I wanted to watch a sport event in streaming and, in the hurry, I mistakenly downloaded something which set my homepage to dosearches.com. I eliminated everything related to dosearches.com I found in my XP control panel and in the extensions of Google Chrome. But that was not sufficient! By the way, dosearches is now my homepage with every browser!
Apparently Avast did not protect me from that malware, although an year ago I had bought the full version which, if I correctly recall, was supposed to cover everything…that is when I canceled my contract with StopZilla…
I downloaded and run AdwCleaner. I attach the log (I could not include it into the email due to its length). Can someone give me a hand?
Shall I also run Malwarebytes Anti-Malware?
run AdwCleaner again…and this time click clean
then run Malwarebytes quick scan…if anything is detected make sure it is marked for removal and click remove selected
then run OTL so malware experts can check for any leftovers that need removal
You are right, I had not pressed Clean in Adwcleaner!
I attached the new logs (the Malwarebytes is in Italian, sorry…no infections detected though).
Now everything seems to work fine. Google does not start any longer on dosearches.com!
Great!
Posted logs are clean. They are don’t show active malware. Nevertheless, while you are here I would like to run ComboFix and to see CF’s logreport.
CF shall also preform some additional malware checks, cleaning temp, cache…etc.
Please download ComboFix by sUBsfrom here and save it to your Desktop. If you are unsure how ComboFix works please read this guide carefully. note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program. If you are unsure how to do this please read this or this Instruction.
Instructions how to disable avast:
[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]=> Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn on this option after the cleaning.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
today I restarted my laptop, put the Microsoft XP password in, could see the desktop wallpaper but no icons at all. The screen was kind of frozen: nothing was happening while clicking the right button of the mouse for instance. The only thing that seemed to work was pressing Alt+Ctrl+Del. I restarted the pc 2-3 times. I pressed the ThinkAdvantage button (I have a Lenovo ThinkPad), thought a while about what to try and then restarted again. Upon restarting I pressed F8 but, probably my failure, I went through the standard reboot anyhow. Icons re-appeared and everything seems to work fine. One thing that I noticed is that Avast was not loaded up…
I really did not get what the problem was…can it be related to the cleaning procedures of yesterday?
Other thing, Microsoft Update decided to download 7 new updates. I thought Microsoft were not supplying any upgrade anymore for XP…
After all this, I shut my Avast Internet Security again and ran the test you asked me for.
Please find the log attached.
Thanks as always for any precious suggestion. If you have any about what happened while rebooting, it is more than welcome. I am going to restart my pc again to install the updates. Hope to see you again
Me again…
This time the computer properly turned on, although very very slowly. I am asked again to install Windows Updates (???) and Avast Internet Security needs to be launched manually. Instead the trial version of Malwarebytes comes on automatically…How can I restore Avast as the “default” antivirus?
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
Please re-run ComboFix by double click and post me fresh created ComboFix.txt logreprot.
A couple of questions: how can I have Avast automatically running when I boot the computer? Right now I have to launch the program manually everytime. Is it safe to make online payments with credit cards with the current status of my computer?
A couple of questions: how can I have Avast automatically running when I boot the computer? Right now I have to launch the program manually everytime. Is it safe to make online payments with credit cards with the current status of my computer?
Avast shall/need run in the background. All you need to do is to enable its protection. Only while running ComboFix we recommend disabling avast.
Although avast & ComboFix is well know each other, it’s for to prevention purposes.
In logs I don’t see no Spaware or some other malware that steals personal data. I’ve sow some adware which work is to change browser the home page.
Adware is generally not dangerous and there are light for removal. The problem is that they leave many tails behind the registry and files in system which is more difficult to catch because they are constantly changing value or file/folder location or names. Yes, They are playing cat and mouse with the AV companies…
In other words, when I’m done with you, rest assured that you shall be malware free.
Posted ComboFix log looks clean. For re-check, please post me fresh OTL.txt logreprot.
Just run OTL and press QuickScan button adn attach here fresh created OTL.txt.
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt) Note: The report will also be stored on C:\DelFix.txt
I don’t need DelFix log report.
AND…
I recommend you to keep Malwarebytes and to use MCShield if you will.
You may download MCShield from one of the following links:
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.
I installed McShield 2 and reinstalled Malwarebytes, which I had previously uninstalled.
Shall I keep Avast Internet Security, McShield2 and Mawarebytes all working simultaneously? Or will they interfere with each other / slow down my laptop?
Shall I keep Avast Internet Security, McShield2 and Mawarebytes all working simultaneously? Or will they interfere with each other / slow down my laptop?
No, do not worry. They shall not interfere with with each other as Malwarebytes adn MCShield, they are not AntiVirus program.
While AntiVirus program is the big boss, MBAM and MCS are AntiMalware tool, they shall assist AV as additional protections.
