Solved Browser adaware injections

Hadden

Hadden

Level 2
Thread author
Verified
Oct 18, 2015
97
I didn't save the adw log, however I removed all the things, as Iminent (still there o.o) and infected chrome extensions/mozilla profile it found. (I'll redo soon). However, I use another chrome based browser, vivaldi, and I don't know if it's covered in adwclean scans.

MBAM found an "alarming" number of things (all removed):

backdoor.ircbot

pup.optional.
adoffer
amonetize
browsefox
bundleinstaller
bundler
installcore
installmonster
loadmoney
opencandy
privoxy
somoto
steamclient
winmanger

trojan.agent
trojan.downloader
trojan.proxyhijacker

Not detected, but I have, it's addonjet which hijack google searches.
 
Hadden

Hadden

Level 2
Thread author
Verified
Oct 18, 2015
97
attached adwcleaner log
 

Attachments

  • AdwCleaner[C1].txt
    4.9 KB · Views: 0
  • AdwCleaner[C2].txt
    2.4 KB · Views: 0
  • AdwCleaner[S1].txt
    5.4 KB · Views: 1
  • AdwCleaner[S2].txt
    3 KB · Views: 0
  • AdwCleaner[S3].txt
    2.3 KB · Views: 0
Hadden

Hadden

Level 2
Thread author
Verified
Oct 18, 2015
97
Frst+addition+a scan I did some time ago with JRT, attached
 

Attachments

  • Addition.txt
    32.8 KB · Views: 2
  • FRST.txt
    123.4 KB · Views: 2
  • JRT.txt
    964 bytes · Views: 0
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.
 
Hadden

Hadden

Level 2
Thread author
Verified
Oct 18, 2015
97
Aaaand... the Zem report :)
 

Attachments

  • 2016.06.24-21.18.45-i0-t4294967295-d111.txt
    30.8 KB · Views: 7
Hadden

Hadden

Level 2
Thread author
Verified
Oct 18, 2015
97
Really better.
Addonjet hijacking result seem disappered.
Still open some ads in the tab (usually blocked by adblock/scriptblocker).
I clean some data browser to see if something wrong is still there.
 
Hadden

Hadden

Level 2
Thread author
Verified
Oct 18, 2015
97
Addonjet only partially gone away. On google search is not present, on google image searches - is still there.
 
Hadden

Hadden

Level 2
Thread author
Verified
Oct 18, 2015
97
Ok, changed scriptblocker to umatrix. Seen and blocked icaplat.com request that I didn't. For now, I don't see addonjet anymore. Also unwanted amazon ads in tabs seems to be blocked.
And I revert my hosts file to stock (I had a MVPS host file taken by their site).
 
Hadden

Hadden

Level 2
Thread author
Verified
Oct 18, 2015
97
Also blocked some other malicious sites both in ublock and umatrix:
dcbap.com
indelibleappointing.com
spiessummarising.com

However, everything works well now :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top