Followed the instructions, and have attached the log files.
Grateful for any help to clear this/these bug(s).
Regards Paul
I’m on it. Be right back.
Hello BigPaul,
Well, it would seems that MBAM has target them all. MBAM did find some adware (traces of PUP software) but nothing threatening.
FRST logs shows no trace of malware activities. Nevertheless, we will run a different tool to help ensure there’s no malware afoot.
Please download AdwCleaner by Xplode and save to your Desktop.
[*]Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
[*]The tool will start to update the database, please wait a bit.
[*]Click on I agree button.
[*]Click on the Scan button.
[*]AdwCleaner will begin…be patient as the scan may take some time to complete.
[*]After the scan has finished, click on the Report button…a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
[]The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don’t worry about it. If you see an entry you want to keep, let me know about it.
[]Attach the contents of that logfile in your next reply.
[*]A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Thank you magna86, I didn’t expect such a quick reply.
Did that and file attached.
Avast is warning about dodgy URL’s (even if I don’t fire IE) not Viruses.
I read the file but saw nothing exciting
Glad I could help. Posted logs appear cleans and show no signs of active infection. You should be good to go …
We’re gonna remove my used tools now as well as carry out some further cleaning and security settings. To learn more about how to protect yourself I’ll give you a few tips for reading.
• The following will implement some post-cleanup procedures:
To uninstall and remove AdwCleaner:
[*]Double click on adwcleaner.exe to run the tool;
[*]Click on Uninstall and Confirm with Yes
http://www.mcshield.net/pg/images/arrow.png
Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Tip: Do not use security tools such as ComboFix, FRST, Zoek and the like. These are advanced security tool, should not be used without supervision.
• Learn how to protect yourself:
=> In order to stay protected it is very important that you regularly update all of your software and Windows Operating System.
It is important that you visit Windows Update regularly.
How to configure and use Automatic Updates in Windows
It’s vital that you keep all your software up-to-date as older versions may have some security vulnerabilities. Keeping Java and Adobe update is priority.
Download and install latest version of Java
Download and install latest version of Adobe Reader
=> I recommend that you use one of the fantastic opportunities provided by
http://www.mcshield.net/pg/images/avast5.png
avast! AntiVirus.
For security protection, an active AntiVirus is required. If you want to reinforce your security setup I recommended additional security software and utilities:
Download and install Malwarebytes’ Anti-Malware and perform ‘Threat Scan’ from time to time. Malwarebytes will detect and remove all traces of known malware.
Download and install MCShield Anti-Malware Tool to prevent infections transmitted via removable drives.
Download and install Unchecky to keeps your checkboxes clear by preventing installing additional adware and other PUP bad software.
Download and install AdBlock for safe web browser surfing without annoying and malicious advertising ads.
• Extra text for reading:
Please visit and review PC Safety and Security - What Do I Need? for some helpful information.
Please visit FAQ - Answers to common security questions - Best Practices to read tips how to protect yourself against malware infection.
You may also visit and read What to do if your Computer is running slowly? if you like to read some basic geek stuff.
• The specific type of infection:
Meet CryptoPrevent. Security app that shall attempt to prevent dangerous malware that encrypts certain types of files stored on your disk, like CryptoWall, CryptoLocker and simular clones.
More information about this family of malicious software: CryptoLocker Ransomware Information Guide and FAQ ;
Cryptolocker Ransomware: What You Need To Know and CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
Stay safe.
Best Regards,
magna86
Thank you magna86, I did that and all programs (and text files) have gone like magic.
I read your (helpful) info and I do some of that already, I did install a couple of the programs you recommended, and learned new tips as well, thank you.
Regards Paul.
Hi Magna86, Avast has started firing PUP warnings again
The last two are;
http://37.48.117.50/4141/IncludeGeneration_142667128217856.dll
http://37.48.117.50/4141/SegmentProlonger_142669622257937.dll
Do I just run Malwarebytes Anti-Malware when these warnings appear?
What am I doing to collect these? I am not visiting dodgy sites. Is there an Avast bolt-on to delete rather than just report?
Regards Paul
we need new fresh logs … same as the one in your first post
Fresh logs as requested, regards
I will notify magna, but guessing you wont see him online before tomorrow
OK, no worries, thank you. P
Hello,
I shall look at posted logs tomorrow. Can’t do it now, sorry.
I’m having the same problem. Same http and rotating dll file names on chrome firing off every few seconds. Running Windows 7 in Bootcamp on Macbook Pro. Ran full scan which detected a number of infected files which I “fixed” automatically. Shortly thereafter the problem started again.
Please jtlauter51 open your own topic and attach logs http://forum.avast.com/index.php?topic=53253.0
It is not advisable to help two different users in the same thread no matter how similar the problem is.
Hi BigPaul,
FRST logs shows no malware activity per se. There are however some adware leftovers, but they are inactive so …
Also, be noted, you have a lot of Chrome extensions. Consider removal of these you do not use.
copy-paste this into URL in Chrome browser for fast access to extension list:
chrome://extensions/
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Hosts:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
.
Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:
[*]Type Super Optimizer into the Search: field in FRST then click the Search Registry button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.
Hi Magna86,
Ran fixlist, results attached
Removed 4 Chrome extensions (Don’t remember being asked to add them!)
Found Super Optimizer, results attached
Regards Paul
Hello,
You might wanna reset your Chrome browser settings back to defaults;
https://support.google.com/chrome/answer/3296214?hl=en
Now, just as you did before, create this simple FixList with the code below and run it via FRST and fix button and tell me do you still getting avast! alearts?
Start
REG: reg delete HKEY_USERS\S-1-5-21-1056468630-1952818233-684288963-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "Super Optimizer" /f
End
I ran that Magna86 then waited a couple of days to see what happened.
I’ve had 1 PUP warning (but didn’t catch the URL) otherwise I seem to be clear.
Thank you for all your help.
Paul