RemoVeThEAdAPp Malware? Help?!

[Amora]

Just found this little "gem" and was instantly annoyed that Avast! didn't catch it. I don't really know how long it was there since I just looked at all my extensions on chrome now. I am not the most computer literate/tech savvy person. I know enough to navigate and I'm slowly learning. Any and all help with this would be divine. I just upgraded my RAM thinking oh well maybe that's the problem area there and still my CPU was ticking in the orange and red meters on the gauge.

 

[TwinHeadedEagle]

Hi,



Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  
  

  createsrpoint;
  gpt.ini;z 
  C:\Windows\System32\GroupPolicy;v
  C:\Windows\SysWOW64\GroupPolicy;v 
  StandardSearch; 
  emptyfolderscheck; 
  installer-list; 
  installedprogs; 
  uninstall-list;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.

• Press Start Scan
• If Suspicious object is detected, the default action will be Skip, click on Continue.
• If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.

 

[Amora]

Here are the logs.

 

[TwinHeadedEagle]

Re-run Zoek with this script

emptyfolderscheck;delete
C:\Windows\System32\GroupPolicy\Machine;fs
C:\Windows\System32\GroupPolicy\User;fs
C:\Windows\System32\GroupPolicy\GPT.INI;f
C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
Yahoo Toolbar;ff
BitTorrentBar;ff
BaJa AdBlocker;ff
adblockingfiltersetp;ff
bcfjehbfanfhgoehogmbiebedkidedjb;chr
mhfdcmehmjcclgopdodkjdicohagipid;chr
pnjnnnhampgflieglcelomcofocioegp;chr
holdfkafmihejagjaanjjaeignegcieo;chr
dplhgodgmlpbfncljhjpcccfmpfgiigc;chr
autoclean;
emptyalltemp;

 

[Amora]

Here is the new file, however now that I did that I'm on my laptop because I can't do anything on the internet now on my desktop.

 

[TwinHeadedEagle]

What is going on?

 

[Amora]

When I try to open any browser or anything that hooks to the internet it comes up with a "webpage not available", but i can clearly see it has internet access.

 

[TwinHeadedEagle]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

 

[Amora]

Can I download this to a USB to get onto my desktop? Since I am using my laptop currently to connect to the internet.

 

[Amora]

I moved the files from laptop to desktop to run and back to the laptop to upload.

 

[Amora]

Still having issues.

 

[TwinHeadedEagle]

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.




Then, I need you to download attached .reg files and to execute them one by one. Tell me is there a progress.