Ajuda com Ninja Loader

system · August 20, 2015, 5:58pm

Em visita a Miami, pesquisando sobre passeios na internet, minha esposa, instalou, sem querer, o Ninja Loader e agora eu não consigo desinstalar o Ninja Loader do meu PC, quando seleciono desinstalar não acontece nada.
Ja passei o Avast e malwarebyte, que identificaram arquivos maliciosos, porém não consigo remover o Ninja Loader.
Alguem pode me ajudar

essexboy · August 20, 2015, 9:03pm

Eu não falo português por isso, se há problema pedir Jefferson Santiago para traduzir

I do not speak Portuguese so if there are problem ask Jefferson Santiago to translate

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

system · August 21, 2015, 11:30am

Fiz o processo e gerei os relatórios, mas não consigo anexar os arquivos .txt, como faço isso?

essexboy · August 21, 2015, 12:31pm

Attach as per the screenshot

system · August 21, 2015, 12:56pm

OK.

essexboy · August 21, 2015, 1:44pm

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Abra o bloco de notas e copiar/colar o texto no quotebox abaixo nele:

CreateRestorePoint: GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345 HKU\S-1-5-21-3232116556-672119108-2443747463-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345 HKU\S-1-5-21-3232116556-672119108-2443747463-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345 HKU\S-1-5-21-3232116556-672119108-2443747463-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345 HKU\S-1-5-21-3232116556-672119108-2443747463-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345 SearchScopes: HKLM -> DefaultScope value is missing FF HKU\S-1-5-21-3232116556-672119108-2443747463-1000\...\Firefox\Extensions: [ninjaloader@mail.com] - C:\Program Files (x86)\Ninja Loader\FireFox FF Extension: NinjaLoader - C:\Program Files (x86)\Ninja Loader\FireFox [2015-08-14] FF HKU\S-1-5-21-3232116556-672119108-2443747463-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [ninjaloader@mail.com] - C:\Program Files (x86)\Ninja Loader\FireFox StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345 R2 NetTcpHandler; C:\Users\Jovem\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] () R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-07-09] (Ninja Soft Inc.) 2015-08-18 09:10 - 2015-08-18 09:40 - 00000000 ____D C:\ProgramData\qIhACqT 2015-08-14 08:57 - 2015-08-14 08:59 - 00000000 ____D C:\Users\Jovem\AppData\Local\Ninja Loader 2015-08-14 08:57 - 2015-08-14 08:58 - 00000000 ____D C:\Program Files (x86)\Ninja Loader 2015-08-14 08:57 - 2015-08-14 08:57 - 00000000 ____D C:\Users\Jovem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader 2015-08-21 07:49 - 2015-07-11 17:42 - 00000342 ____H C:\Windows\Tasks\YNFETQHEJITHMKWT.job 2015-08-20 11:48 - 2015-07-11 17:00 - 00000000 ____D C:\Users\Jovem\AppData\Roaming\RunDir 2015-08-18 14:35 - 2015-05-19 17:15 - 00003150 _____ C:\Windows\System32\Tasks\{628F4596-038E-4AA3-950F-E05683E479F3} 2015-08-18 14:35 - 2015-05-08 07:59 - 00002980 _____ C:\Windows\System32\Tasks\{02ED785B-A075-4A26-BBB5-594A8ECC7EA6} 2015-08-18 14:35 - 2015-05-08 07:58 - 00002980 _____ C:\Windows\System32\Tasks\{CB805551-342F-4F27-A4C8-246B09410ADC} 2015-08-18 14:35 - 2015-05-08 07:58 - 00002980 _____ C:\Windows\System32\Tasks\{793FBDA8-1D48-427D-A17D-ECB08A007D9C} 2015-08-18 10:59 - 2015-07-11 17:11 - 00000000 ____D C:\Users\Jovem\AppData\Roaming\4C4C4544-1436645488-5610-8054-C7C04F343432 2015-08-18 10:59 - 2015-07-11 17:01 - 00000000 ____D C:\Users\Jovem\AppData\Roaming\4C4C4544-1436644865-5610-8054-C7C04F343432 2015-08-18 10:50 - 2015-07-11 17:08 - 00000000 ____D C:\Program Files (x86)\globalUpdate 2015-08-18 09:27 - 2015-07-11 17:42 - 00000000 ____D C:\ProgramData\Service8119 2015-04-19 09:20 - 2015-07-20 11:07 - 0000626 _____ () C:\Users\Jovem\AppData\Roaming\K5jArlWh4U7dQLUa8HokyxTUm Task: {2A67190A-F302-48CC-96A0-2878F87C2BF7} - System32\Tasks\{02ED785B-A075-4A26-BBB5-594A8ECC7EA6} => C:\Users\Jovem\Downloads\interpolador Rinex\rinterpo.exe [1999-03-08] () Task: {84F7CE8E-D176-4C73-B75D-DF778EDEB91F} - System32\Tasks\YNFETQHEJITHMKWT => C:\ProgramData\Service8119\Service8119.exe <==== ATTENTION Task: {8567324D-2E32-4247-A067-6A3771E7A442} - System32\Tasks\{CB805551-342F-4F27-A4C8-246B09410ADC} => C:\Users\Jovem\Downloads\interpolador Rinex\rinterpo.exe [1999-03-08] () Task: {8BDE9546-E393-4E5A-88DD-65A2B214FC45} - System32\Tasks\{628F4596-038E-4AA3-950F-E05683E479F3} => pcalua.exe -a "C:\Users\Jovem\Downloads\SPSO_3_50_Full (1).exe" -d C:\Users\Jovem\Downloads Task: {9BA23F5A-2468-4BAD-ADAE-76B81318C481} - System32\Tasks\{793FBDA8-1D48-427D-A17D-ECB08A007D9C} => C:\Users\Jovem\Downloads\interpolador Rinex\rinterpo.exe [1999-03-08] () Task: {D2B6F651-331D-4813-AF44-0E5C31E99B63} - System32\Tasks\{CE72282F-634D-428B-A893-5DB99686608A} => pcalua.exe -a C:\ProgramData\BreakingNewsAlert\uninstall.exe -c /kb=y /ic=1 Task: C:\Windows\Tasks\YNFETQHEJITHMKWT.job => C:\ProgramData\Service8119\Service8119.exe <==== ATTENTION C:\ProgramData\BreakingNewsAlert C:\Users\Jovem\AppData\Local\Ninja Loader C:\Users\Jovem\AppData\Roaming\NetService C:\Program Files (x86)\Ninja Loader Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state ON CMD: ipconfig /flushdns CMD: netsh winsock reset catalog CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

system · August 21, 2015, 2:29pm

OK, it is done!
The Ninja loader gone, but still appears http://www.123rede.com/?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345 When I start my Chrome Browser

essexboy · August 21, 2015, 3:00pm

Could you run a fresh FRST scan please as I did remove that… I need to see if it has returned

system · August 21, 2015, 5:27pm

ok

essexboy · August 21, 2015, 5:36pm

Could you reset chrome please https://support.google.com/chrome/answer/3296214?hl=pt

Ajuda com Ninja Loader

Announcements