Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Threats wont remove with Kaspersky
Message
<blockquote data-quote="TwinHeadedEagle" data-source="post: 146936" data-attributes="member: 6533"><p>Glad to hear it <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p></p><p>We're not yet done here, still there are some things to remove:</p><p></p><p></p><p>Open notepad and copy/paste the text present inside the code box below:</p><p></p><p></p><p>[code]Registry::</p><p>[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8F4753DF-0E4A-DA24-34CF-7790AC624DDF}]</p><p>[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]</p><p>[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]</p><p>[-HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]</p><p>[-HKEY_CLASSES_ROOT\delta.deltadskBnd.1]</p><p>[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]</p><p>[-HKEY_CLASSES_ROOT\delta.deltadskBnd]</p><p>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"XhYbIiqqD.exe"=-</p><p></p><p>File::</p><p>c:\windows\system32\config\systemprofile\AppData\Local\EhItiq0rXCm\XhYbIiqqD.exe</p><p></p><p>Folder::</p><p>c:\programdata\Zoomex</p><p>c:\program files (x86)\Delta</p><p>c:\windows\system32\config\systemprofile\AppData\Local\EhItiq0rXCm</p><p></p><p>Firefox::</p><p>FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\</p><p>FF - prefs.js: browser.search.defaulturl - </p><p>FF - user.js: extensions.delta.tlbrSrchUrl - </p><p>FF - user.js: extensions.delta.id - 0e05d0fe00000000000006265efb260b</p><p>FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}</p><p>FF - user.js: extensions.delta.instlDay - 15845</p><p>FF - user.js: extensions.delta.vrsn - 1.8.21.5</p><p>FF - user.js: extensions.delta.vrsni - 1.8.21.5</p><p>FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:06</p><p>FF - user.js: extensions.delta.prtnrId - delta</p><p>FF - user.js: extensions.delta.prdct - delta</p><p>FF - user.js: extensions.delta.aflt - babsst</p><p>FF - user.js: extensions.delta.smplGrp - none</p><p>FF - user.js: extensions.delta.tlbrId - base</p><p>FF - user.js: extensions.delta.instlRef - sst</p><p>FF - user.js: extensions.delta.dfltLng - en</p><p>FF - user.js: extensions.delta.excTlbr - false</p><p>FF - user.js: extensions.delta.ffxUnstlRst - true</p><p>FF - user.js: extensions.delta.admin - false</p><p>FF - user.js: extensions.delta_i.babTrack - affID=119776&tt=gc_190513_215</p><p>FF - user.js: extensions.delta_i.babExt - </p><p>FF - user.js: extensions.delta_i.srcExt - ss</p><p>FF - user.js: extensions.delta.autoRvrt - false</p><p>FF - user.js: extensions.delta.rvrt - false</p><p>FF - user.js: extensions.delta.newTab - false</p><p></p><p>ClearJavaCache::[/code]Save this as <strong>CFScript.txt </strong></p><p></p><p><img src="http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /> </p><p></p><p>Close all browser windows and refering to the picture above.</p><p></p><p>Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.</p><p>ComboFix will will re-run. When finished, it will produce a log for you. </p><p>Attach the contents of the log in your next reply. (typical location: C:\<strong>ComboFix.txt</strong> )</p></blockquote><p></p>
[QUOTE="TwinHeadedEagle, post: 146936, member: 6533"] Glad to hear it :) We're not yet done here, still there are some things to remove: Open notepad and copy/paste the text present inside the code box below: [code]Registry:: [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8F4753DF-0E4A-DA24-34CF-7790AC624DDF}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] [-HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}] [-HKEY_CLASSES_ROOT\delta.deltadskBnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [-HKEY_CLASSES_ROOT\delta.deltadskBnd] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "XhYbIiqqD.exe"=- File:: c:\windows\system32\config\systemprofile\AppData\Local\EhItiq0rXCm\XhYbIiqqD.exe Folder:: c:\programdata\Zoomex c:\program files (x86)\Delta c:\windows\system32\config\systemprofile\AppData\Local\EhItiq0rXCm Firefox:: FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\crkgst8z.default\ FF - prefs.js: browser.search.defaulturl - FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 0e05d0fe00000000000006265efb260b FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15845 FF - user.js: extensions.delta.vrsn - 1.8.21.5 FF - user.js: extensions.delta.vrsni - 1.8.21.5 FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:06 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=119776&tt=gc_190513_215 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false ClearJavaCache::[/code]Save this as [b]CFScript.txt [/b] [img]http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif[/img] Close all browser windows and refering to the picture above. Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will will re-run. When finished, it will produce a log for you. Attach the contents of the log in your next reply. (typical location: C:\[b]ComboFix.txt[/b] ) [/QUOTE]
Insert quotes…
Verification
Post reply
Top