fb Downloader uninstall

[Echizen]

Hi,

This thing is indestructable. I've tried multiple guides including the one in the blog but without success. I've added the OTL Log for view. I also tried to add on the scan for aswMBR but weirdly the laptop blue screens. Never had this problem with it before (with blue screen). Would anybody here be able to help please?

Thanks.

 

[Fiery]

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.fbdownloader.com/?channel=sfuk206
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://search.fbdownloader.com/search.php?channel=sfuk206&q={searchTerms}
FF - prefs.js..browser.search.defaulturl: "http://search.fbdownloader.com/search.php?channel=sfuk206&q="
FF - prefs.js..browser.startup.homepage: "http://search.fbdownloader.com/?channel=sfuk206"
FF - prefs.js..keyword.URL: "http://search.fbdownloader.com/search.php?channel=sfuk206&q="
O4 - HKCU..\Run: [SCheck] C:\Users\Vickster\AppData\Roaming\SCheck\SCheck.exe ()
O4 - HKCU..\Run: [SSync] C:\Users\Vickster\AppData\Roaming\SSync\SSync.exe ()

:Files
C:\Users\Vickster\AppData\Roaming\Common
C:\Users\Vickster\AppData\Roaming\SSync
C:\Users\Vickster\AppData\Roaming\SCheck
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

---

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

 

[Echizen]

Thanks for the speedy reply.

Here's the log:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "http://search.fbdownloader.com/search.php?channel=sfuk206&q=" removed from browser.search.defaulturl
Prefs.js: "http://search.fbdownloader.com/?channel=sfuk206" removed from browser.startup.homepage
Prefs.js: "http://search.fbdownloader.com/search.php?channel=sfuk206&q=" removed from keyword.URL
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SCheck deleted successfully.
C:\Users\Vickster\AppData\Roaming\SCheck\SCheck.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SSync deleted successfully.
C:\Users\Vickster\AppData\Roaming\SSync\SSync.exe moved successfully.
========== FILES ==========
C:\Users\Vickster\AppData\Roaming\Common\LuaRT\socket folder moved successfully.
C:\Users\Vickster\AppData\Roaming\Common\LuaRT\mime folder moved successfully.
C:\Users\Vickster\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT folder moved successfully.
C:\Users\Vickster\AppData\Roaming\Common\LuaRT\luasql folder moved successfully.
C:\Users\Vickster\AppData\Roaming\Common\LuaRT\json\encode folder moved successfully.
C:\Users\Vickster\AppData\Roaming\Common\LuaRT\json\decode folder moved successfully.
C:\Users\Vickster\AppData\Roaming\Common\LuaRT\json folder moved successfully.
C:\Users\Vickster\AppData\Roaming\Common\LuaRT\alien folder moved successfully.
C:\Users\Vickster\AppData\Roaming\Common\LuaRT folder moved successfully.
C:\Users\Vickster\AppData\Roaming\Common folder moved successfully.
C:\Users\Vickster\AppData\Roaming\SSync folder moved successfully.
C:\Users\Vickster\AppData\Roaming\SCheck folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Vickster\Downloads\cmd.bat deleted successfully.
C:\Users\Vickster\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Vickster
->Temp folder emptied: 91518129 bytes
->Temporary Internet Files folder emptied: 137925021 bytes
->Java cache emptied: 4984530 bytes
->FireFox cache emptied: 17857479 bytes
->Google Chrome cache emptied: 425716903 bytes
->Flash cache emptied: 631 bytes

%systemdrive% .tmp files removed: 0 bytes


Thanks.

 

[Fiery]

Did you run the Junkware Removal Tool? Let me know how your PC is running after.

 

[Echizen]

Did you run the Junkware Removal Tool? Let me know how your PC is running after.

Hi Fiery,

Everything seems to be running fine now Before I ran JRT it was still using it as the default search engine but now it seems to have disappeared

Thanks!

 

[Fiery]

Great! Let's do one more scan to make sure you are in the clear and then we will clean up.

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
  • Scan unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
• The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt

 

[Echizen]

Hi Fiery,

Sorry for the long wait time for reply. I've ran what you asked and it didn't come back with any problems so it all looks to be good Since it didn't come back with any problems it also didn't come back with any log. I'm assuming this is a good thing?

Thanks.

 

[Fiery]

Good! If you are no longer experiencing any other issues, your PC is now clean!

Double click on OTL to run it

• Click on the Cleanup button at the top.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
• This will remove itself and other tools we may have used.

Also, open adwCleaner and click Uninstall

---

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link

---

Keep your system updated

• Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
• Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
• Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

---

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

• avast! 7 Home Edition - Don't use it with Online Armor
• Avira AntiVir Personal
• BitDefender Antivirus Free Edition
• Microsoft Security Essentials

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.

• Online Armor
• Comodo Firewall - If you are an advance user
• ZoneAlarm Free Firewall
• PC Tool Firewall Plus

Other steps that you may want to do to further protect your system/files:

• Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
• Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.

---

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.

• KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
• AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
• NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
• Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

• AdBlock

---

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

• CCleaner
• Malwarebytes Anti-Malware

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
​