Mini Spy

Loading...

Latest Threads

Loading...
 

V9 portal hijacker

Discussion in 'Malware Removal Assistance' started by japchinlvr, Apr 16, 2013.

  1. japchinlvr

    japchinlvr New Member

    Reputation:
    0
    Joined:
    Apr 16, 2013
    Messages:
    7
    Likes Received:
    0
    I;m sorry I cant do this otl asw stuff. im afraid to infect my little netbook which i need. im not a computer pro.

    First - thank you so much for the instructions to remove money pak - worked like a charm. But this week I got this darn V9 and nothng seems to work. I followed your steps:

    step 1- no new tab or elex programs to uninstall

    step 2- no proxy add ons to delete. removed V9 search provider. made bling default. internet options general V9 has replaced the ie default home page tabe and won't be deleted

    step 3 - deleted V9 from the Target

    step 4 - ran adwcleaner and several v9 items were removed according to the log

    step 5 - ran malwarebytes nothing found

    step 6 - ran hitman pro found netwrapper.dll - quarantined

    started IE - still V9, even though the default is google
    went to IE properties, target has V9 again. I deleted it again. Started IE still have V9.

    Help - I don't know what else to do. I have windows 7 and IE10.

    Thank you
     
  2. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    13
    Hi and welcome to MalwareTips! :)

    I'm Fiery and I would gladly assist you in removing the malware on your computer.

    Before we start:
    • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
    • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
    • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
    • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
    • The absence of symptoms does not mean your PC is fully disinfected.
    • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
    • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

    <hr>
    OTL is 100% virus-free. It will not infect your PC. It is a diagnostic tool for us helpers to see what is wrong with your PC. To validate the tool, here is a tutorial about the tool and what it does: http://www.geekstogo.com/forum/topic/277391-otl-tutorial-how-to-use-oldtimer-listit/

    Download OTL by Old Timer from here and save it to your Desktop.
    • Double click on OTL.exe to run it.
    • Click the Scan All Users checkbox.
    • Check the boxes beside LOP Check and Purity Check
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please attach the contents of these 2 Notepad files in your next reply.

    If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072
     
  3. japchinlvr

    japchinlvr New Member

    Reputation:
    0
    Joined:
    Apr 16, 2013
    Messages:
    7
    Likes Received:
    0
    Hello - Just FYI - last thing before I went to bed last night I did IE internet options "restore advanced options". Now I do not see the V9 tab or in the "Target". But I'm concerned it's still here somewhere.

    OTL files attached....

    THX!
     

    Attached Files:

  4. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    13
    Hi there,

    There seems to be a suspicious file & folder on the system called Magnipic. It is an adware.

    The program loads itself into the AppInit_DLLs where files under that setting will load very early on your system. Usually, rootkits use this technique to mask other malware on the system. I see you have it as an extension on chrome too, I would advise you to remove it.

    Open OTL. Under custom scan/fixes, copy and paste the following:

    Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

    Next, Download Malwarebytes Anti-Rootkit from here to your Desktop
    • Unzip the contents to a folder on your Desktop.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
    • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
    • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)
     
  5. japchinlvr

    japchinlvr New Member

    Reputation:
    0
    Joined:
    Apr 16, 2013
    Messages:
    7
    Likes Received:
    0
    Hello - ran OTL and mbar twice. Nothing found on the second mbar. Logs attached.

    Do I have to do something with Chrome? I have never used it so I don't know where things are.

    OTL log:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\magnipic\sprote~1.dll deleted successfully.
    C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\leimedjljnbdkhjglollaialjcngkfdb\1 folder moved successfully.
    C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fejhacogechociploajgdedklpanhegc\1 folder moved successfully.
    File PTYTEMP] not found.
    File SETHOSTS] not found.

    OTL by OldTimer - Version 3.2.69.0 log created on 04182013_200700

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     

    Attached Files:

  6. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    13
    Ok.

    Update Malwarebytes Anti-malware and do a Quick Scan.

    Then Run Eset NOD32 Online AntiVirus here

    Note: You will need to use Internet Explorer for this scan.
    Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
    • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
      • Scan unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
    • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
     
  7. japchinlvr

    japchinlvr New Member

    Reputation:
    0
    Joined:
    Apr 16, 2013
    Messages:
    7
    Likes Received:
    0
    Hello - I ran malwarebytes - nothing found.

    I ran the NOD32 antivirus 6. I did not see the settings you specified so I ran the "smart scan". 37 items cleaned. I couldn't attach the log - it was 179 pages long in a txt file. I don't have winzip at home.

    OMG - will my computer ever be safe? Seems unending.

    THX! for all your help.
     
  8. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    13
    179 pages? :s That is unusual..

    Download Kaspersky Virus Removal Tool <a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">from here</a></> <em>(Download Version 11. You'll have to enter your email address and name)</em>
    <ol>
    <li>Double-click the file and follow the on-screen prompts until it is installed</li>
    <li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
    <ul>
    <li><span style="color: #ff0000;">System Memory</span></li>
    <li><span style="color: #ff0000;">Hidden startup objects</span></li>
    <li><span style="color: #ff0000;">Disk boot sectors</span></li>
    <li><span style="color: #ff0000;">Computer</span></li>
    <li><span style="color: #ff0000;">Local Disk (C: )</span></li>
    </ul>
    </li>
    <li>Click on <>Automatic Scan</></li>
    <li>Now click the <>Start Scanning</> button, to run the scan</li>
    <li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
    <li>Click <>Detected threats</> on the left</li>
    <li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
    <li>Please attach kaslog.txt in your next reply.</li>
    </ol>
     
    Last edited by a moderator: Mar 13, 2014
  9. japchinlvr

    japchinlvr New Member

    Reputation:
    0
    Joined:
    Apr 16, 2013
    Messages:
    7
    Likes Received:
    0
    Hello - Ran Kaspersky ( took quite a while).
    NO THREATS DETECTED!
    YAY!
     
  10. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    13
    Good!

    How is your PC now?
     
  11. japchinlvr

    japchinlvr New Member

    Reputation:
    0
    Joined:
    Apr 16, 2013
    Messages:
    7
    Likes Received:
    0
    Hello - I think it's OK. I haven't seen any sign of the V9 Portal. You're awesome!

    You guys have a donation page anywhere?

    Many Thanks!
     
  12. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Reputation:
    1,000
    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    13
    You`re welcome! And yes, mine is here:

    My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
    [​IMG]


    If you are no longer experiencing any other issues, your PC is now clean!

    Double click on OTL to run it
    • Click on the Cleanup button at the top.
    • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
    • This will remove itself and other tools we may have used.

    If you have any other questions or concerns, feel free to ask :)
     

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Loading...
MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.