Chrome web browser seems to be infected with something that sometimes opens a new tab to totaladperformance (dot) com when I click in the Chrome window. Totaladperformance then forwards on to some other site. It does not seem to require clicking on a link. I have not noticed this in Firefox and I almost never use MS Explorer. Please help. I have run Malware Bytes and Farbar and the logs are attached.
Hello
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:
createsrpoint;
autoclean;
emptyalltemp;
bitsadmin /reset /allusers;b
ipconfig /flushdns;b
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Thank you for the guidance. I have attached the zoek results.
Re-run zoek and run this script:
createsrpoint;
autoclean;
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Preferences;f
emptyalltemp;
Post its content into your next reply.
OK. I have run zoek again and the results are attached.
How is the situation now?
So far so good. It only popped up sporadically, so I will keep a look out. I will let you know if I see it again. Thank you for the help.
The following will implement some post-cleanup procedures:
Download DelFix by Xplode and save it to your desktop.
[*]Run the tool by right click on the
http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png
icon and Run as administrator option.
[*]Make sure that these ones are checked:
[]Remove disinfection tools
[]Purge system restore
[*]Reset system settings
[*]Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:[B]DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
It looks like it is not gone yet. I just had another tab pop open to totaladperformance and then forwarded the tab to iLivid downloader.
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
Fix with AdwCleaner
Please download AdwCleaner by Xplode and save the file to your desktop.
[*]Right-click on
https://sites.google.com/site/cannedfixes/adwcleaner/adwcleaner_new.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[*]Follow the prompts and click Scan.
[*]When finished, please click Clean.
[*]Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
Please include the contents of that file in your reply.
I ran adwcleaner twice. The first time I didn’t disable my antivirus. I have attached logs from both scans.
Running 3 av’s in real time is not gonna help.
https://blog.kaspersky.com/multiple-antivirus-programs-bad-idea/
Using cracked software (autokms.exe) is not helping either.
And I don’t trust that FatWallet Express
Eddy,
You are right I should not be running 3 avs in real time, and generally I didn’t think I was. I have acquired several for running scans to root out my current problem. I do see one av (virus guard by bitdefender) that I don’t remember installing so I have gone through and uninstalled all of the extra avs. That leaves me with Avast and noticeably faster startup time. Thank you for pointing out my mistake, I should know better.
I am still experiencing popups from totaladperformance, so my problem isn’t yet solved. I do appreciate the time you folks give to help out those of us with malware problems.
Eddy, I have searched the uploaded logs and my system and I don’t see a reference to autokms.exe. I did a google search that said autokms.exe is usually associated with cracked MS Office, which I don’t have. I’m using Open Office. I’m not sure where you are getting this from. Fatwallet Express is distributed on Fatwallet.com, a coupon site like retailmenot. They seem to have a good reputation and have not given me a reason to think otherwise.
Again thank you for the help
Looks like I mixed up logs from you and another person about the autokms.
Sorry for that, my mistake.
I hope you have used the tool(s) to uninstall the av’s and not just through control panel.
Please run Farbar (FRST) again and attach the new logs to your next post.
No worries about autokms. I have run FRST again and the logs are attached. I think I did use control panel to uninstall at least some of the antivirus software.
Yeah, so I am still having totaladperformance pop up every once in a while. Avast has started detecting it when the popups happen, but hasn’t yet detected the root cause of my popups during a scan.
Use the attached fixlist.txt with farbar and let us know how the system is behaving after using it.
Totaladperformance is still popping up, after using the fixlist with farbar. I await further directions. Thanks for the help.
Please run Mbam and Farbar again and attach the logs to your post.