Solved Virus from ufonts.com

[Maz123]

I tried to download a font from ufonts.com and seem to have caught something. Computer is going increasingly slower and not doing what I say, so after removing the browser extensions, I assume there is a virus or similar at work in the background that is causing trouble. Please help!

Details of steps taken so far:
I have removed the extensions from Firefox and Chrome, and deleted the file that I had downloaded (I can't remember what they were called, which is annoying). It's obvious there is still something going on in the background. I have also run MalwareBytes and Microsoft Security Essentials, and they don't seem to have picked anything up, aside from 1 file, which MalwareBytes deleted. I downloaded Farbar Recovery Scan Tool, then (as in the instructions) right-clicked to run as admin, and pressed scan, but all that happened was the window for the application kind of greyed out, like it was unable to do anything. I waited for a wee while but nothing seemed to be happening. I also tried the 32-bit version but that didn't work.

 

[TwinHeadedEagle]

Hello

Please follow this topic and attach required reports

http://malwaretips.com/threads/preparation-guide-before-requesting-malware-removal-help.20334/

 

[Maz123]

Hi,

Thank you very much for your response. I have already downloaded both of the files, ran it as admin, then pressed scan but it didn't work - the app window whitened out and didn't give me any sort of response (how long is it supposed to take? unless that's normal, but it really looked like it wasn't doing anything, and I left it like that for a while, just incase). Please advise.

Many thanks

 

[TwinHeadedEagle]

Can you boot to Safe Mode and run FRST from there?

 

[Maz123]

Can you boot to Safe Mode and run FRST from there?

Woo hoo, it seems to be working so far...

 

[Maz123]

Here are the two generated files...

Many thanks again for your help

 

[TwinHeadedEagle]

127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com
127.0.0.1 practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com



This topic will be closed due to presence of pirated content.

Piracy policy

 

[TwinHeadedEagle]

Topic re-opened.

 

[TwinHeadedEagle]

Uninstall some programs

We need to uninstall some unwanted/unneeded programs.

• Press the
  
  + R on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

• Bundled software uninstaller
• Search Protection
• UpdaterEX
• uuniasaLes

After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait until the database is updated.
• Accept the Terms of use and click Scan.
• When finished, please click Clean.
• Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

 

[Maz123]

Uninstall some programs
- I couldn't see any of the progs you mentioned (I wonder whether I had already uninstalled them as I know I def removed two that are in the list?)

Farbar
- Fixlog.txt.attached

Fix with AdwCleaner
- I had already run this prog last night. But have run it again, following your instructions and attached file. Have also attached file from last night.

Thanks

 

[TwinHeadedEagle]

Yes, Adwcleaner probably got rid of them. How is your PC now?

 

[Maz123]

Yes, I can see a huge improvement, it's a lot faster. I was basically at a standstill last night.
Do the logs look clear now?
Thank you very much for your time.

 

[TwinHeadedEagle]

Yes, logs are fine now.

Your Google Chrome is altered by malware, I recommend to reinstall it to restore full functionality.



Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself

Recommended reading:
​

MUST READ - security tips:

• Computer Security - a short guide to staying safer online.
• Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance:

• What to do if your Computer is running slowly?

The Importance of Software Updating:
​

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.​

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

• How to configure and use Automatic Updates in Windows
• How to update Java
• How to update Adobe Reader

Recommended additional software:
​

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

Adblock - to surf the web without annoying ads!

Post-cleanup procedures:​

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle

 

[Maz123]

I have a couple of questions please...

Are you advising I delete the FRST and adcleaner?... and/or I should follow the post clean-up procedure? (which looks like it does the same thing, and a bit more?) I thought I could maybe keep adcleaner incase I needed to use it again?

I'm currently using CCleaner - can I keep using this, or would you reccommend TFC instead/aswell

I am using Microsoft Secuirity Essentials, which I quite like, should I be using McShield instead? Or is that the same as using MalwareBytes?

Thank you so much!

 

[TwinHeadedEagle]

Yes, I advise to delete the tools, you can always download Adwcleaner again.

Stick with CCleaner please, it is much better tool.

MCSHield is designed to prevent infections transmitting via removable/pen drives. If you're using them, then you mush have this program. It is not antivirus. All the tools I recommended can work together with your Antivirus.

 

[Maz123]

Fantastic, thanks again!

 

[TwinHeadedEagle]

Cheers