Reading the descriptions in these forums it appears I have picked up an idle crawler, Avast is constantly blocking my IE attempting to go to a whole list of sites in the background. The sites I have noted include go.wvydeo.com, xmlka.com, crazy.wleaderswest.stalowa-wola.pl, 199.115.116.237, and 162.144.88.48/indexron.html.
None of my go-to bag of tricks seems capable of ridding me of this program and the delays and lagging it is causing is making my laptop unusable. Any help is appreciated.
I am off for bed in a bit and I will check these forums in the morning. Thank you in advance for any help.
I did as you instructed. The new logs are attached.
Avast now reports blocked attempts by a process called C:\windows\SysWow64\svchost.exe to go to 5.45.73.129/aa and /ledoborota.com/aa/ (it looks like only those two sites).
Here is the Fixlog.txt file from running FRST with the fixlist file. I wasn’t sure if you wanted that, too. It appears to have removed everything listed.
Could you manually delete this folder as my tools cannot handle the coding C:\Users\ExploreTheRanch\AppData\Roaming\麽鎒駓覜
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKU\S-1-5-21-603739272-268466164-1662215265-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
BHO: No Name -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> No File
BHO: No Name -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> No File
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: No Name -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> No File
BHO-x32: No Name -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - No Name - {4F524A2D-5354-2D53-5045-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {4F524A2D-5354-2D53-5045-7A786E7484D7} - No File
2014-10-22 12:59 - 2014-10-22 12:59 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-22 10:31 - 2014-10-22 10:31 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-10-22 10:31 - 2014-10-22 10:31 - 00000944 ____H () C:\ProgramData\@system2.att
CustomCLSID: HKU\S-1-5-21-603739272-268466164-1662215265-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
i didn’t delete any folders. Which one was I supposed to remove? I noticed that your tool removed some registry entries. I will restart the PC and see if the problem is gone, will let you know.
Also I’m reattaching the fixlog.txt file, apparently it wasn’t done before I attached the file here.
FRST64 seems to be stuck in a loop that says “fixing, please wait…” I had to manually end the process.
Idle Crawler is not a virus, neither a PUP. It is a very sophisticated marketing tool for SEO. Idle Crawler is installed in your computer because it came with a fellow program which the agreement clearly have mentioned. However to improve Idle Crawler for those who are in need of it, we are looking forward to hear your complaints and compliments to make Idle Crawler a better program
Regardless, there are people who hate Idle crawler. You mention it’s not a PUP.
BY the definition of the name “Potentially UNWANTED Program”. it is a PUP, because it’s installed with other programs. I agree, IC isn’t a virus as it doesn’t self replicate.
Idle crawler does get installed with other programs when the user himself accepts the agreement to install Idle Crawler along with other program. However Idle Crawler has been useful and shows the potential of a great marketing tool, therefore it is not fair to treat it as a PUP by the users who don’t use it. Our point is to listen to people and make idle crawler a better place through compliments and complaints.
Well, right now. The people here, do not care for Idle Crawler.
It can as useful as food, or as poop. Doesn’t make a difference.
You of all people should know (As a marketer), very few actually read the EULA. Is there ANY option at all to have a “Don’t Install Idle Crawler” button?
Can you post me an active download of a program with Idle Crawler so I may check it out?
Edit: Why would a google search, show all Idle results as either, PUP, Adware or a threat?