I have the exact same problem,
I get spammed to death by:
URL hxxps://codegv.ru
Infection URL:Mal
I have the exact same problem,
I get spammed to death by:
URL hxxps://codegv.ru
Infection URL:Mal
Check your extensions in the Google Chrome browser for you might have installed a malicious extension.
Read here:
http://security.stackexchange.com/questions/65097/sophos-virus-protection-continuously-blocking-codegv-ru
AS Magic Player 1.0.0 imay be t the culprit of it!
polonus
Hi,
I will slowly so you will not get immediate result. I am sure you will have a smile on your face when I declare you A-Okay. Bear with me please.
Step #1 P2P Warning
**IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
[li]BitTorrent
- StreamTorrent 1.0
I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.
- [url=http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt128.shtm][b]P2P File-Sharing: Evaluate the Risks[/b][/url]
- [url=http://www.cuhk.edu.hk/itsc/about/p2p-risk.html][b]ITSC: Risks in Peer-to-peer File Sharing[/b][/url]
Note: Even if you are using a “safe” P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.
My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.[/li]
[list][li]Ace Stream Media 2.1.7[/list][/li]
Step #3 Fix with AdwCleaner
[li]Download [b]AdwCleaner[/b] by [i][b]Xplode[/b][/i] to your [i]Desktop[/i] from the following link.
[list]
[li]Download Link #1
- Download Link #2
[/li]
- Right-click on AdwCleaner.exe and choose Run as administrator;
- Click on Scan and let the program run unhindered;
- When done, click on Clean and allow the system to reboot after it is done;
- A log will be opened automatically after the restart;
- Attach the log in your reply.
[/list][/li]
Step #4 Fix with Junkware Removal Tool
Download Junkware Removal Tool by thisisu to your Desktop from the link below.
Download Link 1
Download Link 2
[li]Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself [url=http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/]this[/url] article;
- Run the program either by double-clicking(Windows XP) or Right-clicking and choosing [i]Run as administrator[/i](Windows Vista and above);
- Please be patient as the tool cleans your system;
- After completion of the process a log named [b]JRT.txt[/b] will automatically open and is save to your Desktop;
- Attach the log in your next reply.
[/li]
Re-run FRST and check all its boxes. Then click Scan. Post the logs when done.
Required Log(s):
[li]AdwCleaner Log
- Junkware Removal Tool Log
- Farbar Tool Logs--
- [list]
[li]FRST.txt
- Addition.txt
[/li]
[/list][/li]
Regards,
Valinorum
I had the same codegv.ru issue. followed Valinorum’s directions and it worked mostly… however, it did so after several attempts… what i did differently was… i first uninstalled Acestream then ran both adware removal and junk removal as prescribed… the malware was still there after restart. so i ran ccleaner and ccleaners’ reg cleaner, then re-ran both adware and junkware removal, it was still there at restart, then ran both again simultaneously … this time i did not let it reboot… instead, after the junkware removal tool was finished, i re-started avast and did a browser cleanup through avast… at analysys, avast reported that the Speedbit extension and another extension (both on chrome) had low reputations and i removed them. Re-started the computer and now its clean!
thank you, Valinorum, for your help!!
In future, try not to follow advices given to other people as you may end up with an unbootable PC should there be a different type of malware in your system. Just because the symptoms are the same do not mean the malware is. Good day!
INTERESTING!!!
I KILLED the Chrome extension “AS Magic Player 1.0” on Chrome…
…THEN, OUT OF NOWHERE, it came back!!
Troubling!
So I removed it AGAIN!
I removed all my P2P stuff, Valinorum, and I got rid of AceStream Player yesterday. Gonna do steps three and four now - I will let you know how it goes after the final re-boot!
adwCleaner report log below -
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\save nett
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\AppDataLow{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE{5F189DF5-2D05-472B-9091-84D9848AE48B}
***** [ Browsers ] *****
-\ Internet Explorer v11.0.9600.17280
-\ Google Chrome v37.0.2062.124
[ File : C:\Users\CPN\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://startsear.ch/?aff=1&src=sp&cf=6c8ebcfb-c7f8-11de-85c4-e8652fa017bb&q={searchTerms}
Deleted [Search Provider] : hxxp://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4
AdwCleaner[R0].txt - [3105 octets] - [28/04/2014 11:52:35]
AdwCleaner[R1].txt - [1236 octets] - [02/10/2014 20:43:59]
AdwCleaner[S0].txt - [3220 octets] - [28/04/2014 11:54:57]
AdwCleaner[S1].txt - [1515 octets] - [02/10/2014 20:49:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1575 octets] ##########
…annnnnnd, the Junkware Removal Tool scan:
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.6 (10.02.2014:1)
OS: Windows 7 Home Premium x86
Ran by CPN on Thu 10/02/2014 at 20:58:02.24
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
Scan was completed on Thu 10/02/2014 at 20:59:45.03
End of JRT log
It APPEARS to be gone!!
Great work, Valinorum!
ANY GUESS as to what exactly that attack was??
You’re correct - I AM smiling now!
Thanks again SOOOOOOOO MUCH to everybody on this thread!!!
Good news. How is your internet? If it is good, I will ask for an online scan. If not, give me a FRST scan. To do the latter, re-run FRST.exe and click on Scan and post the log when done.
It appears to be running quickly - we can do an online scan! HOW do we do that??
Step #5 ESET Online Scanner
Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
[li]Download [b]esetsmartinstaller_enu.exe[/b] by clicking [url=http://download.eset.com/special/eos/esetsmartinstaller_enu.exe][b]here[/b][/url].
- Right-click on the program and choose [i]Run as administrator[/i].
- Accept their terms and condition and proceed.
- Install [b]Add-On/Active X[/b] if prompted.
- From the [b]Computer Scan Setting[/b] --
[list]
[li]Enable detection of potentially unwanted application
[/li]
- Click on Advanced Setting–
[li]Uncheck the following box --
- [list]
[li][b]Remove Found Threats[/b]
[/li]
[/list]
- Check the following boxes --
- [list]
[li][b]Scan archives[/b];
- [b]Scan for potentially unsafe applications[/b]
- [b]Enable Anti-Stealth Technology[/b]
[/li]
[/list][/li]
- Click on [b]Start[/b] and wait for the [b]virus signature database[/b] to update.
- The online scan will begin [i]automatically[/i] and can take several hours.
[li][b]Note:[/b] Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
[/li]
- After the Scan finishes --
-
[li][b]If no threats were found:[/b]
[list]
[li]Put a checkmark in Uninstall application on close.
- Close the program and report that nothing was found
[/li]
- If threats were found:
[li]Open the file located in [b]C:\Program Files\ESET\ESET Online Scanner\log.txt[/b] (32-bit) or [b]C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt[/b] (64-bit).
- Attach the log file in your next reply.
[/li]
[/list][/li]
[/list][b]Note:[/b] Enable your security programs afterwards.[/li]
Required Log(s):
[li]ESET Scan Log
[/li]
Regards,
Valinorum
Hey!
I have the same problem with codegv.ru malware.
I have done the steps according to valinorum and it doesn’t seem to disappear… Any suggestions?
Must have accidentally erased adw-cleaner’s log… but i have JRT:
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.7 (10.03.2014:1)
OS: Windows 8.1 Pro x64
Ran by Tim on 2014-10-03 at 13:10:12,80
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
Scan was completed on 2014-10-03 at 13:14:54,12
End of JRT log
Regards Tim
If you disable and remove the MS Player extension (associated with Ace Stream) from Firefox and/or Chrome it solves the problem. It is an infection that you get when you instal Ace Stream! I was running virus scans and digging in forums translating from Russian for 10 hours before I found the answer
JRT file
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by andys laptop on 23/10/2014 at 7:34:01.79
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3072253
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3072253
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\andys laptop\appdata\locallow\conduit"
~~~ Event Viewer Logs were cleared
Scan was completed on 23/10/2014 at 7:51:13.52
End of JRT log
how do i do a FRST scan?
Please start your own topic and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0
Is there any way to lock the solved topics?
Unfortunately not.
I do think the administrators should consider a discussion regarding this. A general forum regarding malware issue discussion and a child-forum dedicated to Malware Removal assistance with proper moderation should suffice.
Hi there,
I’m having the same issue with codegv.ru malware.
I’ve done all steps from 2 to 4. I’m sending the logs in attachement.
For now it seems to be solved!
Thanks for your tips