Started with "BrowserModifier:Win32/Suptab!blnk", now hijacking accounts

A

Amalgam

New Member
Thread author
Nov 12, 2016
5
I'm at the end of the line here. My friend downloaded a suspicious program from Sourceforge and I can't get rid of the malware that came along with it. I consider myself a tech-savy person but I just can't find the source of this evil thing that's infected my computer. I've uploaded an MBR check and the FRST logs including shortcuts.

The main reason I know the malware still exists is that it keeps writing in redirects to sweetpageurl on chrome. I can remove them manually or through anti-malware but they keep reappearing. I am in serious need of help or I might have to reformat and lose about 500 pdfs worth of medical study notes.

Please help me!
 

Attachments

  • FRST.txt
    74.5 KB · Views: 8
  • Addition.txt
    80.6 KB · Views: 1
  • MBRCheck_11.13.16_05.43.58.txt
    19 KB · Views: 1
  • Shortcut.txt
    52.2 KB · Views: 1
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked.

    2873ryc.png

  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please attach report into your next reply.
 
A

Amalgam

New Member
Thread author
Nov 12, 2016
5
Hello, sir.

I've uploaded the requested logs.
 

Attachments

  • FRST.txt
    75.8 KB · Views: 2
  • Addition.txt
    80.8 KB · Views: 3
A

Amalgam

New Member
Thread author
Nov 12, 2016
5
Just reinstalled chrome and ran Adwcleaner. Found 18 threats. I've attached the log to this post.
 

Attachments

  • AdwCleaner[S17].txt
    6.4 KB · Views: 9
A

Amalgam

New Member
Thread author
Nov 12, 2016
5
I think chrome refuses to let anything change the secure preferences file that the sweetpageurl thing is on. So every time I try to remove it, I get a "Chrome detected that some of your settings were corrupted by another program and reset them to their original defaults." message in chrome's settings. It's all because I sync my chrome through my google account. Any solutions?
 
A

Amalgam

New Member
Thread author
Nov 12, 2016
5
That did the trick. The question now is if my phone has been infected by the original virus since it was connected to my computer through a USB. And also if my online accounts were compromised considering that it sent spam links on skype.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
No, such malware isn't spreading over USB. Yes, they probably have your Skype username and password, so you should change it.
 

Similar threads

M
    • Like
  • Locked
Solved Need help with "BrowserModifier:Win32/Suptab!blnk"
Replies
18
Views
7,802
Windows Malware Removal Help & Support
TwinHeadedEagle
TwinHeadedEagle
D
  • Locked
New duplicate services popping up with funky extensions
Replies
35
Views
8,130
Malware Analysis
Dcroft39
D
Pajer1a
    • Like
  • Locked
Secure Search Browser Removal
Replies
8
Views
2,647
Windows Malware Removal Help & Support
struppigel
struppigel

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top