Mini Spy

Loading...

Latest Threads

Loading...
 
  1. Before you start!
    All given instructions in this forum are customized for each help request, the tools used may cause damage if used on a computer with different infections. If you think you have similar issues, please post the appropriate logs in our Malware Removal Assistance forum and wait for help.

    Please be aware that removing Malware is a potentially hazardous undertaking. We will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for us to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and we cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    We strongly advise you to backup any personal files and folders before you start.

V9 portal hijacker

Discussion in 'Malware Removal Assistance' started by japchinlvr, Apr 16, 2013.

  1. japchinlvr

    japchinlvr New Member

    Joined:
    Apr 16, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    2
    I;m sorry I cant do this otl asw stuff. im afraid to infect my little netbook which i need. im not a computer pro.

    First - thank you so much for the instructions to remove money pak - worked like a charm. But this week I got this darn V9 and nothng seems to work. I followed your steps:

    step 1- no new tab or elex programs to uninstall

    step 2- no proxy add ons to delete. removed V9 search provider. made bling default. internet options general V9 has replaced the ie default home page tabe and won't be deleted

    step 3 - deleted V9 from the Target

    step 4 - ran adwcleaner and several v9 items were removed according to the log

    step 5 - ran malwarebytes nothing found

    step 6 - ran hitman pro found netwrapper.dll - quarantined

    started IE - still V9, even though the default is google
    went to IE properties, target has V9 again. I deleted it again. Started IE still have V9.

    Help - I don't know what else to do. I have windows 7 and IE10.

    Thank you
     
  2. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    9
    Trophy Points:
    105
    Hi and welcome to MalwareTips! :)

    I'm Fiery and I would gladly assist you in removing the malware on your computer.

    Before we start:
    • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
    • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
    • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
    • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
    • The absence of symptoms does not mean your PC is fully disinfected.
    • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
    • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

    <hr>
    OTL is 100% virus-free. It will not infect your PC. It is a diagnostic tool for us helpers to see what is wrong with your PC. To validate the tool, here is a tutorial about the tool and what it does: http://www.geekstogo.com/forum/topic/277391-otl-tutorial-how-to-use-oldtimer-listit/

    Download OTL by Old Timer from here and save it to your Desktop.
    • Double click on OTL.exe to run it.
    • Click the Scan All Users checkbox.
    • Check the boxes beside LOP Check and Purity Check
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please attach the contents of these 2 Notepad files in your next reply.

    If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072
     
  3. japchinlvr

    japchinlvr New Member

    Joined:
    Apr 16, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    2
    Hello - Just FYI - last thing before I went to bed last night I did IE internet options "restore advanced options". Now I do not see the V9 tab or in the "Target". But I'm concerned it's still here somewhere.

    OTL files attached....

    THX!
     

    Attached Files:

  4. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    9
    Trophy Points:
    105
    Hi there,

    There seems to be a suspicious file & folder on the system called Magnipic. It is an adware.

    The program loads itself into the AppInit_DLLs where files under that setting will load very early on your system. Usually, rootkits use this technique to mask other malware on the system. I see you have it as an extension on chrome too, I would advise you to remove it.

    Open OTL. Under custom scan/fixes, copy and paste the following:

    Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

    Next, Download Malwarebytes Anti-Rootkit from here to your Desktop
    • Unzip the contents to a folder on your Desktop.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
    • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
    • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)
     
  5. japchinlvr

    japchinlvr New Member

    Joined:
    Apr 16, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    2
    Hello - ran OTL and mbar twice. Nothing found on the second mbar. Logs attached.

    Do I have to do something with Chrome? I have never used it so I don't know where things are.

    OTL log:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\magnipic\sprote~1.dll deleted successfully.
    C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\leimedjljnbdkhjglollaialjcngkfdb\1 folder moved successfully.
    C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\fejhacogechociploajgdedklpanhegc\1 folder moved successfully.
    File PTYTEMP] not found.
    File SETHOSTS] not found.

    OTL by OldTimer - Version 3.2.69.0 log created on 04182013_200700

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     

    Attached Files:

  6. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    9
    Trophy Points:
    105
    Ok.

    Update Malwarebytes Anti-malware and do a Quick Scan.

    Then Run Eset NOD32 Online AntiVirus here

    Note: You will need to use Internet Explorer for this scan.
    Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
    • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
      • Scan unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
    • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
     
  7. japchinlvr

    japchinlvr New Member

    Joined:
    Apr 16, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    2
    Hello - I ran malwarebytes - nothing found.

    I ran the NOD32 antivirus 6. I did not see the settings you specified so I ran the "smart scan". 37 items cleaned. I couldn't attach the log - it was 179 pages long in a txt file. I don't have winzip at home.

    OMG - will my computer ever be safe? Seems unending.

    THX! for all your help.
     
  8. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    9
    Trophy Points:
    105
    179 pages? :s That is unusual..

    Download Kaspersky Virus Removal Tool <a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">from here</a></> <em>(Download Version 11. You'll have to enter your email address and name)</em>
    <ol>
    <li>Double-click the file and follow the on-screen prompts until it is installed</li>
    <li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
    <ul>
    <li><span style="color: #ff0000;">System Memory</span></li>
    <li><span style="color: #ff0000;">Hidden startup objects</span></li>
    <li><span style="color: #ff0000;">Disk boot sectors</span></li>
    <li><span style="color: #ff0000;">Computer</span></li>
    <li><span style="color: #ff0000;">Local Disk (C: )</span></li>
    </ul>
    </li>
    <li>Click on <>Automatic Scan</></li>
    <li>Now click the <>Start Scanning</> button, to run the scan</li>
    <li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
    <li>Click <>Detected threats</> on the left</li>
    <li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
    <li>Please attach kaslog.txt in your next reply.</li>
    </ol>
     
    Last edited by a moderator: Mar 13, 2014
  9. japchinlvr

    japchinlvr New Member

    Joined:
    Apr 16, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    2
    Hello - Ran Kaspersky ( took quite a while).
    NO THREATS DETECTED!
    YAY!
     
  10. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    9
    Trophy Points:
    105
    Good!

    How is your PC now?
     
  11. japchinlvr

    japchinlvr New Member

    Joined:
    Apr 16, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    2
    Hello - I think it's OK. I haven't seen any sign of the V9 Portal. You're awesome!

    You guys have a donation page anywhere?

    Many Thanks!
     
  12. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    9
    Trophy Points:
    105
    You`re welcome! And yes, mine is here:

    My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
    [​IMG]


    If you are no longer experiencing any other issues, your PC is now clean!

    Double click on OTL to run it
    • Click on the Cleanup button at the top.
    • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
    • This will remove itself and other tools we may have used.

    If you have any other questions or concerns, feel free to ask :)
     

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.