Solved help malware removal (keep appearing and browser hijacker)

septhian

New Member
Thread author
Mar 13, 2017
6
browser hijacker known as trotux change my homepage and default search engine for all my browser, after that there is this annoying software that keep appearing and install by it self ( winsnare, kyubey.exe, bikaq RSS )

the known software keep appearing and install by itself ( winsnare, kyubey.exe, bikaq rss and 2 or 3 software that i forgot the name ) and after they keep incoming, they disable my microsoft security essential software, i need manually activate the MSE
even i still have zemana anti malware in my system (trial 5days left), the software suddenly installing itself
im using this software :
malwareantibytes,
adwcleaner,
hitman pro
and zemana anti malware

i already clear the problem arround 10-12 march, i run all scanner everyday, at it show clean system, but suddenly today the adware and malware come up again

maybe you can give me some advice and help, thanks in advance
 

Attachments

  • Addition.txt
    66.9 KB · Views: 5
  • FRST.txt
    39.6 KB · Views: 5

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    4.1 KB · Views: 7
  • Like
Reactions: septhian

septhian

New Member
Thread author
Mar 13, 2017
6
thankyou for you reply, i already run the fixlist.txt and hope the malware / adware not coming back, just some quick question, is that possible that chrome extension ( even the one i got from official chrome itself ) get infected ? because after i use your fixlist, i must login again to my chrome user profile and it load all previous installed extension, thanks
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Yes, malware infected your Chrome profile/s. I suggest to completely uninstall Chrome and delete its folders in:
- programfiles
- programdata
- appdata\roaming
- appdata\local

Then install it again. There should be no issue after it.
 
  • Like
Reactions: septhian

septhian

New Member
Thread author
Mar 13, 2017
6
oh well, i just see your reply :( after apply your fix yesterday, its gone smooth, the i just reinstall the extension only and hope everything going fine, and suddenly this popup into my zemana scan, i rerun the farbar recovery scan tool and upload the FRST again here, sorry for the trouble and thankyou in advance
 

Attachments

  • zemana1.jpg
    zemana1.jpg
    65.7 KB · Views: 2
  • FRST.txt
    34.6 KB · Views: 1
  • Addition.txt
    66.8 KB · Views: 1

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Apply the fix and then reinstall Chrome the same way.


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    984 bytes · Views: 3

septhian

New Member
Thread author
Mar 13, 2017
6
thanks again for your response, already fix and delete all chrome folder then reinstall it, here the fixlog, thankyou
 

Attachments

  • Fixlog.txt
    2.8 KB · Views: 2

septhian

New Member
Thread author
Mar 13, 2017
6
not good actually, zemana scan showup clean pc, but when i use adwcleaner it shows 15 threat ( i upload the log ) and i upload again the frst.txt again, sorry for the trouble and thankyou very much
 

Attachments

  • Addition.txt
    66.3 KB · Views: 1
  • FRST.txt
    34.4 KB · Views: 1
  • AdwCleaner[S8].txt
    3.4 KB · Views: 1

septhian

New Member
Thread author
Mar 13, 2017
6
oh so its done then ? well i just aware because that result from adwcleaner, thankyou very much for your help, really appreciate it :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top