Steam infected with adware - DNS Unlocker

JamesL2015 · Sep 15, 2015

I hope this is what you are after.

TwinHeadedEagle · Sep 15, 2015

Can you delete this folder?

C:\Users\(user)\AppData\Local\Steam\htmlcache

Then let me know if it fixed ads in Steam.

JamesL2015 · Sep 17, 2015

I haven't seen ads in steam since that fixlog was run through FRST to delete the htmlcache, so I'm assuming it nuked the virus in steam.

I also had a couple of hours spare yesterday, and factory reset my phone, just in case it was the source and was just coming through the hotspot. The adware is still in chrome.

TwinHeadedEagle · Sep 18, 2015

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

JamesL2015 · Sep 18, 2015

This one's turning out to be a tricky little bugger, isn't it?

TwinHeadedEagle · Sep 18, 2015

Are you familiar with this:

C:\Program Files (x86)\MangoApps\TinyTake by MangoApps\SimpleShareProxy.exe

JamesL2015 · Sep 18, 2015

TinyTake is my region screenshot utility.

TwinHeadedEagle · Sep 18, 2015

Uninstall Chrome

Export your bookmarks
Import or export bookmarks - Chrome Help

Close all Chrome windows and tabs.
Go to the Start menu > Control Panel.
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.

Click Start, copy in search %LOCALAPPDATA%\ and remove folder Google

Download Chrome
Chrome Browser

Do not sign in into your Google account and let me know how is the situation now?

JamesL2015 · Sep 22, 2015

Sorry it's been a few days. I did this and it did not resolve the issue.

TwinHeadedEagle · Sep 22, 2015

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

JamesL2015 · Sep 22, 2015

There you go.

TwinHeadedEagle · Sep 22, 2015

Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on

icon and select

Run as Administrator to start the tool.
Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
Accept the Terms of use.
When the Scan button becomes available, please click it. RogueKiller will start a full scan.
Let this process run uninterrupted!.
When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

JamesL2015 · Sep 23, 2015

Ok, here is the report.

Now chrome is virtually unusable because of a persistent popup that occurs on every single website, so for the foreseeable future, I am switching to Firefox.

TwinHeadedEagle · Sep 23, 2015

Scan with Malwarebytes' Anti-Malware

Please re-run

Malwarebytes' Anti-Malware.

First of all, select update.
Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Scan Now.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the newest Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

JamesL2015 · Sep 26, 2015

Here you go.

JamesL2015 · Sep 26, 2015

I meant to add, aswell, it's starting to infect my Firefox browser, now that I am starting to use that.

TwinHeadedEagle · Sep 26, 2015

Please go to: VirusTotal

Click the Choose File button.
Please copy/paste the following text into the 'File name:' box:
Code:
```
C:\Users\JamesLangley\SCS\ScpServer\bin\ScpService.exe
```
Click Open then click the Scan it! button just below.
This will scan the file. Please be patient.
If you get a message saying File already analyzed: click Reanalyse
Once scanned, copy and paste the URL from your browser address bar in your next reply.

Steam infected with adware - DNS Unlocker

New Member

Attachments

Level 41

New Member

Level 41

New Member

Attachments

Level 41

New Member

Level 41

New Member

Level 41

New Member

Attachments

Level 41

New Member

Attachments

Level 41

New Member

Attachments

New Member

Level 41

Similar threads