ad.yieldmanager / str.adinterax virus
- Thread starter Mike Loots
- Start date
Hi and welcome to the malwaretips.com forums!
I'm MalwareCenter and I'll try to help you in removing the infection
Please note that:
1. Open OTL. Under custom scan/fixes, copy and paste the following:
Click Run Fix. Windows will be restarted. Attach created log file.
2. I don't recommend Spybot because it can't detect recent infections. Please remove it. You can install Malwarebytes' Anti-Malware instead of Spybot.
3. Open OTL again
4. Do you know this file?
If not, then please upload it to VirusTotal.com and paste link to results.
I'm MalwareCenter and I'll try to help you in removing the infection
Please note that:
- First 3 posts of new members require approval by moderators. Please be patient if you don't see your post immediately after submitting it.
- You should make backup all your important files before we start. Malware removal can be dangerous.
- All commands must be performed in the right order.
- If you are unclear about the instructions, stop and ask!
- The absence of symptoms doesn't mean the computer isn't infected.
- Do not run fixes from other threads!
1. Open OTL. Under custom scan/fixes, copy and paste the following:
Code:
:OTL
O2 - BHO: (Savevid Toolbar) - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\SAVEVI~2\Datamngr\ToolBar\savevidX.dll File not found
O3 - HKLM\..\Toolbar: (Savevid Toolbar) - {23cd218f-af09-443f-bbb1-adb89fd5986d} - C:\PROGRA~1\SAVEVI~2\Datamngr\ToolBar\savevidX.dll File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:Files
C:\WINDOWS\System32\drivers\etc\hosts.20130702-141957.backup
C:\WINDOWS\System32\drivers\etc\hosts.20130701-130820.backup
:Commands
[emptytemp]
[resethosts]Click Run Fix. Windows will be restarted. Attach created log file.
2. I don't recommend Spybot because it can't detect recent infections. Please remove it. You can install Malwarebytes' Anti-Malware instead of Spybot.
3. Open OTL again
- Change Extra Registry option to Use SafeList
- Select Scan All Users.
- Click on Run Scan at the top left hand corner.
- Attach two opened files (OTL.txt and Extras.txt).
4. Do you know this file?
Code:
C:\Program Files\Calender.exeYes I know the file C:\Program Files\Calender.exe- a self written VB6 program
Ran the fix you recomended, results attached
[attachment=5018][attachment=5019]
Ran the fix you recomended, results attached
[attachment=5018][attachment=5019]
You don't attached log from OTL fix.
Are you sure do you use IE8? OTL log shows you have installed IE6.
1. OTL restored the hosts file for Windows Vista, not XP.
Press Win + R > notepad C:\WINDOWS\system32\drivers\etc\Hosts
Remove this line: ::1 localhost
2. Download and run AdwCleaner:
Click Delete.
3. Run Firefox > press left ALT > Tools > Add-ons
Please make a screenshot of Extensions and Plugins tabs.
4. Make new logs using OTL.
Is it still a problem?
Are you sure do you use IE8? OTL log shows you have installed IE6.
1. OTL restored the hosts file for Windows Vista, not XP.
Press Win + R > notepad C:\WINDOWS\system32\drivers\etc\Hosts
Remove this line: ::1 localhost
2. Download and run AdwCleaner:
Click Delete.
3. Run Firefox > press left ALT > Tools > Add-ons
Please make a screenshot of Extensions and Plugins tabs.
4. Make new logs using OTL.
Is it still a problem?
[attachment=5020]Sorry forgot about the fix log.
History - I thought IE8 was the problem and uninstalled it, have today reinstalled IE8 with it's microsoft updates. Am not running Firefox, had it didn't like it, am running Thunderbird.
Will now attempt your recomendations.....
History - I thought IE8 was the problem and uninstalled it, have today reinstalled IE8 with it's microsoft updates. Am not running Firefox, had it didn't like it, am running Thunderbird.
Will now attempt your recomendations.....
Mike Loots said:
I don't understand. Did you uninstalled Firefox? Thunderbird isn't a web browser.
PS. The Extras is the same as before. You need create new logs (OTL + Extras).
[attachment=5023][attachment=5022][attachment=5021]Firefox uninstalled years ago, I know Thunderbird isn't a browser, but it is from the same software producers and I don't know what links there are.
Today I ran the code suggested - don't know where the log is.
I installed IE8 and its security upgrades.
I uninstalled Spybot - did not know what to do with quarantine and immunisation - so did nothing.
ran ADWcleaner
ran OLX
Problem with downloads still persists - Kaspersky update had to reconnect 3 times in a 900kb download.
I suspect there is something hijacking my connection.
Running windows task manager with no other programs open by me, the cpu usage fluctuates between 0% and 7% with 31 processes. Approximately every 20 seconds the cpu usage spikes to 32%. Checking the processes, its jqs.exe making these demands on the cpu - something to do with Java I think. Could this be one of the sources of my problems?
I am attaching the latest logs....
Today I ran the code suggested - don't know where the log is.
I installed IE8 and its security upgrades.
I uninstalled Spybot - did not know what to do with quarantine and immunisation - so did nothing.
ran ADWcleaner
ran OLX
Problem with downloads still persists - Kaspersky update had to reconnect 3 times in a 900kb download.
I suspect there is something hijacking my connection.
Running windows task manager with no other programs open by me, the cpu usage fluctuates between 0% and 7% with 31 processes. Approximately every 20 seconds the cpu usage spikes to 32%. Checking the processes, its jqs.exe making these demands on the cpu - something to do with Java I think. Could this be one of the sources of my problems?
I am attaching the latest logs....
So I'll remove residues of Firefox, JRT and Spybot.Mike Loots said:
1. Open OTL, paste:
Code:
:OTL
[2013/07/01 08:14:36 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/25 15:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/06/25 15:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
:Reg
[-HKEY_LOCAL_MACHINE\software\mozilla\Firefox]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2]
:Files
C:\Documents and Settings\Pamela Smithson\Application Data\Mozilla\Firefox
C:\Program Files\mozilla firefox2. Download SystemLook (32-bit).
Paste following to the window:
Code:
:regfind
firefox
:filefind
firefoxAttach made log.
3. Run Malwarebytes (remember about updating). Perform Full Scan and do not remove anything. Attach the log file.
Did you try reinstalling Java? You have two outdated version of it:
Code:
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21Please remove them and download latest version of Java.
It should be in C:\_OTL if you will found it, attach.
First off - thank you very much for your time and patience.
I appreciate everything you have done so far!
I appreciate everything you have done so far!
[attachment=5029] first OTL fix
[attachment=5030] second OTL fix
[attachment=5031] System Look log
Version of MalwareBytes was installed by shop that I took PC to to have fixed, Trial version and DB is 90 days out of date. Update fails with message - PROGRAM_ERROR_UPDATING(0,0 Package integrity failure) - ran full scan anyway(just in case it found something) nothing found scan log attached.[attachment=5032]
What will happen if I remove Java? Tried to get new version but same problem as MalwareBytes update. Thunderbird is also still giving message - Incorrect Message Authentication Code - and IE8 shows multiple connections when only one site open - other sites not visible.
[attachment=5030] second OTL fix
[attachment=5031] System Look log
Version of MalwareBytes was installed by shop that I took PC to to have fixed, Trial version and DB is 90 days out of date. Update fails with message - PROGRAM_ERROR_UPDATING(0,0 Package integrity failure) - ran full scan anyway(just in case it found something) nothing found scan log attached.[attachment=5032]
What will happen if I remove Java? Tried to get new version but same problem as MalwareBytes update. Thunderbird is also still giving message - Incorrect Message Authentication Code - and IE8 shows multiple connections when only one site open - other sites not visible.
This isn't looking to be malware caused problem. Which connection are you using? wi-fi, 3G? Have you got the issue on other computers? If yes, did you contacted your ISP?
Have you got still problems with yieldmanager and adinterax?
You said:
I don't think it's source of your problems, but you can try uninstall Java and download it using other computer. (you need to download offline version of installer)
1. Open notepad, copy and paste following:
Save as fix.reg and run.
2. Perform scan using TDSSKiller, if something detected - set Skip, do not remove anything (attach the log).
EDIT
Why you removed all logs from thread?
Have you got still problems with yieldmanager and adinterax?
Mike Loots said:
You said:
I don't think it's source of your problems, but you can try uninstall Java and download it using other computer. (you need to download offline version of installer)
1. Open notepad, copy and paste following:
Code:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\FirefoxHTML]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Mozilla Firefox]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Mozilla Firefox]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\2008firefox.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\2009-box.com\firefox]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\2009-box.com\www.firefox]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\firefoxdownload-now.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\2008firefox.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\2009-box.com\firefox]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\2009-box.com\www.firefox]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\firefoxdownload-now.com]
[-HKEY_CURRENT_USER\Software\Mozilla\Firefox]
[-HKEY_CURRENT_USER\Software\Safer Networking Limited]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\firefox.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mozilla Firefox (3.5.2)]Save as fix.reg and run.
2. Perform scan using TDSSKiller, if something detected - set Skip, do not remove anything (attach the log).
EDIT
Why you removed all logs from thread?
When attempting to attatch OTL fix logs, I misunderstood the error message on failure, and thought I had taken too much space that's why I removed previous attatchments. Only when that didn't solve the problem did I figure out that I had to change them from .log to .txt
PC still freezes when on a site with loads of ads, like facebook.
Contacted Cell C - my isp, they say there is nothing untoward with the service I am getting.
Bought a Vodacom modem and sim, in an attempt to check your supposition.
Connected through Vodacom - no difference.
Browsed some other forums and found that jqs.exe is Java Quick Start and I should be able to turn it off. Control panel does not give me that option - so I uninstalled Java.
Hey presto - the demands on my cpu look far less abnormal.
Connected, and was finally able to update MalwareBytes, did a scan and found 7 trojans.
MalwareBytes did it's thing and everything now seems fine.
Thank you for your help and patience.
Is there any software that can monitor site connections?
PC still freezes when on a site with loads of ads, like facebook.
Contacted Cell C - my isp, they say there is nothing untoward with the service I am getting.
Bought a Vodacom modem and sim, in an attempt to check your supposition.
Connected through Vodacom - no difference.
Browsed some other forums and found that jqs.exe is Java Quick Start and I should be able to turn it off. Control panel does not give me that option - so I uninstalled Java.
Hey presto - the demands on my cpu look far less abnormal.
Connected, and was finally able to update MalwareBytes, did a scan and found 7 trojans.
MalwareBytes did it's thing and everything now seems fine.
Thank you for your help and patience.
Is there any software that can monitor site connections?
Mike Loots said:
Have you still got freezes?
You can use AdFender for blocking ads.
Mike Loots said:
You said you got freezes on Facebook, so now it's seems fine?
Run Malwarebytes > Logs > Attach the log (I'd like to know what was removed).Mike Loots said:
SysInspector: http://www.eset.com/us/download/utilities/
http://www.nirsoft.net/utils/cports.html
There is also option for monitoring connections in Panda Cloud Antivirus.
Ok, so friday midday my pc froze while attempting to browse the internet - totally froze.
I took it in to another repairer, they got it running then uninstalled some stuff and checked it over and came up with nothing......
I got Java installed and decided to give it one more attempt before coming back to you today. I managed to download and install Google Chrome - what a difference, my PC obviously does not like Microsoft IE8. So far everything seems fine.
The logs I had saved were all removed by repairer - don't ask - I do remember the trojans were all connected to games given by "friends".
I'll not change anything for a while and if I get any problems you will hear from me.
It does seem as though whatever was causing the security certificate problems was removed by you guys - so thank you again for your patience and help.
Mike.
I took it in to another repairer, they got it running then uninstalled some stuff and checked it over and came up with nothing......
I got Java installed and decided to give it one more attempt before coming back to you today. I managed to download and install Google Chrome - what a difference, my PC obviously does not like Microsoft IE8. So far everything seems fine.
The logs I had saved were all removed by repairer - don't ask - I do remember the trojans were all connected to games given by "friends".
I'll not change anything for a while and if I get any problems you will hear from me.
It does seem as though whatever was causing the security certificate problems was removed by you guys - so thank you again for your patience and help.
Mike.
Similar threads
