Mini Spy

Loading...

Latest Threads

Loading...
 
  1. Before you start!
    All given instructions in this forum are customized for each help request, the tools used may cause damage if used on a computer with different infections. If you think you have similar issues, please post the appropriate logs in our Malware Removal Assistance forum and wait for help.

    Please be aware that removing Malware is a potentially hazardous undertaking. We will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for us to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and we cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    We strongly advise you to backup any personal files and folders before you start.
  2. Cyberghost EXCLUSIVE GIVEAWAY: CYBERGHOST SPECIAL EDITION UNLIMITED GIVEAWAY

    Starting with Wednesday, 6th of August get a free 1 year license license key for CyberGhost Special Edition. We are giving away CyberGhost Special Edition 15.000 license keys in a 48 hours promo for our awesome members!

    Get a CyberGhost Special Edition license key!

  3. avast! Premier 2014 Giveaway EXCLUSIVE GIVEAWAY: AVAST PREMIER 2014 GIVEAWAY

    Each day get a free license key for avast! Premier 2014. We are giving away avast! Premier 2014 license keys for our awesome members!

    Get now an Avast Premier 2014 license key!

  4. Bitdefender EXCLUSIVE GIVEAWAY: BITDEFENDER INTERNET SECURITY 2015 UNLIMITED GIVEAWAY

    Get a free license key for Bitdefender Internet Security 2015. We are giving away Bitdefender Internet Security 2015 6 months license keys for our awesome members!

    Get now a Bitdefender Internet Security 2015 license key!

  5. Use caution when opening email attachments
    Email attachments are a common tool for attackers because forwarding email is so simple. Users often open attachments that appear to come from someone they know or an organization they do business with. Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send. If your email program includes an option to automatically download email attachments, DON'T take it. Doing so could immediately expose your computer to any viruses included in the email attachments.

Surf and Keep/AllCheapPrice/Tuvaro/WatchitNoAds

Discussion in 'Malware Removal Assistance' started by Polyphase Avatron, Feb 1, 2014.

  1. Polyphase Avatron

    Polyphase Avatron New Member

    Joined:
    Feb 1, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    10
    Operating System:
    Windows Vista
    Are you using a 32-bit or 64-bit operating system?:
    32-bit (x86)
    Infection date and initial symptoms:
    Several months ago, lots of ads and unwanted extensions, browser search redirect
    Current issues and symptoms:
    "WatcheItNoeAds 2.7" Chrome browser extension undeletable due to being "installed by enterprise policy", creates random links in website text. Browser search redirects to Tuvaro search when I open a new tab and type something (previously it would go to google search)
    Steps taken in order to remove the infection:
    Uninstalled and deleted many files, tried programs adwcleaner, JRT Junkware remove, Malwarebytes Anti-Malware (both quick and full scan), Malwarebytes Anti-Rootkit BETA, Hitman Pro 3.7, Cloud System Booster, Farber Recovery Scan Tool, aswMBR, problem persists.
    What scan logs have you uploaded to this post?:
    • FRST scan log
    • aswMBR scan log
    I have had serious problems since a few months ago when I downloaded a file, it installed the "Surf and Keep" adware, which I sort of got rid off, but this browser extension "aalchheapprice" or something kept popping up, then after a while another one called "WatcheItNoeAds2.7" appeared. I could remove the first one every time I booted Chrome but it kept coming back, the second one, however, is "installed by enterprise policy" and undeleteable, I eventually got rid of the first one by deleting something in program data and it hasn't yet reappeared, but I can't get rid of the second one. In addition, ever since the problem started, any random search (i.e. opening a new tab and typing something) will take me to the Tuvaro search instead of Google search. The "WatcheItNoeAds2.7" seems to create random links in website text.

    Attached Files:

  2. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Joined:
    Mar 8, 2013
    Messages:
    3,363
    Likes Received:
    382
    Trophy Points:
    242
    Hi,


    Uninstall following from Control Panel:
    - GS.Supporter 1.80
    - GS-Enabler
    - GS-Supporter 1.80
    - Speed Streamer
    - YoutubeAdblocker


    Restart your PC.



    Then:



    Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

    Open FRST, and click Fix. Attach me that report after it is finished.

    Attached Files:

  3. Polyphase Avatron

    Polyphase Avatron New Member

    Joined:
    Feb 1, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    10
    GS-Enabler and YoutubeAdBlocker aren't appearing on the control panel programs list, also when I try to uninstall the others I get an error, saying it can't find a dll or ena file and "the specified module could not be found".
  4. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Joined:
    Mar 8, 2013
    Messages:
    3,363
    Likes Received:
    382
    Trophy Points:
    242
    Then skip it and jump to the other step.



    Then...



    Please download zoek.zip or zoek.rar by smeenk ([​IMG]) from here or here and save it to your Desktop.
    Unpack the archive...
    • Close any open browsers
    • Temporarily disable your AntiVirus program. (If necessary)
      If you are unsure how to do this please read this or this Instruction.
    • Double click on zoek.exe to run the tool .
      Please wait while the tool does not start...
    • Copy the text present inside the code box below and paste it into the large window in the zoek tool:

      Code:
      createsrpoint; 
      StandardSearch; 
      emptyfolderscheck; 
      installer-list; 
      installedprogs; 
      uninstall-list;
    • Click on [​IMG] button.
      Please wait until a logreport will open (this can be after reboot)
    • Save notepad to your Desktop and attach here zoek-results.log
      Note: It will also create a log in the C:\ directory named "zoek-results.log"
  5. Polyphase Avatron

    Polyphase Avatron New Member

    Joined:
    Feb 1, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    10
    I try to upload it but it says it has an invalid file extension (.log)
  6. Polyphase Avatron

    Polyphase Avatron New Member

    Joined:
    Feb 1, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    10
    Okay I changed the extensinon

    Attached Files:

  7. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Joined:
    Mar 8, 2013
    Messages:
    3,363
    Likes Received:
    382
    Trophy Points:
    242
    Run Zoek again, but now with this script

    Code:
    emptyclsid;
    emptyfolderscheck;delete
    shortcutfix;
    resetIEproxy;
    netsh int ip reset >> %temp%\log.txt;b
    ipconfig /flushdns >> %temp%\log.txt;b
    resethosts;
    emptyalltemp;
    autoclean;
    Last edited: Feb 1, 2014
  8. Polyphase Avatron

    Polyphase Avatron New Member

    Joined:
    Feb 1, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    10
    That didn't solve the problem, WatcheItNoeAds2.7 is still there, as well as the Tuvaro redirect. Should I delete the files/folders in the zoek log that show where those extensions are? (Comodo and whatnot)?

    EDIT: Speed Streamer also still appears in the control panel list of installed programs.
  9. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Joined:
    Mar 8, 2013
    Messages:
    3,363
    Likes Received:
    382
    Trophy Points:
    242
    Follow my last instruction and attach requested report...
  10. Polyphase Avatron

    Polyphase Avatron New Member

    Joined:
    Feb 1, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    10
    Here's the log produced by running the zoek program with your latest instruction.

    I'm unclear as to what you want me to do next.

    Attached Files:

    Last edited: Feb 1, 2014
  11. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Joined:
    Mar 8, 2013
    Messages:
    3,363
    Likes Received:
    382
    Trophy Points:
    242
    Run Zoek again with this script

    Code:
    QuickScan;
  12. Polyphase Avatron

    Polyphase Avatron New Member

    Joined:
    Feb 1, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    10
    Okay, I did, here is the result.

    Attached Files:

  13. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Joined:
    Mar 8, 2013
    Messages:
    3,363
    Likes Received:
    382
    Trophy Points:
    242
    Re-run Zoek with this script

    Code:
    ffmenu@savevid.com;ff
    surfu anD keepp;chr
    surf and keep;chr
    Closed tabs;chr
    grEAtseavieRR;chr
    YTBiookMark;chr
    SNT;chr
    suRF and keep;chr
    YoutubeAdblocker;chr
    suurf and kueepp;chr
    autoclean;
    emptyclsid;
    emptyalltemp;
  14. Polyphase Avatron

    Polyphase Avatron New Member

    Joined:
    Feb 1, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    10
    Okay, I ran it, but WatchItNoAds and the Tuvaro redirect are still there after I rebooted and started Chrome again. Here's the newest log.

    Attached Files:

  15. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Joined:
    Mar 8, 2013
    Messages:
    3,363
    Likes Received:
    382
    Trophy Points:
    242
    Run zoek again with this script

    Code:
    Quickscan;
  16. Polyphase Avatron

    Polyphase Avatron New Member

    Joined:
    Feb 1, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    10
    Ok, here is the result.

    What next?

    Attached Files:

    Last edited: Feb 2, 2014
  17. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Joined:
    Mar 8, 2013
    Messages:
    3,363
    Likes Received:
    382
    Trophy Points:
    242
    We need to investigate further.


    Download TDSSKiller and save it to your desktop

    Execute TDSSKiller.exe by doubleclicking on it.
    Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
    • Press Start Scan
    • If Suspicious object is detected, the default action will be Skip, click on Continue.
    • If Malicious objects are found, select Cure.

    Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


    Please post the contents of that log in your next reply.



    Then re-run FRST and attach both reports...
  18. Polyphase Avatron

    Polyphase Avatron New Member

    Joined:
    Feb 1, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    10
    Here it is. It says it didn't find anything.

    Now what?

    Attached Files:

  19. TwinHeadedEagle

    TwinHeadedEagle Malware Removal Expert MalwareTips Staff

    Joined:
    Mar 8, 2013
    Messages:
    3,363
    Likes Received:
    382
    Trophy Points:
    242
    You're missing FRST reports...
  20. Polyphase Avatron

    Polyphase Avatron New Member

    Joined:
    Feb 1, 2014
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    10
    I'm confused, it only created one report.

    Is there anything else I need to do?

    Attached Files:

    Last edited: Feb 3, 2014

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads: Surf Keep/AllCheapPrice/Tuvaro/WatchitNoAds
Forum Title Date
Malware Removal Assistance Surf and Keep/AllCheapPrice/Tuvaro/WatchitNoAds Mar 1, 2014
Malware Archive New Version of Ultrasurf Jun 13, 2014
Mobile and Tablets Microsoft announces Surface Pro 3 - New 12-inch packing Core i7, Fanless chassis May 20, 2014
Malware Removal Assistance can't able to delete virus and surf any antivirus website May 16, 2014
Other Security Related Discussions Best browsers for safe surfing Apr 19, 2014

MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.