Nationzoom

[M Gilliland]

I followed your instructions to remove the virus. The files you instructed me to remove were not there, so I ran Malwarebytes, which located 254 errors, and removed them. I shut down and restarted my laptop. Nationzoom was still there, so I ran an AVG scan, which could not find any threats. I downloaded and ran HitmanPro, which could not find any threats. I verified that my home page in Internet Options is Google, and restarted again. However, Nationzoom is still there. I don't know if they've gotten sneakier in the past few weeks or what, but they're slipping past the malware software. Do I need to reformat?

 

[TwinHeadedEagle]

Hi,

No need to reformat, I can clean your PC. Only thing I need are the reports...

Attach them, so we can start

 

[M Gilliland]

Here you go. Since I posted, I identified three programs that installed on December 9, including a backup software that is no doubt behind the popups. I uninstalled them, but the system could not find the ScorpionSaver program on c:\temp to remove it. I found one text file in c:\temp, and deleted it, then rebooted. Still no change.

Thank you so much for reviewing the file!

 

[TwinHeadedEagle]

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

• Click on the Scan button.
• After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Post logfile will also be saved in the C:\AdwCleaner folder.

Then...



Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  
  

  createsrpoint; 
  StandardSearch; 
  emptyfolderscheck; 
  installer-list; 
  installedprogs; 
  uninstall-list;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[M Gilliland]

I tried to download and install AdwCleaner several times. It runs through the process, then tries to sell me other software, and never offers to launch AdwCleaner, which I cannot find. There is no Desktop icon - nothing - not even an adwcleaner.exe file to double click. All I find is setup.exe which reloads the software. It doesn't give me the option to save to my Desktop - it places the setup file in my downloads. I don't have any idea where it installs to because it didn't tell me. How do I run it? There is no c:\AdwCleaner folder.

Edited: I clicked "Skip All" because I don't want arcade software or any of the other programs piggybacking onto Adwcleaner. Is this why it won't install? Do I have to accept all those other programs in order to get the cleaner?

Edited again: I got an AVG alert saying the adware was a threat. But thanks anyway.

 

[TwinHeadedEagle]

Skip Adwcleaner and proceed to Zoek...

 

[M Gilliland]

Update. Internet Explorer was apparently completely messed up, and was the reason I couldn't download AdwCleaner. So I downloaded Google Chrome, which allowed me to download and run it. Then I upgraded to IE 11, and it appears to be fine. Thanks much!

Skip Adwcleaner and proceed to Zoek...

 

[TwinHeadedEagle]

We're not yet finished, Nationzoom could easily infect Chrome. Follow my instructions and attach reports from both tools...

 

[M Gilliland]

Attached are all the logs. Thanks much!

 

[TwinHeadedEagle]

> Re-run zoek with this script and attach here fresh zoek log results.

C:\Program Files (x86)\BrowseSmart;fs
C:\PROGRA~2\BrowseSmart;fs
C:\Users\Maureen Gilliland\AppData\Local\mysearchdial-speeddial.crx;f
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Locallow\AVG SafeGuard toolbar;fs
C:\Users\MAUREE1\AppData\Roaming\UPDATE1;fs
BrowseSmart;chr
iedefaults;
emptyalltemp;
autoclean;
emptyclsid;
emptyfolderscheckdelete;

 

[M Gilliland]

Please see attached, and thank you again!

 

[TwinHeadedEagle]

We need another check...


> Re-run zoek with this script and attach here fresh zoek log results.

StandardSearch;

 

[M Gilliland]

Here - thank you!

 

[TwinHeadedEagle]

PC seems clean, we need another check and we're done


Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.

• Wait for initial scan to finish - if there is any query, click No;
• Click Scan button and wait until the full scan is complete;
• Click Save ... - save the report to the Desktop (named Gmer );

> Attach here Gmer logreports.

 

[M Gilliland]

Here you go!

 

[TwinHeadedEagle]

Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.

• Press Start Scan
• If Suspicious object is detected, the default action will be Skip, click on Continue.
• If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.