I attached the log files, just yesterday Chrome and Opera are opening Ad pages either in a new tab or stand alone window. I have installed on Chrome Scriptsafe, SSL Enforcer and Adblock. Scanned with MWB, Avast,Hitman,ADW in safe mode also. Conduit just started today hijacking my default search in Chrome. Thanks in advance!
Adware/Malware help.
- Thread starter LL1
- Start date
hello Welcome on MalwareTips 
Download Shortcut_Module from this link :
http://www.telecharger.sosvirus.net/download/shortcut-module/
save it to your desktop
Attention : It'll close all the programs opened like IE, Firefox, Word etc...
It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.
Attach the report
Download Shortcut_Module from this link :
http://www.telecharger.sosvirus.net/download/shortcut-module/
save it to your desktop
Attention : It'll close all the programs opened like IE, Firefox, Word etc...
It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.
Attach the report
it looks we had little problem with the tool :/
or it didn't write some deletions correctly ...
look into your Start MEnu if there's still what you had before...
I don't understand , it didn't do that in my tests before uploading it
or it didn't write some deletions correctly ...
look into your Start MEnu if there's still what you had before...
I don't understand , it didn't do that in my tests before uploading it
ok we'll replace them back at their place
Download From this link OTL : http://oldtimer.geekstogo.com/OTL.exe
Save it to your desktop
If you have XP => double-click , else , right-click "Run as administrator" to launch it
configure it like this picture : (the "Analyse"="Run Scan" must be pressed at the end after after configuration and pasting the text below )
if a 64 bits checkbox appears let it checked.
copy/paste what is below in blue bold under "Personnalization" in OTL :
HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programfiles%\Google\Desktop\Install /s
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT
click on "Run scan"(Analyse) and let the tool work
At the end "notepad" will open (OTL.txt & Extras.txt)
you can find them near the OTL executable.
Dont post them in the forum !!!! ( they're too big )
Attach them
Download From this link OTL : http://oldtimer.geekstogo.com/OTL.exe
Save it to your desktop
If you have XP => double-click , else , right-click "Run as administrator" to launch it
configure it like this picture : (the "Analyse"="Run Scan" must be pressed at the end after after configuration and pasting the text below )
if a 64 bits checkbox appears let it checked.
copy/paste what is below in blue bold under "Personnalization" in OTL :
HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programfiles%\Google\Desktop\Install /s
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT
click on "Run scan"(Analyse) and let the tool work
At the end "notepad" will open (OTL.txt & Extras.txt)
you can find them near the OTL executable.
Dont post them in the forum !!!! ( they're too big )
Attach them
ok
select all the text in this link : http://cjoint.com/14ma/DCixxzPRZPP_otlmove.txt
and paste it in OTL under "Personnalization" , without touching anything else.
click on "Run Fix" , and after the reboot attach the report
select all the text in this link : http://cjoint.com/14ma/DCixxzPRZPP_otlmove.txt
and paste it in OTL under "Personnalization" , without touching anything else.
click on "Run Fix" , and after the reboot attach the report
yes
go to start Menu , programs , startup and delete the "Desktop.ini" file
the report is : C:\_OTL\Moved Files\date_hour.txt
go to start Menu , programs , startup and delete the "Desktop.ini" file
the report is : C:\_OTL\Moved Files\date_hour.txt
You may also like...
-
Trouble Removing a Chrome Redirecting Type Malware/Adware- Started by Trustless
- Replies: 4
-
SOpera updates with a redesigned History, new Themes, and an experimental feature
- Started by Santiago Benavides García
- Replies: 9
-
-
-
The Godfather Malware is Back, and Is More Dangerous Than Ever: How to Stay Safe- Started by lokamoka820
- Replies: 0