Further advice on how to remove webalta.ru needed

[Dante2001]

I've attached the kaslog.

 

[Fiery]

Try reseting your browsers:

For IE: http://support.microsoft.com/kb/923737

For Chrome: Reinstall it.

 

[Dante2001]

Try reseting your browsers:

For IE: http://support.microsoft.com/kb/923737

For Chrome: Reinstall it.

I followed the steps for IE but webalta is still there.

 

[Fiery]

Hi,

Please uninstall Anvisoft.

Next, Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
[2013/04/09 11:55:32 | 000,000,000 | ---D | M] -- C:\Users\Spiros\AppData\Roaming\Reason Software Company Inc
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TempFC5A2B2

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

 

[Dante2001]

Hi,

Please uninstall Anvisoft.

Next, Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
[2013/04/09 11:55:32 | 000,000,000 | ---D | M] -- C:\Users\Spiros\AppData\Roaming\Reason Software Company Inc
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TempFC5A2B2

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Here's the new log.

 

[Fiery]

Right-click the IE and chrome icons. Select Properties. Under the shortcut tab, look for a line called Target. Copy and paste the content in the line

 

[Dante2001]

Right-click the IE and chrome icons. Select Properties. Under the shortcut tab, look for a line called Target. Copy and paste the content in the line

This looks problematic, here are the lines copied and pasted.
C:\Users\Dante\AppData\Local\Google\Chrome\Application\chrome.exe http://home.webalta.ru/?new
"C:\Program Files\Internet Explorer\iexplore.exe"

 

[Fiery]

For chrome, go into Properties again. This time, delete the "http://home.webalta.ru/?new" extension so under the target, the value is only C:\Users\Dante\AppData\Local\Google\Chrome\Application\chrome.exe

For IE, are you using a shortcut on the desktop?

 

[Dante2001]

For chrome, go into Properties again. This time, delete the "http://home.webalta.ru/?new" extension so under the target, the value is only C:\Users\Dante\AppData\Local\Google\Chrome\Application\chrome.exe

For IE, are you using a shortcut on the desktop?

I deleted the extension on chrome but webalta still appears. I've just created a desktop shortcut for IE but the target still reads the same as the one I copied and pasted earlier.

 

[Fiery]

Please wait while I consult with my colleagues

 

[Dante2001]

Please wait while I consult with my colleagues

No problem, thanks for your help and patience so far.

 

[Fiery]

Hi,

Please open up SystemLookup again but copy and paste this code into the text field:

:filefind
*webalta*

:folderfind
*webalta*

:Regfind
webalta

:service
webalta

and press scan. Post the results back here

 

[Dante2001]

Hi,

Please open up SystemLookup again but copy and paste this code into the text field:

:filefind
*webalta*

:folderfind
*webalta*

:Regfind
webalta

:service
webalta

and press scan. Post the results back here

Here are the results, seems similar to the previous scan.

 

[Fiery]

Hi,

Please use 64-bit version of SystemLookup from here: http://jpshortstuff.247fixes.com/SystemLook_x64.exe

And re-run the scan with

:filefind
*webalta*

:folderfind
*webalta*

:Regfind
webalta

:service
webalta

 

[Dante2001]

Hi,

Please use 64-bit version of SystemLookup from here: http://jpshortstuff.247fixes.com/SystemLook_x64.exe

And re-run the scan with

:filefind
*webalta*

:folderfind
*webalta*

:Regfind
webalta

:service
webalta

Here it is.

 

[Fiery]

This is an odd one.. Can't seem to find the root cause. Would you consider reformatting?

 

[Dante2001]

This is an odd one.. Can't seem to find the root cause. Would you consider reformatting?

If you think it would help I'd be happy to try it. Any advice for reformatting my hard drive without screwing any of my important files up?

 

[Fiery]

Do you have an external drive or USB that can hold your important files?

 

[Dante2001]

Do you have an external drive or USB that can hold your important files?

I don't have an external drive at the minute and my USBs don't have a large capacity. Does reformatting put a lot of the vital files at risk so that it requires backup or is not necessary?

 

[Fiery]

Reformatting will restore your PC back to factory default (the state in which you bought the PC in). It will delete all your files and reinstall windows.