Solved kb-ribaki / zodiac-game.info hijack pup?

[hophead1971]

Whenever I restart my laptop, my default browser (no matter which one) starts automatically and goes to kb-ribaki.org and then re-directs to zodiac-game.info/pager.html

After some research (that's how I found you fine folks!) I decided to run some scans. My previous scans did show a virus (Poweliks) and was removed.

I have tried to reset Chrome and then not login, but to no avail. I also uninstalled and reinstalled Chrome (no login) and got the same result.

I have included log files.

As per your piracy policy, I have uninstalled my BitTorrent client.

Thank you in advance for any help you can render. I really do not want to restore my whole laptop. Who's got time for that?

 

[TwinHeadedEagle]

Hello,

FRST search

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

• Copy kb-ribaki.org into the Search: field in FRST then click the Search Registry button.
• FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
• Please attach it to your reply.

 

[hophead1971]

Search complete as requested. I won't be back on till later tonight (going to work).

 

[TwinHeadedEagle]

Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

 

[hophead1971]

Here is the zemana report

 

[TwinHeadedEagle]

How is your PC behaving now?

 

[hophead1971]

Well, I did a restart and the dang problem is still there. Anything else I can do?

 

[hophead1971]

Also a command prompt pops up every so often and disappears.... Does that sound good?

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[hophead1971]

Here are the scans... Thank you again for helping me!

 

[TwinHeadedEagle]

FRST.txt report seems empty. Please run the scan again.

Also tell me about the current symptoms you experience.

 

[hophead1971]

Current symptoms: still getting an unattended browser window at windows startup taking me to kb-ribaki.org then redirect to zodiac-game.info/pager.html

Also now getting pop up command prompts that immediately disappear.

Don't know why the log was empty - here is the rescan logs....

 

[TwinHeadedEagle]

Okay, let me know if this fixed it. Also, please tell me do you know how you got infected with this malware?

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[hophead1971]

Ok, after I ran the fix and rebooted, the problem did not come back. I restarted again just to double check and again it has not come back. However when I went to chrome to reply to you, chrome started but won't let me go to any page. Just sits there. I tried to go to the settings page but it said there was an error (error message: awww snap, something went wrong while displaying this webpage). I was able to start firefox (did not let it become default browser!) to reply now. Did the fix do this?

I believe that i got this malware from an (ahem) adult website pop-up.

fixlog attached.

 

[hophead1971]

Chrome seems to be working now after another restart.... hmmmm

 

[TwinHeadedEagle]

Okay, please let me know if everything is okay now.

 

[hophead1971]

Seems to be working fine! Thank you so much for all your help!!!