getting adds voice over popping up
Avast blocks web pages related to C:\Windows\system32\svchost.exe
MAB fixed one issue as stated in the log
here are the log files
Thanks in advance for the help
Greg
getting adds voice over popping up
Avast blocks web pages related to C:\Windows\system32\svchost.exe
MAB fixed one issue as stated in the log
here are the log files
Thanks in advance for the help
Greg
Hi,
You have download & run Malwarebytes Anti-Malware (MBAM) version 1.75. I would like you to download latest MBAM verion 2.0 with ARK and PUP settings and preform re-scan.
Then, run FRST tool to target any remnants:
=> MBAM2 Threat Scan
Please download Malwarebytes Anti-Malware ver. 2.0 and install the application.
Double-click on mbam-setup.exe and follow the prompts to install the program. Upon installation, click Finish
Note: A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish…
On the first launch, you’ll get an “Update” notification. Click the ‘Update Now >>’ link or button to complete update.
• Configure the scanner. On the Settings tab, Detection and Protection adjust the following options:
• Preform the Scan. Click on the Scan tab, then click on Scan Now >> for Threat Scan.
If an update is available, click the ‘Update Now’ button, then continue to Scan.
Note: only with some infections, you may see this message box ‘Could not load DDA driver’
In this case, click ‘Yes’ to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes.
• Post the logs. Click on the History tab > Application Logs. Double click on the Scan Log which shows the date and time of just performed scan.
Please attach the exported/saved log named as mbam.txt to your next reply.
=> FRST Scan
Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Round 2
Thanks for the help
Hi Makdaddy,
For some unknown reason, Chrome section isn’t good sorted.
Would you please delete FRST.exe icon (drag&drop into recyclen) and download fresh FRST.exe from link above and re-run the tool by pressing Scan.
Post here fresh created FRST.txt logreprot.
Khm … you have been run ComboFix. Who told you tu run ComboFix?
Please post here C:\ComboFix.txt and C:\Qoobox\ComboFix-quarantined-files.txt logfiles after reading this note:
sUBs himself;
http://www.techsupportforum.com/1829551-post6.html
Official warning & directions:
http://www.bleepingcomputer.com/forums/topic273628.html
Good day
I ran combofix on my own, out of frustration on trying to fix this on my own
The file you refer to is not in that directory “C:\Qoobox\ComboFix-quarantined-files.txt”
here is the new file you requested
Greg
C:\Combofix.txt log?
And another question: Why you did not download the latest verzion of FRST tool from the link I gave you above?
Your FRST tool is 122 days out of date.
To continue, I’ll need the ComboFix.txt logreport as well as latest FRST log (download fresh copy of tool and run the tool).
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
When I go to the link you provided
The link is redirected in Mozilla and I get no option to download?
I was able to get around that and get it downloaded from that site.
Here is the new results for FRST
I did not find a file named ComboFix.txt anywhere on the computer?
Hm…in that case I’ll need one more check before I am able to write fix for you.
Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:
[*]Type rpcss.dll into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.
Will do
But the system is 32 bit
I dont think I have a FRST64 file?
This is my default canned. Just run FRST (latest copy you have) and follow the instructions for runniing and searching the above file …
here is the updated file while doing just the search
Hi,
This FixList shall tell FRST to disinfectant malware and to target the malware loading points plus some adware/PUP leftovers …
2. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
File: C:\prefs.js
C:\Windows\system32\zylp.wkb
C:\Windows\system32\kjtzy.ugl
C:\Windows\system32\wkat.iaf
C:\Windows\system32\emoq.wao
REPLACE: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll C:\Windows\system32\rpcss.dll
C:\Users\Michelle\AppData\Local\Temp\*.dll
C:\Users\Michelle\AppData\Local\Temp\*.exe
HKLM\...\Run: [NPSStartup] - [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-25&ent=hp&u=3DD5AD0D650B142358079A5331B7E4D2
SearchScopes: HKLM - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=0Dxdm175YYus&ptnrS=0Dxdm175YYus&si=CLrwk9HphrECFWQDQAod8WnKEA&ptb=D7418721-F05A-4281-8493-170CC754E152&ind=2012070701&n=77edc32d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {274daec0-c4e8-4f30-9e5c-9424990769b9} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=0Dxdm175YYus&ptnrS=0Dxdm175YYus&si=CLrwk9HphrECFWQDQAod8WnKEA&ptb=D7418721-F05A-4281-8493-170CC754E152&ind=2012070701&n=77edc32d&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-03-25&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
C:\ProgramData\Search Protection
End
3. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
4. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Here are the results
Thanks for the help
Greg
Hi,
According by logs, malware is neutralized and removed.
Now as we stayed to ComboFix mystery, we need that log. First we will re-run ComboFix using these instructions.
When CF finish his scan, re-run FRST, tick box for Addition.txt and run the scan.
Post here created CFLog and both fresh created FRST logs. In my time zone it’s too late, we will continue tomorrow, you just post the logs.
ComboFix
Instructions how to disable avast:
[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.
[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
FRST’s Re-check
Re-run FRST as you did before …
[*]Double-click to run it.
[*]Under Optional Scan ensure “Addition.txt” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]Tool shall create another log (Addition.txt). Please attach it to your reply as well.
Good Nite
here are the results
Greg
bump
Hi Makdaddy,
Logs are good. They don’t show active malware. I will remove used toos:
• The following will implement some post-cleanup procedures:
It is necessary to uninstall ComboFix :
[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
[list]
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Warning ! !
Multiple Antivirus Programs
You are running more than 1 Antivirus program!
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
Running - more than one - antivirus program is not recommended because:
[*]They can conflict with each other.
[*]Report the other antivirus software as malicious.
[*]Antivirus programs use an enormous amount of computer’s resources… actively scanning your computer.
[*]Can cause your computer to become unstable…run slowly and even, in rare cases, BSOD crash…etc
I strongly suggest you uninstall one of them. Which one, is your decision.
Thanks magna86
all is well and cleaned up
Thanks again for the help
Greg