Operating System
Windows 7
Infection date and initial symptoms
FaunDEals : many weeks now, seen publicity links everywere, try to delete it from chrome, but it reinstal itself every time, avast put it in quarantaine but... still there...

pp.developunit.info for few days now, starting to annoy me, and not sure my password/bank transaction are safe anymore... when i click on something, another page open, with something else, publicity or deals
Current issues and symptoms
Lots of publicity i don't want to see when mouseover on some links
And page i don't expect to see when i click on a link well known
Steps taken in order to remove the infection
Run Avast (free version), put something in quarantaine, then ask to run before windows start, did it, put some other things in quarantaine but.. still having problems.

Lelyel

New Member
Hope you can help me, that make me crazy, want to throw my computer by the window =D

Thanks in advance
 

TwinHeadedEagle

Removal Expert
Verified
Staff member
Hi,


Please download zoek.zip or zoek.rar by smeenk (
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:

    Code:
    gpt.ini;z 
    C:\Windows\System32\GroupPolicy;v
    C:\Windows\SysWOW64\GroupPolicy;v
    autoclean;
    emptyalltemp;
  • Click on
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
 
  • Like
Reactions: Lelyel

TwinHeadedEagle

Removal Expert
Verified
Staff member
Run one more fix with Zoek

Code:
C:\Windows\System32\GroupPolicy\gpt.ini;f
C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
C:\Windows\System32\GroupPolicy\Machine;fs
C:\Windows\System32\GroupPolicy\User;fs


Please download aswMBR and save it to your desktop.

Double click aswMBR.exe to start the tool.
  • Select Yes if prompted to download the Avast database.
  • Click Scan
  • Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
    Note: do NOT attempt any Fix yet.




How is the situation now?
 

TwinHeadedEagle

Removal Expert
Verified
Staff member
Did you executed Zoek?



Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.
  • Wait for initial scan to finish - if there is any query, click No;
  • Click Scan button and wait until the full scan is complete;
  • Click Save ... - save the report to the Desktop (named Gmer );

> Attach here Gmer logreports.
 

Lelyel

New Member
Everything seem ok for now, there is nothing strange left in the chrome extension's file. No weird things poping. Hope it's fix forever :D

Thanks you so much, i cross fingers :p
 

TwinHeadedEagle

Removal Expert
Verified
Staff member
The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.