Solved Win32:InstallMate-AD [PUP] prefs.js still show as problem

Lhamilton

New Member
Thread author
May 26, 2014
7
My Malwarebytes identified a problem withWin32:InstallMate-AD [PUP] virus (Removal Guide). I followed your sites removal steps but still the prefs.js seems to be a problem (no symptoms though).
 

Attachments

  • Addition.txt
    34.8 KB · Views: 80
  • FRST.txt
    34.6 KB · Views: 129
  • AdwCleaner[R7].txt
    1.5 KB · Views: 72
  • AdwCleaner[S3].txt
    1.5 KB · Views: 79
  • JRT.txt
    625 bytes · Views: 92

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Post logfile will also be saved in the C:\AdwCleaner folder.
 

Lhamilton

New Member
Thread author
May 26, 2014
7
Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Post logfile will also be saved in the C:\AdwCleaner folder.
Again? I did that this morning and sent you a before and after Adwcleaner log....
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Ok, then no need for adwcleaner.

Please download zoek.zip or zoek.rar by smeenk (
Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

    Code:
    createsrpoint;
    emptyfolderscheck;delete
    autoclean;
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns;b
  • Click on
    Run%20Script%20by%20zoek.png
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
 

Lhamilton

New Member
Thread author
May 26, 2014
7
Ok, then no need for adwcleaner.

Please download zoek.zip or zoek.rar by smeenk (
Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

    Code:
    createsrpoint;
    emptyfolderscheck;delete
    autoclean;
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns;b
  • Click on
    Run%20Script%20by%20zoek.png
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Hi,

Here's the file.

Thx.
 

Attachments

  • zoek-results.txt
    7.1 KB · Views: 83

Lhamilton

New Member
Thread author
May 26, 2014
7
PC should be clean now, what do you think?
I'm still a bit worried --
PC should be clean now, what do you think?

Hi,

However, when I re-run AdwCleaner it's still showing me some issues with Firefox's prefs.js . I've enclosed the latest report and screengrab from the FF page. Even if I tell it to clean the files, the same prefs.js appear in the report....

Thx.

L.
 

Attachments

  • AdwCleaner[R9].txt
    1.7 KB · Views: 68
  • adwcleaner_capture.png
    adwcleaner_capture.png
    300.1 KB · Views: 95

Lhamilton

New Member
Thread author
May 26, 2014
7
How is the situation inside Firefox?
I don't see anything odd (I never did have any symptoms). All my plugins and add-ons look normal and there are no extra ones. No services. I'd noticed a site listed that I didn't recognize for "The following websites are allowed to store data for offline use" and I deleted that and it stayed deleted. I run noscript, flashblock, Adblock and WOT and have Shockwave Flash set to Ask to Activate.

(I'm rather curious how I got this -- My son mentioned though that he streamed some video and an ad popped up and he closed it -- I suspect a possibly fake close button on the ad may have done it. The only thing I've installed recently is Flash but it was from the Adobe site)
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
For future protection I can recommend you:
- Adblock --> https://adblockplus.org/en/chrome
- Unchecky --> http://unchecky.com/



The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
checkmark.png
Remove disinfection tools
checkmark.png
Create registry backup
checkmark.png
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

Lhamilton

New Member
Thread author
May 26, 2014
7
For future protection I can recommend you:
- Adblock --> https://adblockplus.org/en/chrome
- Unchecky --> http://unchecky.com/



The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
checkmark.png
Remove disinfection tools
checkmark.png
Create registry backup
checkmark.png
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Thanks. I do t use chrome but I'm using adblock plus in firefox. I'll take a look at unchecky.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top