Just found this little "gem" and was instantly annoyed that Avast! didn't catch it. I don't really know how long it was there since I just looked at all my extensions on chrome now. I am not the most computer literate/tech savvy person. I know enough to navigate and I'm slowly learning. Any and all help with this would be divine. I just upgraded my RAM thinking oh well maybe that's the problem area there and still my CPU was ticking in the orange and red meters on the gauge.
RemoVeThEAdAPp Malware? Help?!
- Thread starter Amora
- Start date
- Mar 8, 2013
- 22,627
Hi,
Please download zoek.zip or zoek.rar by smeenk (
) from here or here and save it to your Desktop.
Unpack the archive...
Download TDSSKiller and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
Please download zoek.zip or zoek.rar by smeenk (
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code:createsrpoint; gpt.ini;z C:\Windows\System32\GroupPolicy;v C:\Windows\SysWOW64\GroupPolicy;v StandardSearch; emptyfolderscheck; installer-list; installedprogs; uninstall-list; - Click on
button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
Download TDSSKiller and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
- Press Start Scan
- If Suspicious object is detected, the default action will be Skip, click on Continue.
- If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
- Mar 8, 2013
- 22,627
Re-run Zoek with this script
Code:
emptyfolderscheck;delete
C:\Windows\System32\GroupPolicy\Machine;fs
C:\Windows\System32\GroupPolicy\User;fs
C:\Windows\System32\GroupPolicy\GPT.INI;f
C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
Yahoo Toolbar;ff
BitTorrentBar;ff
BaJa AdBlocker;ff
adblockingfiltersetp;ff
bcfjehbfanfhgoehogmbiebedkidedjb;chr
mhfdcmehmjcclgopdodkjdicohagipid;chr
pnjnnnhampgflieglcelomcofocioegp;chr
holdfkafmihejagjaanjjaeignegcieo;chr
dplhgodgmlpbfncljhjpcccfmpfgiigc;chr
autoclean;
emptyalltemp;Here is the new file, however now that I did that I'm on my laptop because I can't do anything on the internet now on my desktop.
- Mar 8, 2013
- 22,627
When I try to open any browser or anything that hooks to the internet it comes up with a "webpage not available", but i can clearly see it has internet access.
- Mar 8, 2013
- 22,627
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Please download Farbar Service Scanner and run it on the computer with the issue.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Please download Farbar Service Scanner and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
Can I download this to a USB to get onto my desktop? Since I am using my laptop currently to connect to the internet.
- Mar 8, 2013
- 22,627
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
Open FRST, and click Fix. Attach me that report after it is finished.
Then, I need you to download attached .reg files and to execute them one by one. Tell me is there a progress.
Open FRST, and click Fix. Attach me that report after it is finished.
Then, I need you to download attached .reg files and to execute them one by one. Tell me is there a progress.
Similar threads
- Locked
-
- Locked
