Operating System
Windows 7
Infection date and initial symptoms
22.05.2014 ad popups in all browsers
Current issues and symptoms
same - popup ads from adsdelivery1
Steps taken in order to remove the infection
1) Cleaned out and disabled all extensions from Chrome and Mozilla FireFox and IE
2) Reset Internet Options for Explorer
3) Tried manually removing the registry entries for proxy that the scanning programs could not - they just repopulated
4) Uninstalled Chrome and FF completely (deleted folder in AppData/.../Google/Chrome contain user profiles)
5) Turned off IE as a service and reinintialized
6) Ran scans and accompanying fixes with the following programs (including an initial scan with Microsoft Security Essentials
a) MWB
b) Hijack This
c) CCleaner
d) HitmanPro
e) JRT.exe
f) RogueKiller
g) Norton Power Eraser
h) SecurityCheck.exe
i) Revo Uninstaller

I see MWB and others pointing to an issue with IE being used as a proxy. Additionally I have seen threats in the Windows Update folder. For the last few days I've been bombarded with Windows Updates. Seems like every restart there were more updates. Could that have been infected and now its being used to make my machine a proxy server for the ads?

It doesn't appear to be related to the browsers at all so I searched for RootKit removal but no change after running them. I suspect the Windows Update service is somehow involved here.

Thanks for any help you can give! :)

Neil Mc mahon

New Member
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/05/26 02:39:46 +0100</date>
<logfile>mbam-log-2014-05-26 (02-39-42).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.05.25.08</malware-database>
<rootkit-database>v2014.05.21.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Neil</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>271358</objects>
<time>690</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path><vendor>PUP.Optional.Superfish.A</vendor><action>delete-on-reboot</action><hash>e0bc7adb09728da9d8cbbad390728f71</hash></file>
<file><path>C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path><vendor>PUP.Optional.Superfish.A</vendor><action>delete-on-reboot</action><hash>7824c392a0dbf93dbae938558979fd03</hash></file>
</items>
</mbam-log>
 

Attachments

TwinHeadedEagle

Removal Expert
Staff member
Verified
Please download zoek.zip or zoek.rar by smeenk (
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

    Code:
    C:\Windows\Microsoft;fs
    C:\Program Files (x86)\MSR;fs
    SystemUpdatekb70007;s
    autoclean;
    emptyalltemp;
    emptyclsid;
    ipconfig /flushdns;b
  • Click on
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
 

Neil Mc mahon

New Member
You sir are a gentleman! My computer (after five days of lonely wrangling) appears to be adware free. Thanks I'll be buying a beer shortly. Be well :)
 

TwinHeadedEagle

Removal Expert
Staff member
Verified
Thanks :)


For future protection I can recommend you:
- Adblock --> https://adblockplus.org/en/chrome
- Unchecky --> http://unchecky.com/



The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.