Mini Spy

Loading...

Latest Threads

Loading...
 
  1. Before you start!
    All given instructions in this forum are customized for each help request, the tools used may cause damage if used on a computer with different infections. If you think you have similar issues, please post the appropriate logs in our Malware Removal Assistance forum and wait for help.

    Please be aware that removing Malware is a potentially hazardous undertaking. We will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for us to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and we cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    We strongly advise you to backup any personal files and folders before you start.

Can't remove UtubeADBlock extension from Chrome

Discussion in 'Malware Removal Assistance' started by The_Mask, Feb 9, 2014.

Thread Status:
Not open for further replies.
  1. The_Mask

    The_Mask New Member

    Reputation:
    0
    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Operating System:
    Windows 7
    Are you using a 32-bit or 64-bit operating system?:
    64-bit (x64)
    Infection date and initial symptoms:
    The first signs of infection occured maybe a week ago when chrome would randomly open this: http://warn1now.com/opt9/indexrt.php webpage and tell me that my computer was infected. I have never left it open long. I always closed it immediately.
    Current issues and symptoms:
    As explained above. Symptoms are the same.
    Steps taken in order to remove the infection:
    I followed this guide: http://malwaretips.com/blogs/youtubeadblocker-virus-removal/ and the extension is still there. It has some type of permission that doesn't allow me to delete it from the extensions or disable it. It says it is enabled by an enterprise policy.
    What scan logs have you uploaded to this post?:
    • AdwCleaner scan log
    Like I said in the questions. I first noticed there was a problem when chrome would open a webpage and tell me I was infected and to call whatever number. I closed it immediately everytime and I have followed the guide associated with removing the extension. However, it didn't work. I've removed a lot of threats from my computer. HitmanPro even detected FLV Player when my control panel didn't so I had it removed. The extension is still there though and I'm unsure how to get rid of it. I'm contemplating a full wipe of the hard drive and a clean OS install if I can't remove the virus soon.
     

    Attached Files:

  2. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    Mar 8, 2013
    Messages:
    9,929
    Likes Received:
    687
    Hi,

    Can you take a ScreenShot for me to see.
     
  3. The_Mask

    The_Mask New Member

    Reputation:
    0
    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    I tried just following the web address I provided but its just a blank page. It seems to trigger randomly and when it does that's when the page loads in and I can see the false alert.
     
  4. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    Mar 8, 2013
    Messages:
    9,929
    Likes Received:
    687
    Type chrome://extensions and take a ScreenShot of that Windows...
     
  5. The_Mask

    The_Mask New Member

    Reputation:
    0
    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Here you go.
     

    Attached Files:

  6. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    Mar 8, 2013
    Messages:
    9,929
    Likes Received:
    687
    Please download zoek.zip or zoek.rar by smeenk ([​IMG]) from here or here and save it to your Desktop.
    Unpack the archive...
    • Close any open browsers
    • Temporarily disable your AntiVirus program. (If necessary)
      If you are unsure how to do this please read this or this Instruction.
    • Double click on zoek.exe to run the tool .
      Please wait while the tool does not start...
    • Copy the text present inside the code box below and paste it into the large window in the zoek tool:

      Code:
      pibihmlifcaffllogohcppampjdjknfn;a
      UTubeADBlock;z
    • Click on [​IMG] button.
      Please wait until a logreport will open (this can be after reboot)
    • Save notepad to your Desktop and attach here zoek-results.log
      Note: It will also create a log in the C:\ directory named "zoek-results.log"
     
  7. The_Mask

    The_Mask New Member

    Reputation:
    0
    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Ok so I ran the script and got two errors. I attached a screenshot of them in addition to the log file.
     

    Attached Files:

  8. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    Mar 8, 2013
    Messages:
    9,929
    Likes Received:
    687
    Ok, let's try to remove it

    Run zoek again, but now with this script

    Code:
    C:\ProgramData\UTubeADBlock;fs
    C:\ProgramData\YoutubeAdblocker;fs
    C:\Users\All Users\UTubeADBlock;fs
    C:\Users\All Users\YoutubeAdblocker;fs
    C:\Users\Matt\AppData\Local\Packages\windows_ie_ac_001\AC\{7413E51F-D04A-5155-1D17-71BAC324E14A}\YoutubeAdblocker.2.7.dat;f
    C:\Users\Matt\AppData\LocalLow\{7413E51F-D04A-5155-1D17-71BAC324E14A}\YoutubeAdblocker.2.7.dat;f
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{CA42BBF6-6650-A15A-BBCD-9ED0A307C257}\UTubeADBlock.2.7.dat;f
    autoclean;
    emptyalltemp;
    emptyclsid;
     
  9. The_Mask

    The_Mask New Member

    Reputation:
    0
    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    alright, here is the log file and I got another two more errors. One was the script error from last time and a new registry edit error attached below.
     

    Attached Files:

  10. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    Mar 8, 2013
    Messages:
    9,929
    Likes Received:
    687
    Ok, how is the situation now?
     
  11. sissy

    sissy New Member

    Reputation:
    0
    Joined:
    Feb 9, 2014
    Messages:
    1
    Likes Received:
    0
    [​IMG]

    The same thing happens to me , I was infected to install a video codec , even though the options unchecked my PC was flooded with malicious programs that could remove , along with others who did not know he had, with his tutorials ( thanks a lot ! ) But damn extension is there as you mocking me ! She has full access my settings and deleted all my extensions and speed dial and installed extensions and links to their websites friends . I tried to find the id number in the programs folder but not found in the system folder permission , to me , only the owner of this notebook ! , I was denied ! As I did this before and had given me permission earlier, I think the extension has anything to do with it , is it possible? also tried to find a clue in the source code but did not find , do not know what else to do but erase the HD even by uninstalling and reinstalling chrome did not solve the problem . ( please excuse my bad english ! )

    As you can see in the image on the message extension says (in Portuguese ) ' this extension is managed and can not be removed or disabled '. It is impossible to clear the disable option, you can not tell from the picture but it is shaded, whitish.

    I'm furious at the audacity of these people ![​IMG][/URL][/IMG]
     
  12. The_Mask

    The_Mask New Member

    Reputation:
    0
    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    It's still there
     
  13. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    Mar 8, 2013
    Messages:
    9,929
    Likes Received:
    687
    Let's try Zoek script once more


    Code:
    kbpdoenkoedoobdaalkkihnhjgekmoeg;a
    kbpdoenkoedoobdaalkkihnhjgekmoeg;z
    YoutubeAdblocker;z
     
  14. The_Mask

    The_Mask New Member

    Reputation:
    0
    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Here is the log file. Also got the first set of errors again.
     

    Attached Files:

  15. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    Mar 8, 2013
    Messages:
    9,929
    Likes Received:
    687
    We will try with more powerfull tool:


    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.


    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
     
  16. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    Mar 8, 2013
    Messages:
    9,929
    Likes Received:
    687
    That's good, but you should follow my instructions, maybe there is still something left...
     
  17. The_Mask

    The_Mask New Member

    Reputation:
    0
    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Here are the logs

    Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

    Open FRST, and click Fix. Attach me that report after it is finished.




    Please download aswMBR and save it to your desktop.

    Double click aswMBR.exe to start the tool.
    • Select Yes if prompted to download the Avast database.
    • Click Scan
    • Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
      Note: do NOT attempt any Fix yet.




    Please download AdwCleaner by Xplode and save to your Desktop.

    Double click on AdwCleaner.exe to run the tool.
    • Click on the Scan button.
    • After the scan has finished click on the Clean button.

    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Post logfile will also be saved in the C:\AdwCleaner folder.

    Here are the logs. I already ran the adwcleaner before I started the thread so I attached that as well the one I just did.

    How is the situation now?

    It's still there
     

    Attached Files:

    Last edited by a moderator: Feb 12, 2014
  18. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    Mar 8, 2013
    Messages:
    9,929
    Likes Received:
    687
    Can you take one more Screen Shot of this extension for me to see...
     
  19. The_Mask

    The_Mask New Member

    Reputation:
    0
    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Here it is again
     

    Attached Files:

  20. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    Mar 8, 2013
    Messages:
    9,929
    Likes Received:
    687

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Loading...
Thread Status:
Not open for further replies.
MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.