Getmuzicas malware/adware

system · July 18, 2014, 7:47pm

To be honest i use the Eset Nod antivirus, but i read most topics and given solutions (unique for every PC) in this forums so i posted it here;

ESET Nod32 antivirus sometimes says:

Address blocked:
Getmuzicas.info

It didnt do that today but i didnt do anything to fix it so it could still be there somewhere;
I now made an FRST scan and thats the result (attached rar file)

essexboy · July 18, 2014, 8:15pm

No problem, I will clean anyone

Let me know if this fixes it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Guest 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Giulia\AppData\Local\Torch 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Giulia\AppData\Local\Comodo 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Giulia\AppData\Local\Chromatic Browser 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Franco e Luisella\AppData\Local\Torch 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Franco e Luisella\AppData\Local\Comodo 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Franco e Luisella\AppData\Local\Chromatic Browser 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\ProgramData\461f91bcf98cc3f8 2014-07-13 15:00 - 2014-07-13 15:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\14536 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Task: {0BE2B369-914B-4B3A-9F96-765A8509754E} - \YourFile DownloaderUpdate No Task File <==== ATTENTION Task: {776CFA7A-805A-46DC-83E0-61C609DA78AD} - \AmiUpdXp No Task File <==== ATTENTION Task: {855AFFDE-2B4B-47F3-B523-F7CCD42877F4} - \GoforFilesUpdate No Task File <==== ATTENTION CMD: bitsadmin /reset /allusers CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

system · July 19, 2014, 12:20pm

essexboy post:2:

No problem, I will clean anyone

Let me know if this fixes it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Guest 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Giulia\AppData\Local\Torch 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Giulia\AppData\Local\Comodo 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Giulia\AppData\Local\Chromatic Browser 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Franco e Luisella\AppData\Local\Torch 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Franco e Luisella\AppData\Local\Comodo 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Franco e Luisella\AppData\Local\Chromatic Browser 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-07-13 15:46 - 2014-07-13 15:46 - 00000000 ____D () C:\ProgramData\461f91bcf98cc3f8 2014-07-13 15:00 - 2014-07-13 15:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\14536 CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Task: {0BE2B369-914B-4B3A-9F96-765A8509754E} - \YourFile DownloaderUpdate No Task File <==== ATTENTION Task: {776CFA7A-805A-46DC-83E0-61C609DA78AD} - \AmiUpdXp No Task File <==== ATTENTION Task: {855AFFDE-2B4B-47F3-B523-F7CCD42877F4} - \GoforFilesUpdate No Task File <==== ATTENTION CMD: bitsadmin /reset /allusers CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

Done it; here’s the fixlog.txt

PS: accesso negato means acces denied and impossibile accedere mans impossible to access, utilizzato da un altro processo means used by another precess

essexboy · July 19, 2014, 12:44pm

No problem, this is the main bit though

BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{51E8E247-5FB1-4A86-B7D4-AEE357DD7F8D} canceled.
{8132C202-BD0D-45A5-ACB9-0E8B1274C94E} canceled.
{ECF6A9C5-AD17-4EA2-A92E-66D81E4BF33D} canceled.
{8EDECC24-F222-4D25-9C30-F106D803AF4A} canceled.
{D8E716F8-2763-4BCD-B925-4B141AE83509} canceled.
5 out of 5 jobs canceled.

The alerts should have ceased now, how is the computer behaving ?

system · July 19, 2014, 1:15pm

Thank you, the PC is working fine and i didnt see any antivirus alert so far (they usually appeared after 1 or 2 hours)

essexboy · July 19, 2014, 1:56pm

OK if you run as normal then let me know tomorrow if all is OK and I will then tidy up and remove my tools

Getmuzicas malware/adware

Announcements