Solved Browser Hijacked by Malware, Adware, and Trojan with Ammyy scam background.

Caramello222

New Member
Thread author
Verified
Nov 1, 2014
36
My system is plagued with all kinds of malware. I think my problem is old malware meets new. The new one that I still see in my apps is AD Click and or Ad Double Click. I don't know what to really say I stated a lot above. Please let me know if the scan logs included are correct and up to date because I did them recently and I have multiples of Malwarebytes scans. I just want this crap gone and my computer performance back to great even good and I don't mind going back to Windows 8 from 8.1 because HP sent me a notice of it not be compatible with my PC which I feel that's where all of this started, I should've never upgraded to Win8.1. This is my first time so sorry if to much or to little information but I am more then willing and capable of learning and doing what needs to be done. Even if nothing comes of this I still thank you for taking out the time to try and help me it is greatly appreciated.
 

Attachments

  • FRST_09-11-2014_18-35-36.txt
    22.8 KB · Views: 86
  • Addition_09-11-2014_18-35-35.txt
    36.6 KB · Views: 50
  • AdwCleaner[S0].txt
    2 KB · Views: 45
  • HitmanPro_20141105_1956.log
    5.2 KB · Views: 45
  • JRT.txt
    907 bytes · Views: 52
  • mbar-log-2014-11-02 (20-38-38).txt
    2 KB · Views: 44
  • system-log.txt
    8.3 KB · Views: 43

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.

  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"




FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 

Caramello222

New Member
Thread author
Verified
Nov 1, 2014
36
First I have two questions: 1) I noticed my attached logs have a couple of views and it makes me feel a little uneasy. So I'm hoping you will tell me that only staff members can view their contents. 2) I am curious about folder activity I witnessed this month. I've never seen it before, so I don't know if it's wrong or right. I came across a couple of folders that had the same names of malware that I thought I got rid of. Ammyy, Pcmax, Surfandkeepit, and Logmeinrescue, I'm not sure if logmeinrescue was malware because HP tech support while in remote control said it was their app. There were 2 with different dates but one of them shared the same date as the day I was bombed with malware while downloading Utorrent, so I deleted that one and not the other. Anyway, when I opened Properties on those folders, the information in the General tab began to flicker and the numbers went up higher and higher. Is that normal or a sign of Malware? Back to business, my computer is getting worse. My free Windows Store games have gotten slower and freeze more and for longer (e.g from 5-10 seconds). The first tab in IE 11 desktop version will not go to other websites, I've used the address bar and clicked on my favorites but the page stays the same. All the tabs after that will only go to sites in my favorites. The websites pinned to my start screen use Windows 8 modern version crash right after I click on them. Both versions tabs when I click the X to close them, stay open and switch to BlankPage but close on the second click. That is happening more. So I'm praying the attached logs give you what you need to find a solution to this mess.
 

Attachments

  • mbar-log-2014-11-11 (22-46-26).txt
    2 KB · Views: 31
  • system-log.txt
    59.3 KB · Views: 30
  • FRST.txt
    23.3 KB · Views: 43
  • Addition.txt
    30.1 KB · Views: 37

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
This forum is public and these logs are viewed by a lot of members and even Search providers bots. If you do not feel good to share your logs here, I can delete them for you.

You can delete any folders you don't know what they are, and some of them you mentioned are 100% bad including Pcmax and Surfandkeepit.

I do not see signs of infection now. How is your PC?
 

Caramello222

New Member
Thread author
Verified
Nov 1, 2014
36
First I'm sorry you are getting this reply so late, I replied yesterday but I guess I didn't click post. My computer is getting worse. IE 11 is really messed up. The first tab when opening IE 11 won't load any websites past my homepage site, no matter if enter the site in the address bar or click on my favorites. All tabs after that will only load a favorite site. Today it starting giving me a Secruity Alert pop up when I tried going from one website to the next. IE 11 in modern WIN 8 mode, if I want to go from say this site to Soundcloud.com it won't load the second site in the same tab, I have to open another tab to get to Soundcloud.com. I'm also getting about:blank more often now when closing tabs I have to click (x)close twice, and that is happening in both modes. My CD-Rom is turning on more often but only when there is a disk in it. Freezes are happening more and for a few seconds longer. An example of that is when playing Solutaire clicking the deal deck or moving cards around, the cards are freezing in the middle of those actions. Apps are crashing more and yesterday I couldn't even open IE 11 in WIN 8 modern mode from tiles on my start screen. When I was poking around on my computer yesterday looking for any suspicious looking activity I noticed in my app start up menu an icon of a blank white sheet of paper and next to it was the title/name Program. I right clicked it then left clicked search online it took me to bing search and the results shown were for a site program.com. I didn't click on the site I thought it was strange. The other thing that I came across that I think is strange is Runtime Broker using 269.3mb of memory and 276,696 memory private working set. Also, in September 2014 I received another phone call from those damn Ammyy scammers, I played dumb on the phone for about a good hour as my way of getting them back for tricking me the first time they called. But ever since the second phone call in 9/14 I've been getting a lot scam phone calls, I feel like they are connected in some way. I don't know if any of this info is useful, but maybe you've heard of another case with the same or similar problems and the solution could be the same for this.
 

Caramello222

New Member
Thread author
Verified
Nov 1, 2014
36
I hope you didn't close this case because I found about:blank is back again or never left when I tried to remove it before. I know it's back because it's no longer popping up when I try to close an Internet Explorer tab. Now when I go from one website to another about:blank is in the address bar and the page is blank, when I try to go back to the previous site or page I'm redirected not to a different website but previously viewed pages are skipped and repeated, then when I tried to close the tab it stays open and About:Blank is there again so it takes a second click to close the tab. Please help me get rid of this devil, because I know what's next. Multiple crazy flashing ads damn near stacked on top of each other on websites I visit and in my free games causing me to uninstall them because the ads make game play impossible. Last time it was a bunch of classmates.com ads and banners in my games. Just so you know I haven't done anything outside of your please read note, so my system is still the same.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 

Caramello222

New Member
Thread author
Verified
Nov 1, 2014
36
Before I begin I want to let you know that I checked in my view downloads and discovered that FRST 64.exe 2.01mb sitting there with a message under location "This program is not commonly downloaded and could harm your computer". Under action it shows delete/run. Does this mean the toll didn't download completely even though I used it and sent you the log, is it incomplete? I also have questions about disabling anti-virus and anti-malware protection so I can carry out your instructions perfectly. When I first got my computer Norton was on it along with Windows Defender, Norton expired so I removed the program from my computer and Windows Defender is now my main anti-virus. I bring this up because there are still some Norton files on my computer, are they able to interfere with downloads, scanners, anti-virus and anti-malware? Should I delete them? And here is the list of all the scanners and anti's I have sitting on my computer right now and do they all need to be disabled in any way before downloading Zoek and scanning with it? Windows Defender, Malwarebytes (free), Malwarebytes Rootkit, Adware cleaner by Xplode and Windows Defender also has an adware cleaner within it. JRT remover by Thisisu, and Hitman Pro (trial) is activated. Scanners FRST and Microsoft Malware Remover and Saftey Scanner Tool. Malwarebytes shows real time protection off already because the (trial) period is over and it switched to (free) I had it turned off while on (trial) version so it wouldn't clash with Windows Defender. and I know to turn off real time protection on Windows Defender and Hitman Pro but do I need to do anything to the others before proceeding? Lastly, I left a game disk in my computer and the CD-ROM turned on again by itself I quickly looked at my background tasks in task Manager and Internet Explorer was open in WIN 8 modern mode was that an information pull from my computer to a server hack? I clicked end task and closed it and will also be on alert when the CD-ROM does that again. The reason why I ask is because that is not the first time my CD-ROM turned on by it's self, if a disk is left in it I can hear it turn on several times while I'm using the computer but the disk never loads, it acts as if I'm using Windows Explorer to search for a file but without the blinking icons when it stops. And if it is an info pull from a hack server will disabling everything allow this devil to have a field day on my computer, meaning will it allow for everything to get through as to maybe before somethings were perhaps blocked? Especially with my Firewall down during downloading and scanning with Zoek? If I'm being paranoid and crazy just let me know, my feelings don't get hurt easily. Especially since I know this whole experience of, am I infected, yeah I'm infected, scan, it's gone, is it gone, scan, yeah it's gone, oh no I still see files, scan it's gone, is it gone, yeah it's gone, celebrate, where the hell did this file come from with the same damn name, it's still here but where. That has been going on for 11 months and I know without a doubt I'm batty. My profile pick is exactly how I feel and probably exactly how I look. So I apologize for to much info and paranoia questions, I do trust you and am waiting patiently for your instructions.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's concentrate here only on malware removal. I can help you with other problems too, but it is better to open your topic in other part of forum where more people can help you.

There are no signs of Norton, you can proceed with Zoek scan.
 

Caramello222

New Member
Thread author
Verified
Nov 1, 2014
36
Let's concentrate here only on malware removal. I can help you with other problems too, but it is better to open your topic in other part of forum where more people can help you.

There are no signs of Norton, you can proceed with Zoek scan.
Sorry my rambling made things confusing. I am concentrating on the Zoek scan. You say there are no signs of Norton ok. I know to disable Windows Defender, Malwarebytes, and Hitman Pro, for the scan does any of the other downloads I listed need to be disabled for the Zoek scan.
 

Caramello222

New Member
Thread author
Verified
Nov 1, 2014
36
Good. Report seems pretty clean. How is your PC now?
I guess it's alright. If it's normal for your browser tabs to show about:blank, and guess the weather channel is just hard for money that's why all those are there. So thanks again. I guess it really is clean. Does that mean I can go ahead uninstall all these scans?
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)


Recommended reading:
icon_exclaim.gif
MUST READ - security tips:

icon_exclaim.gif
MUST READ - general maintenance:


The Importance of Software Updating:

In order to stay protected it is
very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.




Recommended additional software:
icon_arrow.gif
TFC - to clean unneeded temporary files.
icon_arrow.gif
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif
McShield - to prevent infections spread by removable media.
icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gif
FiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gif
Adblock - to surf the web without annoying ads!



Post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​




Stay safe,
TwinHeadedEagle :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top