Need help with persistant virus - arabyonline?

Viruses and worms
1

Hi

I’m having problems helping my daughter to rid her laptop of a virus?

It all started with a click and redirecting to a website called arabyonline.

It seems to ‘hijack’ your homepage and overwrite your default settings and opens arabyonline.

I’ve tried resolving the issue myself numerous times and at first appear to have been fixed only to find a recurrence of the problem a few days later.

I have attached the files requested as specified in the sticky post above.

Many thanks for any assistance received.

Morty

2

last attachment uploaded now

3

Download AdwCleaner. http://www.bleepingcomputer.com/download/adwcleaner/
run it…click clean…attach log

removal team is notified and will check for leftovers when they arrive…it may take some hours before they are online

4

Nope I am here now :slight_smile:

You will need to reset chrome to defaults https://support.google.com/chrome/answer/3296214?hl=en-GB

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM-x32\...\Run: [Internet Helper Anti-phishing] => C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe [235072 2013-05-14] (Internet Helper) FF DefaultSearchEngine: VenteeRo FF SearchEngineOrder.1: VenteeRo FF SelectedSearchEngine: VenteeRo FF Plugin HKCU: iMeshPlugin - C:\Program Files (x86)\iMesh Applications\iMesh\npiMeshPlugin.dll No File FF user.js: detected! => C:\Users\Charis\AppData\Roaming\Mozilla\Firefox\Profiles\kvq6k1f7.default\user.js FF SearchPlugin: C:\Users\Charis\AppData\Roaming\Mozilla\Firefox\Profiles\kvq6k1f7.default\searchplugins\VenteeRo.xml FF Extension: prx24@fastprx.com - C:\Users\Charis\AppData\Roaming\Mozilla\Firefox\Profiles\kvq6k1f7.default\Extensions\prx24@fastprx.com [2014-06-05] CHR Extension: (Fast-Proxy24) - C:\Users\Charis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnepfjkncmgjgiijmopmfmkgkkoojbio [2014-06-05] CHR Extension: (happy Safe ads) - C:\Users\Charis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokfohdgeemdakkfigjlmpmokocicbma [2014-06-05] CHR Extension: (No Name) - C:\Users\Charis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpkmglckhbdidleclfamceeflhllakne [2014-04-21] CHR Extension: (Save! net) - C:\Users\Charis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnoloemfeodkfhjomckknfdidglfhaja [2014-04-21] CHR Extension: (Allin1Convert) - C:\Users\Charis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkanglmmnniiolknlhaajllgmlgcdkj [2014-02-07] CHR HKLM-x32\...\Chrome\Extension: [aaaaihhnfnbnpbhpagnmoplpcjbediml] - C:\Users\Charis\AppData\Local\imeshmusicboxtoolbarha\GC\toolbar.crx [2013-03-11] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-07-16 15:32 - 2013-07-07 17:47 - 00000000 ____D () C:\ProgramData\Internet Helper Anti-phishing 2014-07-16 15:32 - 2011-09-04 20:48 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-07-16 15:32 - 2011-09-04 20:48 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-07-16 15:31 - 2014-04-26 19:48 - 00000000 ____D () C:\Users\Charis\AppData\Roaming\VolIE Task: {0D3B32E3-793E-4DBF-9D94-4C74434D1669} - \EPUpdater No Task File <==== ATTENTION Task: {216973C6-834C-4754-BA07-8290AB7D9DC9} - System32\Tasks\4CEFD9B73D6C-1CRMOI2 => C:\Users\Charis\AppData\Roaming\ARHome\Updater.exe [2014-02-08] () Task: {BA899281-CB4E-4242-A233-D90B3C0129CE} - System32\Tasks\5FOFD9B73D6C-2CRMOI6 => C:\Users\Charis\AppData\Roaming\ARHome\Updater.exe [2014-02-08] () CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

5

Before Essexboys reply above I had just downloaded adwcleaner and ran it as suggested by Pondus. The log is attached.

Should I still continue with Essexboys suggestions or does the suggested actions need to change since I have now downloaded and run adwcleaner?

6

Yes please the order of running is not material … But you will need to reset chrome

7

Im a little confused…

Essexboy, are your instructions to reset Chrome? Or do I reset Chrome first then perform the ‘copy / paste’ of the text etc…

The reason I ask is I no longer have Chrome installed on this laptop …it was deleted months ago when I had these problems.

8

In that case once the fix has run I will delete the chrome remnants for you :slight_smile:

9

Fix log attached…I will now run adwcleaner again

10

Adwcleaner.txt file now attached …

11

This will now remove the remnants of Chrome

Once done could you let me know what problems you are experiencing

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

C:\Program Files (x86)\Google C:\Users\Charis\AppData\Local\Google REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

12

2nd fixlog now attached!

My daughter is sat here next to me and she (well both of us) are getting excited that she may get her laptop back in full working condition! “Is it fixed yet, is it, is it”? :slight_smile:

Anything else that needs to be run, now?

No problems encounter as of yet…but I’m assuming you meant after it has been used for sometime?

13

Well the proof of the pudding is in the eating… :slight_smile:

Take it for a test run doing your normal things and let me know of any problems you may be experiencing

14

Thank you so so much Essexboy…if you were here in person I would be giving you a huge hug / beer / homebaked cakes! :smiley:

Thank you so much for your time in helping me with this virus that was plaguing me in my day and in my sleep. Wish I had found this website earlier, to think that this laptop was sat unused for the best part of two months because of the annoying virus. Its so nice to get this laptop back up and running smoothly.

An immediate clear change is that we longer get an Avast popup warning when a new tab is opened.

I will officially hand over the laptop to my daughter now and let her perform her normal laptop activities as test run.

Thank you so much :smiley: :thumbs up:

15

Once you are happy let me know and I will tidy up my rubbish :slight_smile:

16

Hi
I am From Dubai and I am facing exactly the same issue right now.
please help me to fix this.
thanx in advance…

17

how to recive help instructions https://forum.avast.com/index.php?topic=53253.0