Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

search conduit adware


  • This topic is locked This topic is locked
11 replies to this topic

#1 Calron

Calron

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 26 December 2014 - 02:08 PM

I noticed my system running slow on 12-25 and opened the task manager and saw multiple copies of a unknown program running that was pretending to be Google chrome along with unknown download in progress.

 

I ran a Norton insight scan (included) of the program and it said it was OK, but I had my doubts to a I ran a full system scan with Norton. After that cane up with no errors I used Norton power eraser and it deleted a root something or rather. I cannot find a log for that.

 

After that I deleted the file that the program was in and cleaned my registry with TweakNow Registry Cleaner as well as deleting internet explorers temporary internet files.

 

Additionally Norton detected and removed mbam-setup-2.0.4.1028[1].exe while scanning my system as per the instructions before I posted. I have no idea if it is related, but I'm attaching Norton's report just in case.

 

The fake Google chrome program has not come back but I fear my system could still be infected.

Attached Files


    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 28 December 2014 - 09:11 AM

Hi and welcome


Running from C:\Users\David Angel\Desktop\downloads

We need to be careful and make sure the following script is saved to the same location you saved Farbar Recovery Scan Tool or the fix wont work.

download and Save the FRST txt I've created where FRST has been saved to.
(located at the bottom of this page)

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~``

Download Malwarebytes' Anti-Malware to your desktop.
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
  • ***************************************

    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.


    adwcleaner_download.png
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    thisisujrt.gif
    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    ~~~~~~~~~~~~~
    please post
    Fixlog.txt
    Malwarebytes' Anti-Malware log
    C:\AdwCleaner.txt
    JRT.txt

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 Calron

Calron

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 28 December 2014 - 09:49 PM

Done.

Attached Files



#4 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 29 December 2014 - 05:09 AM

How is the computer now?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 Calron

Calron

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 29 December 2014 - 09:41 PM

Well the odd activity stopped after Norton power eraser, but I was told on the Norton forums that I was still infected despite the lack of symptoms.

It does appear to be running better that when I first replied, but I not used it much sense the outbreak.



#6 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 29 December 2014 - 09:47 PM

Let's do this

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note:
    For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#7 Calron

Calron

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 30 December 2014 - 12:17 AM

I had to reset my security level on internet explorer to run ESET.

Attached Files

  • Attached File  ESET.txt   2.32KB   205 downloads


#8 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 30 December 2014 - 07:16 AM

Not much to do now.

Ask Toolbar <-- see if there is any reference left to this.
Will be located in your add/remove programs list. Remove/delete if found.
******************


Lets try it manually remove items located in SpyBot's quarantine.


Please make all files and folders VISIBLE:


Close all open programs.
Click on the "Windows Orb" (bottom left hand corner of your screen).
Click on "Control Panel", and then on "Appearance and Personalization".
Under Folder Options, click on "Show hidden files and folders".
Remove the checkmark from the checkbox labeled "Hide extensions for known file types".
Remove the checkmark from the checkbox labeled "Hide protected operating system files (Recommended)".
Press the "Apply" button and then the "OK" button.
For more detail, please see here.


Please search for the following files/folders


NOTE: DO NOT double click on ANY files in the next step!!!
Right-click your "Start" button and select "Explore".
Navigate to and delete the following files in bold.

C:\Users\All Users\Spybot - Search & Destroy\Recovery\myPCBackup.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SomotoBetterInstaller.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinAgentrer.zip

If you can't find these or you have no access, thats OK.
This will tell us we have to uninstall then reinstall the Program.

~~~~~~~~~~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
 

start
CloseProcesses:
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\Toolbar.exe
C:\ProgramData\SpeedBit\DAP\Offers\VA32_DapSo.exe
C:\Users\All Users\SpeedBit\DAP\Offers\VA32_DapSo.exe
C:\Users\David Angel\AppData\LocalLow\jvmgwhd.dll
C:\Users\David Angel\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab
C:\Windows\Installer\28d75dd.msi
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

How's your computer now?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#9 Calron

Calron

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 30 December 2014 - 10:11 PM

Ask Toolbar appears not to be on the add/remove programs menu.

I found the files you listed and deleted the files you as instructed as well as the rest of spybot's quarantined items myPCBackup and SomotoBetterInstaller had multiple copies.

 

I manually looked for the one item in the fix that couldn't find and couldn't find it.

My computer still seems to be working normally.

Attached Files



#10 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 31 December 2014 - 03:45 AM

 

My computer still seems to be working normally.

 

Good deal.

 

Copy all text in the code box (below)...to Notepad.
 

@echo off

del /f /s /q "C:\OEM\Preload\Autorun\APP\Nero 10 Essentials eMachines Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe"

del %0

Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"


It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.


The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

 

~~~~~~~~~~~~~~~~

 

AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 

***

 

Your good to go.

 

 

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
  • EG85Vjt.pngMalwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.pngNoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.pngSecuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpgSpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

 


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#11 Calron

Calron

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 31 December 2014 - 08:46 PM

Done, thanks for the help.

Attached Files



#12 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 01 January 2015 - 05:17 AM

Glad we could help. :)sparkle.gif

Since this issue appears resolved ... this Topic is closed.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users