete to remove the entries
  • click Next
  • if there are any program file folders left over you will be presented with a list to be removed
  • again look at ALL of the entries to ensure they are related to the uninstall
  • click Select All > Delete to remove the entries
  • click Finish to go back to the uninstall list
  • when you have removed it, close the program.

Let me know how that goes.

Satchfan
 

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#36 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 13 December 2014 - 05:23 PM

So far so good....no sign of any EST warning prompts. Do I need to do anything about Revo at this time?



#37 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 14 December 2014 - 02:31 AM

Update: It seems that EST yet lives.



#38 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 14 December 2014 - 03:15 AM

Try uninstalling it in safe mode.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#39 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 14 December 2014 - 07:05 PM

I'm having the same problem from earlier with the inability to get into safe mode. No matter what I tried, including

allowing the laptop to overheat to force a reboot and every time it skip passed the BIOS screen.



#40 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 15 December 2014 - 02:31 AM

Hi Pacer

 

Strange about safe mode seeing as it was fine when you ran SecurityCheck. As it doesn't appear to be a malware problem that's causing this, when we finish up here it may be worth asking in our Windows forum; I'll give you the link later.

 

 

It could be Kaspersky that is causing the "uninstall" problem with Eset. See this article.

 

The only option is change and that only leads to a install setup wizard.

 

 

Try temporarily disabling Kaspersky and then use the Eset Install wizard to uninstall it.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#41 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 16 December 2014 - 10:29 PM

So far so good no signs of EST at this time.



#42 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 17 December 2014 - 03:37 AM

When you think it has been uninstalled, please run SecurityCheck again and post the log.

 

Thanks

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#43 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 17 December 2014 - 07:04 PM

Requested logs:
 
Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 32  
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome (38.0.2125.104) 
 Google Chrome (38.0.2125.111) 
 Google Chrome (chrome.dll..) 
 Google Chrome (chrome.exe..) 
 Google Chrome (debug.log..) 
 Google Chrome (Dictionaries...) 
 Google Chrome (First Run...) 
 Google Chrome (old_chrome.exe..) 
 Google Chrome (update.dll..) 
 Google Chrome (wow_helper.exe..) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 plugin-nm-server.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 


#44 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 18 December 2014 - 01:56 AM

That looks good.

 

Can you try starting in safe mode. If it's still a problem, seeing that I'm satisfied there is no malware on your computer, I'll give you a link to our Windows forum to see if they can find the problem as it's beyond my area of expertise.

 

Can you also tell me if there are any other remaining problems and if not, I'll send instructions to tidy up.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#45 Pacer

Pacer

    Authentic Member

  • Authentic Member
  • PipPip
  • 85 posts

Posted 18 December 2014 - 04:58 AM

The original problems still exist.


Related Topics




Also tagged with one or more of these keywords: Dealin, redirect

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users