I’ve read a couple of things, but could use some more specified help, I get rid of one it seems and then I get another the last 2 have been redirect.ad-feeds.net and jvupdatr.com. Have had others before that too and I think some or more are creating Temp files and eating up my memory. I believe I removed some liek I said and had my memory down to about 4.5 gig and got it back up to about 48. If someone can help let me know what to download and try it would be greatly appreciated. Thanks in advance.
Sorry for the multiple posts of this, firt time on here and couldn’t tel ltill now if it was actually posting, not sure how to delete the previous posts
Hello there,
please follow this guide and attach the requested logs: https://forum.avast.com/index.php?topic=53253.0
The other posts are a forum software bug and will be removed later, please stick to one thread.
Thanks, trying to figure out what to do now. Not all that tech savvy tbh
As mentioned this is a forum bug which has yet to be found and squashed - your duplicates have been removed.
Just finished the MABM scan. but not sure how to attach the log and MABM keeps popping up saying it’s blocking a mod.idlecrawler.com. This is what I save in the text file
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12/8/2014
Scan Time: 7:08:17 PM
Logfile: ANSI.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.08.10
Rootkit Database: v2014.12.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372864
Time Elapsed: 12 min, 5 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Ok well I can’t copy and paste the Farbar Recovery Scan, so if someone can tell me how to attach it, would be greatly appreciated
Ok figured it out now, will just attach all the logs when I finish the last scan
Here’s all the Logs, I was also able to delete that idlecraler thing, which might’ve been the route of the whole problem. None of the scans found anything, but here are the logs, if anyone can possibly suggest anything, or even anything to look out for it would be greatly appreciated.
2nd set of logs
There is an indication in the logs shown that you are a Heavy torrenter?
I Will pass this on. However, ultimately, with Torrents involved, the removers may chose NOT to help you.
Please discontinue any current torrent(ing) immediately.
Dear victim,
Torrenting is a user practice that is frowned upon by the content industry. We often find torrents intentionally infested with nasty and often persistent adware/crapware or riddled up with other malcode. Whenever there are legit or free alternatives choose these to land on your computer. Well some users even went so far with that even their OS came in via torrents and might be malignant from the core end upwards down. Do refrain from these often illegal practices and feel much more secure with safehex bytes on your machine.
polonus
Hello sammyc4loans and welcome to avast!. I will be working on your Malware issues.
Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.
Please stay with me until given the ‘all clear’ even if symptoms seemingly abate.
Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
File: C:\Windows\Installer\{06EB7F2D-32AC-9A26-88C8-5E5E68ACC0F9}\syshost.exe
File: C:\Users\Owner\AppData\Roaming\network\network.exe
Folder: C:\Windows\Installer\{06EB7F2D-32AC-9A26-88C8-5E5E68ACC0F9}
Folder: C:\Program Files\Cerber AntiVirus
Folder: C:\ProgramData\Spybot - Search & Destroy
CloseProcesses:
cmd: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\syshost32" /f
URLSearchHook: HKLM-x32 - (No Name) - {6926c7f7-6006-42d1-b046-eba1b3010315} - No File
URLSearchHook: HKU\S-1-5-21-3283076314-325376147-1142640929-1000 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3283076314-325376147-1142640929-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKU\S-1-5-21-3283076314-325376147-1142640929-1000 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\.DEFAULT -> No Name - {6926C7F7-6006-42D1-B046-EBA1B3010315} - No File
Toolbar: HKU\.DEFAULT -> No Name - {6B34ACCF-1B63-4E1A-8633-461917C75544} - No File
Toolbar: HKU\S-1-5-21-3283076314-325376147-1142640929-1000 -> No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
Hosts:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65660006.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\65660006.sys => ""="Driver"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3283076314-325376147-1142640929-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Task: {0EAA302F-DFC3-4C5F-A20E-4D9E7ABDBC36} - \DonutQuotes No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
RemoveDirectory: C:\AdwCleaner
EmptyTemp:
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
This has nothing to do with IdleCrawler being malicious in your computer. however its your virus guard that blocks the program. If you have not installed IdleCrawler intentionally, it might have come bundled with another application which you probably have accepted during the installation. If you did install IdleCrawler willingly, you should make an exception in the virus guard to let it execute.