Solved Homepage and searchbar adware

S

StabbyMW

New Member
Thread author
Dec 30, 2017
4
So I was looking for an ISO boot software and since I have used daemon tools in the past I decided to install the lite version, biggest mistake i've made.
I noticed immediately something was wrong so I performed a malware scan which removed most of the problems, I also ran a rootkit scan and used the adwcleaner software they provide, this got rid of most of the viruses.
After a while I noticed a PuP keept reappearing even though I moved it to quarantine and deleted it, it was located in the google chrome folder under Secure Preferences.
I looked at the setting and noticed a strange string of characters and letters under my home button.
I googled a bit the issue and came across a thread on this forum about a guy with a similar issue so I installed FRST64 performed a scan and there they were, now I have located the malware but i don't have the knowledge to make a fixlist.txt so I decided to ask you for help.
 

Attachments

  • FRST.txt
    63.6 KB · Views: 3
  • Addition.txt
    28.9 KB · Views: 3
  • virus.png
    virus.png
    74.4 KB · Views: 7
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


Please download Zemana AntiMalware and save it to your Desktop.
  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
  • Open Zemana AntiMalware again.
  • Click on
    4zu6vb.jpg
    icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.
 
S

StabbyMW

New Member
Thread author
Dec 30, 2017
4
Thanks, it seems as for now the virus has been removed I will scan in the future again to see if it comes back.
I wanna know since this antivirus seemed to do a better job should I keep this or just leave it to Malwarebytes, also do you have any advice on which antivirus would be better in general?
I also noticed these two files which I think I remains from the daemon tools uninstall, is there a way to get rid of them?
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-12-27] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-12-27] (Disc Soft Ltd)
 

Attachments

  • 2017.12.31-12.16.34-i0-t92-d1.txt
    1.5 KB · Views: 3
Last edited:
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Try these commands in Command Prompt

sc delete dtlitescsibus
sc delete dtliteusbbus

del C:\Windows\System32\DRIVERS\dtlitescsibus.sys
del C:\Windows\System32\DRIVERS\dtliteusbbus.sys
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Yes. Try this fix please:


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    289 bytes · Views: 1
S

StabbyMW

New Member
Thread author
Dec 30, 2017
4
TwinHeadedEagle said:
Yes. Try this fix please:


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
Click to expand...
Thanks a lot you really helped me, should I keep both antiviruses?
 

Similar threads

Trustless
    • +Reputation
  • Locked
Trouble Removing a Chrome Redirecting Type Malware/Adware
Replies
4
Views
641
Windows Malware Removal Help & Support
nasdaq
nasdaq
I
  • Locked
Removing Zeus by resetting Windows
Replies
6
Views
486
Windows Malware Removal Help & Support
nasdaq
nasdaq
tofargone
    • Like
    • Wow
Found a Tester Videos are 1.5 to 2 min. Interesting results, for your Fav AV's... See Photos
Replies
11
Views
533
Member Chat
tofargone
tofargone

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top