SOLVED Homepage and searchbar adware

Discussion in 'Malware Removal Assistance For Windows' started by StabbyMW, Dec 30, 2017.

Need Malware Removal Help?

We offer free malware removal assistance to our members. Sign Up now, and get free malware removal support.

  1. StabbyMW

    StabbyMW New Member

    Dec 30, 2017
    4
    0
    Italy
    Windows 7
    Malwarebytes
    Operating System:
    Windows 7
    Are you using a 32-bit or 64-bit operating system?:
    64-bit (x64)
    Infection date and initial symptoms:
    I trusted daemon tools lite and it installed a bunch of malware, it was like 3 days ago
    Current issues and symptoms:
    I can't see anything wrong as of now cause I used Malwarebytes to remove most of it but one PuP still shows in the scans of my antivirus and 3 on those of FRST64.
    I remove it with my antivirus but keeps coming back(it says it's located in Chrome, Secure preferences) and I can also see it in the chrome settings(I posted screenshot)
    Steps taken in order to remove the infection:
    I have use malwarebytes additional rootkitscan and also adwcleaner also from malwarebytes.
    Logs added to help request:
    • FRST.txt
    • Addition.txt
    So I was looking for an ISO boot software and since I have used daemon tools in the past I decided to install the lite version, biggest mistake i've made.
    I noticed immediately something was wrong so I performed a malware scan which removed most of the problems, I also ran a rootkit scan and used the adwcleaner software they provide, this got rid of most of the viruses.
    After a while I noticed a PuP keept reappearing even though I moved it to quarantine and deleted it, it was located in the google chrome folder under Secure Preferences.
    I looked at the setting and noticed a strange string of characters and letters under my home button.
    I googled a bit the issue and came across a thread on this forum about a guy with a similar issue so I installed FRST64 performed a scan and there they were, now I have located the malware but i don't have the knowledge to make a fixlist.txt so I decided to ask you for help.
     

    Attached Files:

  2. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,729
    2,655
    Malware Removal, Gaming
    Windows 7
    ESET
    Hello,


    Please download Zemana AntiMalware and save it to your Desktop.
    • Install the program and once the installation is complete it will start automatically.
    • Without changing any options, press Scan to begin.
    • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
    • Open Zemana AntiMalware again.
    • Click on [​IMG] icon and double click the latest report.
    • Now click File > Save As and choose your Desktop before pressing Save.
    • The only left thing is to attach saved report in your next message.
     
  3. StabbyMW

    StabbyMW New Member

    Dec 30, 2017
    4
    0
    Italy
    Windows 7
    Malwarebytes
    #3 StabbyMW, Dec 31, 2017
    Last edited: Dec 31, 2017
    Thanks, it seems as for now the virus has been removed I will scan in the future again to see if it comes back.
    I wanna know since this antivirus seemed to do a better job should I keep this or just leave it to Malwarebytes, also do you have any advice on which antivirus would be better in general?
    I also noticed these two files which I think I remains from the daemon tools uninstall, is there a way to get rid of them?
    S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-12-27] (Disc Soft Ltd)
    S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-12-27] (Disc Soft Ltd)
     

    Attached Files:

  4. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,729
    2,655
    Malware Removal, Gaming
    Windows 7
    ESET
    Try these commands in Command Prompt

    sc delete dtlitescsibus
    sc delete dtliteusbbus

    del C:\Windows\System32\DRIVERS\dtlitescsibus.sys
    del C:\Windows\System32\DRIVERS\dtliteusbbus.sys
     
  5. StabbyMW

    StabbyMW New Member

    Dec 30, 2017
    4
    0
    Italy
    Windows 7
    Malwarebytes
    Looks like access is denied.
     
  6. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,729
    2,655
    Malware Removal, Gaming
    Windows 7
    ESET
    Yes. Try this fix please:


    [​IMG] Fix with Farbar Recovery Scan Tool

    [​IMG] This fix was created for this user for use on that particular machine. [​IMG]
    [​IMG] Running it on another one may cause damage and render the system unstable. [​IMG]

    Download attached fixlist.txt file and save it to the Desktop:

    Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

    • Right-click on [​IMG] icon and select [​IMG] Run as Administrator to start the tool.
      (XP users click run after receipt of Windows Security Warning - Open File).
    • Press the Fix button just once and wait.
    • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

    Please attach it to your reply.
     

    Attached Files:

  7. StabbyMW

    StabbyMW New Member

    Dec 30, 2017
    4
    0
    Italy
    Windows 7
    Malwarebytes
    Thanks a lot you really helped me, should I keep both antiviruses?
     
  8. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,729
    2,655
    Malware Removal, Gaming
    Windows 7
    ESET
    Yes, you can.
     
Loading...
Similar Threads Forum Date
Default browser keeps opening new windows and redirecting to homepage. Malware Removal Assistance For Windows Dec 18, 2017
How to remove 12kotov.ru homepage , chrome inappropriate ads and also inapropriate youtube banners!! Malware Removal Assistance For Windows Jun 21, 2017
Need Help My computer keeps opening new tabs/reset to the homepage. Apps - Questions & Help Feb 24, 2017