Surf and Keep/AllCheapPrice/Tuvaro/WatchitNoAds

Joined
Feb 1, 2014
Messages
25
#1
I have had serious problems since a few months ago when I downloaded a file, it installed the "Surf and Keep" adware, which I sort of got rid off, but this browser extension "aalchheapprice" or something kept popping up, then after a while another one called "WatcheItNoeAds2.7" appeared. I could remove the first one every time I booted Chrome but it kept coming back, the second one, however, is "installed by enterprise policy" and undeleteable, I eventually got rid of the first one by deleting something in program data and it hasn't yet reappeared, but I can't get rid of the second one. In addition, ever since the problem started, any random search (i.e. opening a new tab and typing something) will take me to the Tuvaro search instead of Google search. The "WatcheItNoeAds2.7" seems to create random links in website text.
 
Operating System
Windows Vista
Are you using a 32-bit or 64-bit operating system?
32-bit (x86)
Infection date and initial symptoms
Several months ago, lots of ads and unwanted extensions, browser search redirect
Current issues and symptoms
"WatcheItNoeAds 2.7" Chrome browser extension undeletable due to being "installed by enterprise policy", creates random links in website text. Browser search redirects to Tuvaro search when I open a new tab and type something (previously it would go to google search)
Steps taken in order to remove the infection
Uninstalled and deleted many files, tried programs adwcleaner, JRT Junkware remove, Malwarebytes Anti-Malware (both quick and full scan), Malwarebytes Anti-Rootkit BETA, Hitman Pro 3.7, Cloud System Booster, Farber Recovery Scan Tool, aswMBR, problem persists.

Attachments

TwinHeadedEagle

Removal Expert
Staff member
Joined
Mar 8, 2013
Messages
22,092
OS
Windows 10
Antivirus
ESET
#2
Hi,


Uninstall following from Control Panel:
- GS.Supporter 1.80
- GS-Enabler
- GS-Supporter 1.80
- Speed Streamer
- YoutubeAdblocker


Restart your PC.



Then:



Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.
 

Attachments

Joined
Feb 1, 2014
Messages
25
#3
GS-Enabler and YoutubeAdBlocker aren't appearing on the control panel programs list, also when I try to uninstall the others I get an error, saying it can't find a dll or ena file and "the specified module could not be found".
 

TwinHeadedEagle

Removal Expert
Staff member
Joined
Mar 8, 2013
Messages
22,092
OS
Windows 10
Antivirus
ESET
#4
Then skip it and jump to the other step.



Then...



Please download zoek.zip or zoek.rar by smeenk (
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:

    Code:
    createsrpoint; 
    StandardSearch; 
    emptyfolderscheck; 
    installer-list; 
    installedprogs; 
    uninstall-list;
  • Click on
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
 

TwinHeadedEagle

Removal Expert
Staff member
Joined
Mar 8, 2013
Messages
22,092
OS
Windows 10
Antivirus
ESET
#7
Run Zoek again, but now with this script

Code:
emptyclsid;
emptyfolderscheck;delete
shortcutfix;
resetIEproxy;
netsh int ip reset >> %temp%\log.txt;b
ipconfig /flushdns >> %temp%\log.txt;b
resethosts;
emptyalltemp;
autoclean;
 
Last edited:
Joined
Feb 1, 2014
Messages
25
#8
That didn't solve the problem, WatcheItNoeAds2.7 is still there, as well as the Tuvaro redirect. Should I delete the files/folders in the zoek log that show where those extensions are? (Comodo and whatnot)?

EDIT: Speed Streamer also still appears in the control panel list of installed programs.
 

TwinHeadedEagle

Removal Expert
Staff member
Joined
Mar 8, 2013
Messages
22,092
OS
Windows 10
Antivirus
ESET
#13
Re-run Zoek with this script

Code:
ffmenu@savevid.com;ff
surfu anD keepp;chr
surf and keep;chr
Closed tabs;chr
grEAtseavieRR;chr
YTBiookMark;chr
SNT;chr
suRF and keep;chr
YoutubeAdblocker;chr
suurf and kueepp;chr
autoclean;
emptyclsid;
emptyalltemp;
 

TwinHeadedEagle

Removal Expert
Staff member
Joined
Mar 8, 2013
Messages
22,092
OS
Windows 10
Antivirus
ESET
#17
We need to investigate further.


Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  • Press Start Scan
  • If Suspicious object is detected, the default action will be Skip, click on Continue.
  • If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.



Then re-run FRST and attach both reports...