Adware/Malware help.

L

LL1

New Member
Thread author
Verified
Mar 8, 2014
19
I attached the log files, just yesterday Chrome and Opera are opening Ad pages either in a new tab or stand alone window. I have installed on Chrome Scriptsafe, SSL Enforcer and Adblock. Scanned with MWB, Avast,Hitman,ADW in safe mode also. Conduit just started today hijacking my default search in Chrome. Thanks in advance!
 

Attachments

  • Addition.txt
    30.8 KB · Views: 81
  • AdwCleaner[R2].txt
    1.1 KB · Views: 62
  • aswMBR.txt
    2 KB · Views: 48
  • FRST.txt
    65.7 KB · Views: 93
  • JRT.txt
    1.4 KB · Views: 89
g3n-h@ckm@n

g3n-h@ckm@n

Level 1
Verified
Mar 1, 2014
251
hello Welcome on MalwareTips :)

Download Shortcut_Module from this link :

http://www.telecharger.sosvirus.net/download/shortcut-module/

save it to your desktop

ShortcutModuleQNlE.png



Attention : It'll close all the programs opened like IE, Firefox, Word etc...

It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.

Attach the report
 
  • Like
Reactions: LL1
L

LL1

New Member
Thread author
Verified
Mar 8, 2014
19
here you go, Thanks!

Still getting Ads upon reboot.
 

Attachments

  • Shortcut_Module_08_03_2014_11_43_03.txt
    32.7 KB · Views: 171
g3n-h@ckm@n

g3n-h@ckm@n

Level 1
Verified
Mar 1, 2014
251
it looks we had little problem with the tool :/

or it didn't write some deletions correctly ...

look into your Start MEnu if there's still what you had before...
I don't understand , it didn't do that in my tests before uploading it
 
g3n-h@ckm@n

g3n-h@ckm@n

Level 1
Verified
Mar 1, 2014
251
ok we'll replace them back at their place :)

Download From this link OTL : http://oldtimer.geekstogo.com/OTL.exe

Save it to your desktop

If you have XP => double-click , else , right-click "Run as administrator" to launch it

configure it like this picture : (the "Analyse"="Run Scan" must be pressed at the end after after configuration and pasting the text below )

OTL.PNG


if a 64 bits checkbox appears let it checked.

copy/paste what is below in blue bold under "Personnalization" in OTL :

HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programfiles%\Google\Desktop\Install /s
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT

click on "Run scan"(Analyse) and let the tool work
At the end "notepad" will open (OTL.txt & Extras.txt)
you can find them near the OTL executable.

Dont post them in the forum !!!! ( they're too big )

Attach them
 
L

LL1

New Member
Thread author
Verified
Mar 8, 2014
19
Here they are, I did not run the fix.
 

Attachments

  • Extras.Txt
    78.9 KB · Views: 76
  • OTL.Txt
    506.5 KB · Views: 98
L

LL1

New Member
Thread author
Verified
Mar 8, 2014
19
After rebooting the pc it froze up loading the desktop and I could not save the log file. I do not see it anywhere to attach as well...
 
L

LL1

New Member
Thread author
Verified
Mar 8, 2014
19
This file opens upon startup
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
 
g3n-h@ckm@n

g3n-h@ckm@n

Level 1
Verified
Mar 1, 2014
251
yes

go to start Menu , programs , startup and delete the "Desktop.ini" file

the report is : C:\_OTL\Moved Files\date_hour.txt
 
L

LL1

New Member
Thread author
Verified
Mar 8, 2014
19
OK there we go, I had to whitelist malwaretips.com for javascript.
 

Attachments

  • 03082014_174554.log
    120.3 KB · Views: 57
L

LL1

New Member
Thread author
Verified
Mar 8, 2014
19
I think I am good, I won't know till later. I will follow up with a post later today.
 

Similar threads

J
    • Love
    • Applause
Opera launches Opera One R2 – the best Opera Browser to date
Replies
7
Views
407
Opera
Gandalf_The_Grey
Gandalf_The_Grey
S
  • Locked
"Searchgoose" closed my Edge/Brave sessions, could only restore parts - please help!!
Replies
16
Views
1,763
Windows Malware Removal Help & Support
nasdaq
nasdaq
oldschool
    • Like
    • Hundred Points
    • Applause
Hot Take Chrome Extensions: eyeo's journey to testing service worker suspension
Replies
1
Views
640
Web Extensions
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top