system
August 31, 2014, 2:36pm
1
I keep getting the following message and Avast does not clean it up and I am getting tired of the pop ups. Tired of the long ways to get rid of it. If Avast can’t clean it than I am going to find a virus that will.
hxxp://clickered.com/cen?ag=894140d49461fae5c6c3f26ace6ffd5e-18-0&g=ZZZ&t=aa2a773
Just tired of the constant pop ups and not being able to watch movies or videos without being disturbed. I just want to get rid of it, once and for all.
Eddy
August 31, 2014, 2:38pm
2
https://forum.avast.com/index.php?topic=53253.0
ps:
Don’t blame malware removal software for not detecting/removing it.
Blame yourself for getting the infection.
Always use a restricted account for daily use.
That’s easily done, but at the moment no antivirus will detect or remove this. Any other antivirus would probably not alert you that you have it
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note : You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.
Pondus
August 31, 2014, 2:56pm
4
attach log … not copy and paste
Pondus
August 31, 2014, 3:01pm
6
there should be one more. called addition.txt … if you ticked the same selections as on the pic above
if not, wait for essexboy … he may not need it
system
August 31, 2014, 3:06pm
7
sorry missed it rescanning.
system
August 31, 2014, 3:11pm
8
Here you go, both on re-scan
OK the FRST fix will cure the alerts and AdwCleaner will clear the remainder of the rubbish
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
URLSearchHook: HKCU - (No Name) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No File
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2866295
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-search.net/search?sid=516&aid=104&itype=n&ver=12791&tm=429&src=ds&p={searchTerms}
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF SearchEngineOrder.1: default-search.net
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-08-29 10:25 - 2014-08-30 18:00 - 00000480 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-08-29 10:25 - 2014-08-29 10:25 - 00003160 _____ () C:\Windows\System32\Tasks\SparkTrust Registration3
2014-08-29 10:25 - 2014-08-29 10:25 - 00000000 ____D () C:\Users\Jeff and Judi\AppData\Roaming\SparkTrust
2014-08-29 10:25 - 2014-08-29 10:25 - 00000000 ____D () C:\Users\Jeff and Judi\AppData\Roaming\DriverCure
2014-08-29 10:24 - 2014-08-31 07:33 - 00000614 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job
2014-08-29 10:24 - 2014-08-29 11:41 - 00000661 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_20F2E8D6-2F88-11E4-8B97-485B394E5D26.job
2014-08-29 10:24 - 2014-08-29 11:41 - 00000438 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job
2014-08-29 10:24 - 2014-08-29 11:41 - 00000438 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-08-29 10:24 - 2014-08-29 10:24 - 00004118 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_20F2E8D6-2F88-11E4-8B97-485B394E5D26
2014-08-29 10:24 - 2014-08-29 10:24 - 00003264 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3
2014-08-29 10:24 - 2014-08-29 10:24 - 00002932 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce
2014-08-29 10:24 - 2014-08-29 10:24 - 00002730 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus Startup
2014-08-29 10:24 - 2014-08-29 10:24 - 00001355 _____ () C:\Users\Jeff and Judi\Desktop\SparkTrust PC Cleaner Plus.lnk
2014-08-29 10:24 - 2014-08-29 10:24 - 00000000 ____D () C:\Users\Jeff and Judi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
2014-08-29 10:23 - 2014-08-29 10:24 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-08-29 10:23 - 2014-08-29 10:23 - 00000000 ____D () C:\Program Files (x86)\SparkTrust
2014-08-29 10:22 - 2014-08-29 10:23 - 06764848 _____ (SparkTrust) C:\Users\Jeff and Judi\Downloads\SparkTrust PC Cleaner Plus Setup_d6cd7a3_.exe
2014-08-24 17:46 - 2014-08-24 17:47 - 00000000 ___DC () C:\Users\Jeff and Judi\AppData\Local\Idle~_~Crawler
2014-08-24 17:46 - 2014-08-24 17:47 - 00000000 ____D () C:\Users\Public\855AD098B0984915BF04B0B24D958F74
2014-08-24 17:46 - 2014-08-24 17:46 - 00004610 _____ () C:\Windows\System32\Tasks\Idle~_~Crawler Runner
2014-08-19 06:00 - 2014-08-19 06:01 - 00000000 ____D () C:\Users\Public\072D24E7516A4FFC9EEE0C0812DDA4BB
2014-08-09 05:04 - 2014-08-09 05:04 - 00000000 ____D () C:\Users\Public\A0E17C4EB8E4411FA4D15F6C348CA964
2014-08-08 09:43 - 2014-08-08 09:43 - 00000000 ____D () C:\Users\Public\14CACBBDA95D478EA536ECC623C528C4
2014-08-03 20:41 - 2014-08-03 20:41 - 00000000 ____D () C:\Program Files (x86)\predm
2014-08-03 20:36 - 2014-08-03 20:41 - 00000000 ____D () C:\Program Files (x86)\Linkey
2014-08-03 20:36 - 2014-08-03 20:36 - 00000000 ___DC () C:\Users\Jeff and Judi\AppData\Local\com
2014-08-03 20:34 - 2014-08-26 09:54 - 00000000 ____D () C:\Program Files\005
2014-08-03 20:34 - 2014-07-30 15:45 - 04816384 _____ () C:\Windows\score.exe
2014-08-28 20:03 - 2013-12-16 19:11 - 00000000 ____D () C:\Users\Jeff and Judi\AppData\Roaming\Systweak
2014-08-28 20:03 - 2013-09-12 15:09 - 00000000 ___DC () C:\Users\Jeff and Judi\AppData\Local\SevereWeatherAlerts
2014-08-28 20:03 - 2013-09-12 15:08 - 00000000 ____D () C:\ProgramData\Conduit
Task: {1ECFE87D-27B2-43FF-936B-F385C9AC01D0} - System32\Tasks\Idle~_~Crawler Runner => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe
Task: {23B93BEF-727B-4971-B5A0-E3C57E75234A} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTION
Task: {3104CA43-7E53-4409-884B-6A7C10C4FF94} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_20F2E8D6-2F88-11E4-8B97-485B394E5D26 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-31] (SparkTrust) <==== ATTENTION
Task: {9076CD79-E9C6-49BC-BD13-5289A08AA69B} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {EE5AE8D9-129E-48E5-AB21-6C2C29838F19} - System32\Tasks\SparkTrust PC Cleaner Plus Startup => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-31] (SparkTrust) <==== ATTENTION
Task: {F4D5253B-334E-436D-9AC3-85E8EA6CD512} - \Real Player online update program No Task File <==== ATTENTION
Task: {FF3F6227-863D-4166-A293-8C4DB6E2F6AB} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_20F2E8D6-2F88-11E4-8B97-485B394E5D26.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
C:\Users\Jeff and Judi\AppData\Local\Idle~_~Crawler\
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan .
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok .
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
system
September 1, 2014, 1:48pm
10
Thank you very much. I was going crazy. I know that Avast was probably the best. Just climbing the wall… :o
I can understand that, but as far as I am aware at the moment other AV’s would have allowed idle crawler to access the net
How is the computer now ?
system
September 2, 2014, 8:43pm
12
I am having same problem, can you help me. I have never been on site before and do not know how this works.
That’s easily done, but at the moment no antivirus will detect or remove this. Any other antivirus would probably not alert you that you have it
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note : You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.
@packeyes if you could run FRST and then create your own thread I will pick you up there