Ads Not On this site/LyricsSing Plugin IE 10

[RobL]

I just discovered this today, IE 10 is infected and can't remove this plugin. I tried everything to no avail. Am I missing something or am I going to have to block IE10? IS this a threat to my PC?

Malware Bytes found NOTHING which is a shock

What is ASWMBR.log anyway?

(Won't let me post without checking one of the two)

-Rob

 

[Fiery]

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Download OTL by Old Timer from here and save it to your Desktop.

• Double click on OTL.exe to run it.
• Click the Scan All Users checkbox.
• Check the boxes beside LOP Check and Purity Check
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072

 

[RobL]

Doing the scan, it stops at locating FireFox settings, waited 10 minutes, than gave up. IE is locked up. Anything else I can try?

 

[Fiery]

Can you try in safe mode? If it doesn't work in safe mode, try Farbar Recovery Scan tool.

Start your computer in Safe Mode with Networking.

• Remove all floppy disks, CDs, and DVDs from your computer, and then <>restart your computer</>.</li>
  [*]<>Tap the "F8 key" continuously</> until you get the Advanced Boot Options screen.</li>
  [*]On the Advanced Boot Options screen, use the arrow keys to <>highlight Safe Mode with Networking</> , and then <>press ENTER</>.

<br>
<img title="Safe Mode with Networking screen" src="http://malwaretips.com/images/removalguide/safemode.jpg" alt="[Image: Safemode.jpg]" width="539" height="292" border="0" /></li>
</ol>

<hr>

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

 

[RobL]

Here ya go:

For the time being (and I don't use it) IE has been blocked by the firewall.
It's just a concern because I do run a clean ship on here. I even have NoScripts for FF.

-Rob

 

[Fiery]

Open notepad and copy & paste the following:

BHO-x32: LyricsSing - {F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A} - C:\Program Files (x86)\LyricSing\116.dll (DNMard LTD)
FF HKCU\...\Firefox\Extensions: [lrcsing@DNMard.net] C:\Program Files (x86)\LyricSing\116.xpi
FF Extension: No Name - C:\Program Files (x86)\LyricSing\116.xpi
CHR Extension: (LyricsSing) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\empccjjjdnnmgajlbddhbdejjjjhijeh\1.116_0
2013-07-06 04:16 - 2013-07-15 19:48 - 00000368 _____ C:\Windows\Tasks\LyricsSing Update.job
2013-07-06 04:16 - 2013-07-07 03:05 - 00000000 ____D C:\Program Files (x86)\LyricSing
2013-07-06 04:16 - 2013-07-06 04:16 - 00003012 _____ C:\Windows\System32\Tasks\LyricsSing Update

and save it as fixlist.txt onto your flash drive.

Then in normal mode, plug in your flash drive, open FRST and click fix. Post the generated log.

Upload a File to Virustotal
Please visit www.virustotal.com

• Click the Choose file... button
• Navigate to the file C:\Windows\system32\slcnt64.dll
• Click the Open button
• Click the Scan It button
• Copy and paste the URL of the results page back here.

Do the same for C:\Windows\system32\slprp64.dll

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

 

[RobL]

https://www.virustotal.com/en/file/fc4d6b12d572a020363eeeba2b41704aad48d29ec3a5f7c638e04aed8e022de1/analysis/1373946550/

-Rob

 

[Fiery]

Did you run the FRST fix?