I have had problems with this for a while now and it seems impossible to remove! Please help if you're able to! Ads keep popping up and whenever I click on a link the first two attempts take me to an advertisement and it's very frustrating.
UTubaeAudaBllock is driving me crazy!!
- Thread starter Smokeypancake
- Start date
Hi,
Please download zoek.zip or zoek.rar by smeenk (
) from here or here and save it to your Desktop.
Unpack the archive...
Please download zoek.zip or zoek.rar by smeenk (
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:createsrpoint; gpt.ini;z C:\Windows\System32\GroupPolicy;v C:\Windows\SysWOW64\GroupPolicy;v StandardSearch; emptyfolderscheck; installer-list; installedprogs; uninstall-list; - Click on button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
> Re-run zoek with this script and attach here fresh zoek log results.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:
C:\Windows\System32\GroupPolicy\GPT.INI;f
C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
C:\Windows\System32\GroupPolicy\Machine;fs
C:\Windows\System32\GroupPolicy\User;fs
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
C:\\PROGRA~3\\WINFIL~1;fs
ijkffgghalfgpciokfanggaainjifgkf;chr
autoclean;
emptyalltemp;
emptyclsid;
ipconfig /flushdns;bWe need just one more scan and we're done 
Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
For full instructions how MBAR works, read this article
> Doubleclick on the MBAR file
and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
• mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.
• On the Update Database screen, click on the Update button. Once you see 'Success: Database was successfully updated' click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.
Notice: with some infections, you may see two messages boxes:
- 'Could not load protection driver'. Click 'OK'.
- 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.
>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.
>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution ...
- When you see "press any key to exit" fix is completed, press any key to close the window. Reboot the system.
> The following reports will be created in mbar folder:
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt
Please post both logs in your next reply.
Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
For full instructions how MBAR works, read this article
> Doubleclick on the MBAR file
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
• mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.
• On the Update Database screen, click on the Update button. Once you see 'Success: Database was successfully updated' click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.
Notice: with some infections, you may see two messages boxes:
- 'Could not load protection driver'. Click 'OK'.
- 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.
>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.
>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution ...
- When you see "press any key to exit" fix is completed, press any key to close the window. Reboot the system.
> The following reports will be created in mbar folder:
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt
Please post both logs in your next reply.
Then, we're done here
I can recommend you this software to avoid Adware in the future:
http://unchecky.com/
Read here how it works --> http://www.howtogeek.com/179758/how-to-avoid-junkware-offers-with-unchecky/
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
I can recommend you this software to avoid Adware in the future:
http://unchecky.com/
Read here how it works --> http://www.howtogeek.com/179758/how-to-avoid-junkware-offers-with-unchecky/
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
You may also like...
-
Help with Samsung phone infected by a fake scanner app
- Started by Pirate pete
- Replies: 1
-
Food for thought: For tracking protection Peter Low's list is more than enough, here is why ....
- Started by LinuxFan58
- Replies: 23
-
-
Introducing VoodooSoft's RansomGuard EDR - Streamlined EDR for Consumers and SMB- Started by danb
- Replies: 37
