REmeoveTTHeAdApp extension

[T Hans]

Hello I am experiencing a similar problem, and this is the only site with a reference to the REmeoveTTHeAdApp extension, which i cannot uninstall due to the "enterprise policy"

I am using Vista, with MSE and Spybot and neither has been able to rid my computer of the adware, have tried going into the control panel and deleting random entries, gs.enabler, digisaver, greatsaver, and some youtubead entry yet the extension persists in Chrome and am always getting random popups and ads playing without permission

any help would be appreciated please,

Travis

 

[TwinHeadedEagle]

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/

 

[T Hans]

Thank you for the reply Eagle, sorry it took awhile I did not get the reply notification right away, I am now "watching" the thread.
Here are the attached files you requested:


Thanks again,
Travis

P.S. if you need additional information, please let me know

 

[g3n-h@ckm@n]

hello TwinHeadedEgle asked to me to take your topic cause he doesn't have anymore time for the moment

uninstall Tuneup utilities it's a system beaker
uninstall spybot it's useless

Download and register ADWCleaner to your desktop from this direct link : http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Launch it , (For vista / 7 / 8 = > right click " to execute as administrator ") then click on "scan"

when done, click on "clean" and post C:\Adwcleaner[Sx].txt

================

Download Shortcut_Module from this link :

http://www.telecharger.sosvirus.net/gen-hackman/Shortcut_Module.exe

save it to your desktop

Attention : It'll close all the programs opened like IE, Firefox, Word etc...

It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.

Attach the report

=================

close all windows and applications during installation and analysis.

Download here: http://www.malwarebytes.org/

Click on Free Download

Installs

• chosen well, "french"
• does not modify the installation settings
• put it up to date
• Do not select the test pro version

Follow these instructions carefully:

• Close all your running applications
• Run Malwarebyte's.
• Do a "Complete"scan

Let the program work (and do nothing else with the computer during the scan).

At the end, click on "Show Results"

Verifies that all infected objects are validated, then click "delete"

Note: if you need to restart your computer to finish the cleaning, do it!

Post the report saved after deleting infected objects (in "reports / logs" Malwarebytes tab, the latest: mbamlog.xx.xx .. Etc ....)

 

[T Hans]

Alright g3n, I have done all of the following and here are the reports:

Hope this helps, the malware bytes did delete 2 items

If you need any additional information feel free to ask

Thanks,
Travis

 

[g3n-h@ckm@n]

hello , ok let's do a diagnostic to see if there's some rests

Download From this link OTL : http://oldtimer.geekstogo.com/OTL.exe

Save it to your desktop

If you have XP => double-click , else , right-click "Run as administrator" to run it

configure it like this : ("Analyse"="Run Scan" must be pressed at last , after pasting the blue bold text following the picture )

if a 64 bits checkbox appears let it checked.

copy/paste what is below in blue bold under "Personnalization" in OTL :

HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programfiles%\Google\Desktop\Install /s
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT

click on "Run scan" and let the tool work
At the end "notepad" will open (OTL.txt & Extras.txt)
you can find them near the OTL executable.

Dont post them in the forum !!!! ( they're too big )

Attach them here or on http://cjoint.com or other site and give the links you obtained.

 

[T Hans]

Here ya go g3n:

OTL.Txt: http://cjoint.com/?3CixhXPFRhT
Extras.Txt: http://cjoint.com/?3CixjMUX783

Hope this helps, let me know if you need any additional info

Thanks,
Travis

 

[g3n-h@ckm@n]

is "remeovettheadapp-extension" still present ?

 

[T Hans]

yes it is still present

 

[g3n-h@ckm@n]

ok , in which browser please ?

Edit::

ok in google chrome i saw it now

 

[g3n-h@ckm@n]

create a new text document (important : in your desktop )

you name it : Module

open it an paste that inside :

mbclcadfnephdfdlfejkphmddjimonal
REmeoveTTHeAdApp

save and close it & run again a clean with shorcut_Module(it's possible it updates), it will work with these parameters

attach the new log

 

[T Hans]

Ive made the text document called module on the desktop but I am not sure which program you want me to use to "clean with shorcut_Module"

 

[g3n-h@ckm@n]

Shortcut_Module , the program I asked to you to download before which gave you the report you attached early

 

[T Hans]

Woot! it is gone, thank you g3n!

As far as the numerous logs on my desktop and the files in my download folder what can i do with these? I know you guys usually recommend a post-fix cleanup?

Thanks again,
Travis

 

[g3n-h@ckm@n]

yes , I'd like to read the last report in your systemdrive

 

[T Hans]

Here ya go boss:

 

[g3n-h@ckm@n]

ok still problems or not ?

 

[T Hans]

Nope, the extension is no longer there. Thank you g3n!!! u da man

 

[g3n-h@ckm@n]

Ok download Delfix and check all and execute :

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix

=========

Download Unchecky : http://unchecky.com/files/unchecky_setup.exe

and install it , it will automatically uncheck the toolbars and unwanted programs when you install something downloaded on the net.

==========

Look in your start menu / programs / Windows Updates to see if there's nothing which waits to be downloaded and installed(take all , but not languages packages or bing desktop)

===========

Run again Shortcut_Module and click on the little "U" on the right of my pseudo , it'll remove all the traces of the soft

 

[T Hans]

Okay, so I've done all of the above and here is the report from Delfix: