Solved Infected with Adware - REALLY hard to get rid of!

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code:
    createsrpoint;
    autoclean;
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.
 

dazinger92

New Member
Thread author
Verified
Aug 10, 2016
15
To be honest, I am not 100% sure if the program fully ran, or if it perhaps locked up or ran into an issue. But, here is the log that I have. It seems to pause after checking Firefox Extensions. It has seemingly done nothing in the past 20 minutes.

Here is the first log.
 

Attachments

  • zoek-results_1.log
    7.2 KB · Views: 5

dazinger92

New Member
Thread author
Verified
Aug 10, 2016
15
Yea, I have no luck still. It gets stuck in the same spot!

I could try running it in safe mode, but would that defeat the purpose of the scanner ?
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
We will skip it, Zoek is known to bug like this sometimes.

adwcleaner_new.png
Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.
  • Right-click on
    adwcleaner_new.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Cleaning.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 

dazinger92

New Member
Thread author
Verified
Aug 10, 2016
15
Okay, but just so you know - I have run AdwCleaner many times now. It did remove other things such as registry entries in previous scans, but this time it did not pick up on those.

[C4] is the latest scan file. Inside of it, you can view a list of all previous scans (including all of the other ones I listed) and their scan times. I just attached the ones of importance, and as a way to show how AdwCleaner has progressed with regards to cleaning my computer of unwanted threats.
 

Attachments

  • AdwCleaner[C4].txt
    3 KB · Views: 2
  • AdwCleaner[S1].txt
    4.7 KB · Views: 1
  • AdwCleaner[C1].txt
    2.5 KB · Views: 0
  • AdwCleaner[C2].txt
    2 KB · Views: 0

dazinger92

New Member
Thread author
Verified
Aug 10, 2016
15
Hey,

Were the AdwCleaner log files any help with regards to figuring out the next best course of action for the browser adware cleanup?
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's make FRST scan once again


FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    4.8 KB · Views: 7

dazinger92

New Member
Thread author
Verified
Aug 10, 2016
15
Have not really had much time yet to fully assess the PC after running that fix. I will certainly let you know either way in a day or two.

If it did fix the issue, then the next thing would likely be to perform the same maneuver on my laptop, as it had the same exact adware problem. (That is, I can run FRST scan on my laptop and then run a separate fixlist.txt for the laptop to resolve the issue there as well.)
 

dazinger92

New Member
Thread author
Verified
Aug 10, 2016
15
I would like to think that it only happens in Chrome.

I have tried it in other browsers, but it does not seem to happen there. I would not be 100% sure about that though since I do not usually utilize those browsers (ie. Firefox, Microsoft Edge, Internet Explorer) but I am fairly certain.

My laptop is also infected with it... somehow. And I use Chrome on there as well, linked to the same account which makes me think it is specifically attacking/infecting Chrome.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top