Damn son of a *. I load a site and it comes up with this… I’ll click on New Topic and loads about 5 different pages. I had a Avast! Pop=Up asking to do a survey, I clicked on it. What do I know??? More Adw… Why must this be here, worst day ever to have it. I’ll attach the logs when they’re done.
Also, If it isn’t to much of a pain. Can you guys also get rid of BoxOff in my Google Chrome? It’s an extension… THanks!
Please download zoek.zip (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Zoek log attached
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
giacfgjdclhnmkacnfbaljbmpnelflol;chr
C:\Program Files (x86)\iVIDI.org plugin;fs
kpdhgpkkloealnjnmepfhanpcleldbef;chr
C:\Program Files (x86)\Unitech LLC\ividi\1.8.23.0;fs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs];r
"Tabs"="http://www.google.com/";r
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs];r
"Tabs"="http://www.google.com/";r
{0633EE93-D776-472f-A0FF-E1416B8B2E3A};c
emptyalltemp;
autoclean;
emptyclsid;
emptyrecycle.bin;
ipconfig /flushdns >> %temp%\log.txt;b
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Zoek attached
Rerun zoek:
hosts;ff
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs];r
"Tabs"="http//www.google.com";r
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http//www.google.com";r
giacfgjdclhnmkacnfbaljbmpnelflol;chr
kpdhgpkkloealnjnmepfhanpcleldbef;chr
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
emptyalltemp;
autoclean;
zoek is attached
COMODO Internet Security firewall or antivirus?
What is the situation now?
Should just be the Firewall. I know about not running 2 AV’s at the same time. Although it does have the HIPS protection. Regardless I haven’t noticed anything and Avast nor Comodo says anything. I’ve run scans with both active.
As for the Adware. Gone. No pop-ups from avast. Do you know how I got it? Or was it Ividi?
AddLyrics is a web browser extension that installs as a browser helper object within Internet Explorer that will modify the user's web browser home page and search settings. The software will also bundle additional third party ad-support apsp that may include: DealPly, International Web Services LLC, SuperFish, Futureads.
google an you find lots of info
Please download DelFix by “Xplode” to your Desktop.
Run the tool and check the following boxes below;
[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
I don’t need DelFix log report.
Done
Greeting!
By the way. If I didn’t say this before. Thank-you argus.
still infected… Skype just got blocked. Adware-AZL. Will post OTL shortly
I can’t move the file. It’s says it’s open in Skype
Please download zoek.zip (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
uninstall-list;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Zoek log attached
Rerun zoek
iVIDI Plugin 1.3;u
Unitech LLC toolbar;u
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iVIDI Plugin];r
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ividi];r
emptyalltemp;
autoclean;
New log attached. I thought we ditch iVIDI?