1. Warning Welcome to MalwareTips.com, a free community where people like yourself come together to discuss and learn about PC security and computers.
    As a guest, you can browse and view the various discussions in the forums, but you can not create new threads or reply to an existing one unless you are a registered member. By joining our free community you will have access to post threads, start private conversations with other members, respond to polls, upload content and access many other special features.
    Registration is fast, simple and absolutely free, so please join us today!
  2. Warning Icon Please note that all given instructions in each thread are customized for each help request, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post the appropriate logs in our Malware Removal Assistance forum and wait for help.

    Please be aware that removing Malware is a potentially hazardous undertaking. We will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for us to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and we cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    We strongly advise you to backup any personal files and folders before you start.
  3. Emsisoft  Mobile Security GiveawayEXCLUSIVE MalwareTips.com: Emsisoft Mobile Security Giveaway

    Get a free license key for Emsisoft Mobile Security to protect your Android smartphone. We are giving away Emsisoft Mobile Security license keys for our awesome members!

    Get an Emsisoft Mobile Security license key!

  4. Zemana AntiLogger Unlimited GiveawayEXCLUSIVE: Zemana AntiLogger Giveaway

    Get a free license key for Zemana AntiLogger. We are giving away 300 Zemana AntiLogger license keys for our awesome members!

    Get a Zemana AntiLogger license key!

  5.  NoVirusThanks EXE GiveawayEXCLUSIVE MalwareTips.com : NoVirusThanks EXE Radar Pro Giveaway

    Get a free license key for NoVirusThanks EXE Radar Pro. We are giving away NoVirusThanks EXE Radar Pro license keys for our awesome members!

    Get a NoVirusThanks EXE Radar Pro license key!

  6. ZoneAlarm 2015 Extreme Security GiveawayEXCLUSIVE MalwareTips.com:ZoneAlarm 2015 Extreme Security Giveaway

    Get a free license key for ZoneAlarm 2015 Extreme Security. We are giving away ZoneAlarm 2015 Extreme Security license keys for our awesome members!

    Get a ZoneAlarm 2015 Extreme Security license key!

  7. Windows XP End Of Support

    After 12 years, support for Windows XP has ended on April 8, 2014. There will be no more security updates or technical support for the Windows XP operating system. Without critical Windows XP security updates, your PC may become vulnerable to harmful viruses, spyware, and other malicious software which can steal or damage your business data and information. Many software vendors will no longer support their products running on Windows XP as they are unable to receive Windows XP updates. Most PC hardware manufacturers will stop supporting Windows XP on existing and new hardware.

  8. Tip of the Day Always keep an eye on what you click and download, including music, movies, files, browser plug-ins or add-ons
    Be wary of pop-up windows that ask you to download software or that offer to fix your computer. Often these pop-ups will claim that your computer has been infected and that their download can fix it – don’t believe them. Close the window and make sure you don’t click inside the pop-up window. Do not open files of unknown types, or if you see unfamiliar browser prompts or warnings asking you to open a file. Sometimes malware may prevent you from leaving a page if you land on it, for example by repeatedly opening a download prompt. If this happens, use your computer’s task manager or activity monitor to close your browser.

Can't remove UtubeADBlock extension from Chrome

Discussion in 'Malware Removal Assistance' started by The_Mask, Feb 9, 2014.

Thread Status:
Not open for further replies.
  1. The_Mask

    The_Mask New Member

    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    10
    Operating System:
    Windows 7
    Are you using a 32-bit or 64-bit operating system?:
    64-bit (x64)
    Infection date and initial symptoms:
    The first signs of infection occured maybe a week ago when chrome would randomly open this: http://warn1now.com/opt9/indexrt.php webpage and tell me that my computer was infected. I have never left it open long. I always closed it immediately.
    Current issues and symptoms:
    As explained above. Symptoms are the same.
    Steps taken in order to remove the infection:
    I followed this guide: http://malwaretips.com/blogs/youtubeadblocker-virus-removal/ and the extension is still there. It has some type of permission that doesn't allow me to delete it from the extensions or disable it. It says it is enabled by an enterprise policy.
    What scan logs have you uploaded to this post?:
    • AdwCleaner scan log
    Like I said in the questions. I first noticed there was a problem when chrome would open a webpage and tell me I was infected and to call whatever number. I closed it immediately everytime and I have followed the guide associated with removing the extension. However, it didn't work. I've removed a lot of threats from my computer. HitmanPro even detected FLV Player when my control panel didn't so I had it removed. The extension is still there though and I'm unsure how to get rid of it. I'm contemplating a full wipe of the hard drive and a clean OS install if I can't remove the virus soon.

    Attached Files:

  2. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    1,546
    Likes Received:
    149
    Trophy Points:
    147
    Hi,

    Can you take a ScreenShot for me to see.
  3. The_Mask

    The_Mask New Member

    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    10
    I tried just following the web address I provided but its just a blank page. It seems to trigger randomly and when it does that's when the page loads in and I can see the false alert.
  4. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    1,546
    Likes Received:
    149
    Trophy Points:
    147
    Type chrome://extensions and take a ScreenShot of that Windows...
  5. The_Mask

    The_Mask New Member

    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    10
    Here you go.

    Attached Files:

  6. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    1,546
    Likes Received:
    149
    Trophy Points:
    147
    Please download zoek.zip or zoek.rar by smeenk ([​IMG]) from here or here and save it to your Desktop.
    Unpack the archive...
    • Close any open browsers
    • Temporarily disable your AntiVirus program. (If necessary)
      If you are unsure how to do this please read this or this Instruction.
    • Double click on zoek.exe to run the tool .
      Please wait while the tool does not start...
    • Copy the text present inside the code box below and paste it into the large window in the zoek tool:

      Code:
      pibihmlifcaffllogohcppampjdjknfn;a
      UTubeADBlock;z
    • Click on [​IMG] button.
      Please wait until a logreport will open (this can be after reboot)
    • Save notepad to your Desktop and attach here zoek-results.log
      Note: It will also create a log in the C:\ directory named "zoek-results.log"
  7. The_Mask

    The_Mask New Member

    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    10
    Ok so I ran the script and got two errors. I attached a screenshot of them in addition to the log file.

    Attached Files:

  8. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    1,546
    Likes Received:
    149
    Trophy Points:
    147
    Ok, let's try to remove it

    Run zoek again, but now with this script

    Code:
    C:\ProgramData\UTubeADBlock;fs
    C:\ProgramData\YoutubeAdblocker;fs
    C:\Users\All Users\UTubeADBlock;fs
    C:\Users\All Users\YoutubeAdblocker;fs
    C:\Users\Matt\AppData\Local\Packages\windows_ie_ac_001\AC\{7413E51F-D04A-5155-1D17-71BAC324E14A}\YoutubeAdblocker.2.7.dat;f
    C:\Users\Matt\AppData\LocalLow\{7413E51F-D04A-5155-1D17-71BAC324E14A}\YoutubeAdblocker.2.7.dat;f
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{CA42BBF6-6650-A15A-BBCD-9ED0A307C257}\UTubeADBlock.2.7.dat;f
    autoclean;
    emptyalltemp;
    emptyclsid;
  9. The_Mask

    The_Mask New Member

    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    10
    alright, here is the log file and I got another two more errors. One was the script error from last time and a new registry edit error attached below.

    Attached Files:

  10. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    1,546
    Likes Received:
    149
    Trophy Points:
    147
    Ok, how is the situation now?
  11. sissy

    sissy New Member

    Joined:
    Feb 9, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    [​IMG]

    The same thing happens to me , I was infected to install a video codec , even though the options unchecked my PC was flooded with malicious programs that could remove , along with others who did not know he had, with his tutorials ( thanks a lot ! ) But damn extension is there as you mocking me ! She has full access my settings and deleted all my extensions and speed dial and installed extensions and links to their websites friends . I tried to find the id number in the programs folder but not found in the system folder permission , to me , only the owner of this notebook ! , I was denied ! As I did this before and had given me permission earlier, I think the extension has anything to do with it , is it possible? also tried to find a clue in the source code but did not find , do not know what else to do but erase the HD even by uninstalling and reinstalling chrome did not solve the problem . ( please excuse my bad english ! )

    As you can see in the image on the message extension says (in Portuguese ) ' this extension is managed and can not be removed or disabled '. It is impossible to clear the disable option, you can not tell from the picture but it is shaded, whitish.

    I'm furious at the audacity of these people ![​IMG][/URL][/IMG]
  12. The_Mask

    The_Mask New Member

    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    10
    It's still there
  13. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    1,546
    Likes Received:
    149
    Trophy Points:
    147
    Let's try Zoek script once more


    Code:
    kbpdoenkoedoobdaalkkihnhjgekmoeg;a
    kbpdoenkoedoobdaalkkihnhjgekmoeg;z
    YoutubeAdblocker;z
  14. The_Mask

    The_Mask New Member

    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    10
    Here is the log file. Also got the first set of errors again.

    Attached Files:

  15. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    1,546
    Likes Received:
    149
    Trophy Points:
    147
    We will try with more powerfull tool:


    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.


    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  16. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    1,546
    Likes Received:
    149
    Trophy Points:
    147
    That's good, but you should follow my instructions, maybe there is still something left...
  17. The_Mask

    The_Mask New Member

    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    10
    Here are the logs

    Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

    Open FRST, and click Fix. Attach me that report after it is finished.




    Please download aswMBR and save it to your desktop.

    Double click aswMBR.exe to start the tool.
    • Select Yes if prompted to download the Avast database.
    • Click Scan
    • Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
      Note: do NOT attempt any Fix yet.




    Please download AdwCleaner by Xplode and save to your Desktop.

    Double click on AdwCleaner.exe to run the tool.
    • Click on the Scan button.
    • After the scan has finished click on the Clean button.

    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Post logfile will also be saved in the C:\AdwCleaner folder.

    Here are the logs. I already ran the adwcleaner before I started the thread so I attached that as well the one I just did.

    How is the situation now?

    It's still there

    Attached Files:

    Last edited by a moderator: Feb 12, 2014
  18. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    1,546
    Likes Received:
    149
    Trophy Points:
    147
    Can you take one more Screen Shot of this extension for me to see...
  19. The_Mask

    The_Mask New Member

    Joined:
    Feb 9, 2014
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    10
    Here it is again

    Attached Files:

  20. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert Staff Member

    Joined:
    Mar 8, 2013
    Messages:
    1,546
    Likes Received:
    149
    Trophy Points:
    147

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads: Can't remove
Forum Title Date
Malware Removal Assistance Can't remove Mysearchdial Tuesday at 7:31 AM
Malware Removal Assistance Google Chrome - Can't remove Price Companion nor UTiubberAAdBlockeer Mar 29, 2014
Malware Removal Assistance Can't remove UtubeADBlock extension from Chrome Mar 17, 2014
Malware Removal Assistance Can't remove UtubeADBlock extension from Chrome Mar 15, 2014
Malware Removal Assistance Can't remove UtubeADBlock extension from Chrome Mar 6, 2014

Thread Status:
Not open for further replies.
MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.