Removing the click.cpvrdr.com malware

[Chelle]

Hi about a week ago we noticed an extra window opening up when using goggle chrome, always advertising products we have used. it was today I noticed very quickly that before the ad fully loaded the address bar had click.cpvrdr.com writen in it. I goggled this and found this site to help remove it. I have followed steps 1 2 & 3. However when trying to do step 4, JRT.exe my compter came up with this message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item" although I am an Administrator account user. Can this be fixed or can this step be skipped. Thank you in advance for any advice you can give me.

 

[TwinHeadedEagle]

Hi,

Please follow this topic and attach missing logs

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/

Start from Step 2, you finished Step 1

 

[Chelle]

Hi

I have tried to run the other 2 programs you require but my system is having none of it. I have to say that since running steps 1 to 3 on your removal guide I've not seen the pop up window but I'm guessing its not completely gone. Sorry only know the basics with computers. Would you recommended me having someone check my laptop? I am very appreciative of your advice regarding my problem.

 

[TwinHeadedEagle]

I will check your computer

I have tried to run the other 2 programs you require but my system is having none of it

Can you explain this. In order for me to check your PC, I need these reports. It's easy...just follow the instructions...

 

[Chelle]

When I try to run the Farbar Recovery Scan Tool it comes back with the message "unable to open script file". I tried to run aswMBR too and it came back with the message "C:\Users\Chelleoscuss\Downloads\aswMBR.exe is not a valid Win32 application.

 

[TwinHeadedEagle]

Please download DDS and save it to your Desktop from here:
http://www.bleepingcomputer.com/download/dds/dl/104/

Double click to run the tool, click the Start button.

* When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

 

[Chelle]

Good Morning,

I have performed the required scan and have attached both reports.

Thank you

Chelle

 

[TwinHeadedEagle]

PC seems clean, but let's make another check:


Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.

• Press Start Scan
• If Suspicious object is detected, the default action will be Skip, click on Continue.
• If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.



1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guidehttp://www.bleepingcomputer.com/combofix/how-to-use-combofix carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.htmlthis or this Instruction.


Note: Do not forget to turn on this option after the cleaning.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.

 

[Chelle]

Hi

I have tried to get the 2 scans to run but have had difficulties with both sorry. I had the following messages after trying to perform the scan.

tdsskiller - C:\Users\Chelleoscuss\Desktop\tdsskiller.exe is not a valid Win32 application.

ComboFix.exe -
Installer integrity check has failed. Common causes include incomplete download and damaged media. Contact the installer's author to obtain a new copy. More information at: http://nsis.sf.net/NSIS_Error. I did try downloading the file several times but had the same message each time.

Thank you again for your time and help

 

[TwinHeadedEagle]

Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named



Double-clicking to run GMER.

• Wait for initial scan to finish - if there is any query, click No;
• Click Scan button and wait until the full scan is complete;
• Click Save ... - save the report to the Desktop (named Gmer );

> Attach here Gmer logreports.

 

[Chelle]

I have completed the required scan and attached the log as requested.

Thank you

 

[TwinHeadedEagle]

PC seems clean, how is the computer behaving now?

 

[Chelle]

I have just checked Goggle Chrome and opened various tabs and I did have the Click.cpvrdr.com malware pop up once but that was it. Definitely running a lot better, good to know that my Laptop is clean of virus's.

Thank you so much. Your assistance has been a massive help .

Kind regards

Chelle

 

[TwinHeadedEagle]

I have just checked Goggle Chrome and opened various tabs and I did have the Click.cpvrdr.com malware pop up once but that was it. Definitely running a lot better, good to know that my Laptop is clean of virus's.

Thank you so much. Your assistance has been a massive help .

Kind regards

Chelle

Do you want to perform another check, so we can remove that one pop up, not to happen anymore?

 

[Chelle]

That would probably be a good thing to do, make sure its gone for good. Appreciate you taking the time to sort this out with me, thank you.

 

[TwinHeadedEagle]

Ok then...


Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:

createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"