Uninstall problem and system restore won't work

S

saganth

New Member
Thread author
Feb 13, 2014
9
Found something on my Google Chrome:

ExevaalidaatoRu 4.5
ID: cdjnmkpihchbjndnmlplcoiapmgmmffk
(This extension is managed and cannot be removed or disabled.)

I went to the following article to get instructions on how to remove it:

http://malwaretips.com/blogs/installed-enterprise-policy-removal/

I followed the instructions step by step, but when I found that in RegEdit the ID code could not be found becuase the complete directory I was told to look for the code in was not there. I checked the comments section and someone else had the same trouble. The article's author gave additional instructions, but still could not be carried out. So I tried the system restore (a couple of nights ago I was asked to update Java), so I set it to the day before that. I tried this twice and the computer told me after each restart that the restore had failed due to an "unknown error."

Help?
 
S

saganth

New Member
Thread author
Feb 13, 2014
9
Scans attached. Thanks to TwinHeadedEagle for the instructions.
 

Attachments

  • FRST.txt
    47.7 KB · Views: 134
  • Addition.txt
    37.4 KB · Views: 147
  • aswMBR.txt
    1.9 KB · Views: 78
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.




Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  • Press Start Scan
  • If Suspicious object is detected, the default action will be Skip, click on Continue.
  • If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.
 

Attachments

  • fixlist.txt
    7.2 KB · Views: 188
S

saganth

New Member
Thread author
Feb 13, 2014
9
Here are the two logs. On the TDSSKiller, it did not alert me to any thing suspicious or malicious.
 

Attachments

  • Fixlog.txt
    16.3 KB · Views: 179
  • TDSSKiller.3.0.0.23_13.02.2014_17.14.43_log.txt
    188.8 KB · Views: 81
S

saganth

New Member
Thread author
Feb 13, 2014
9
Attached, and it looks like it's gone! Not listed in the extensions anymore and Goolge seach image display in Chrome is back to normal! :)
 

Attachments

  • FRST.txt
    42.7 KB · Views: 130
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Ok, any other problem?


Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Post logfile will also be saved in the C:\AdwCleaner folder.
 
S

saganth

New Member
Thread author
Feb 13, 2014
9
Not to my knowledge, certainly nothing to do with malware that I am aware of. But I'll keep this forum in mind for any future trouble :) Thank you!
 
S

saganth

New Member
Thread author
Feb 13, 2014
9
It created two files about seven minutes apart. I am guessing you want the later one but I am attaching both just in case. he one marked "R0" was made first, and then "S0"
 

Attachments

  • AdwCleaner[R0].txt
    11 KB · Views: 79
  • AdwCleaner[S0].txt
    11.1 KB · Views: 97
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Good, let's finish then :)


The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
checkmark.png
Remove disinfection tools
checkmark.png
Create registry backup
checkmark.png
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

Similar threads

M
  • Locked
BBWC not detected by malwarebytes and rkill but is there?
Replies
13
Views
479
Windows Malware Removal Help & Support
icotonev
icotonev
Vangomichele
  • Locked
Canettech removal problems
Replies
1
Views
193
Windows Malware Removal Help & Support
nasdaq
nasdaq
blackmonkey445
  • Locked
I tried factory resetting and reinstalling windows using media creation tool and i have no clue what to do
Replies
2
Views
329
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top