system
April 16, 2013, 4:51am
1
Hi All,
Ive been having trouble getting rid of this pesky virus that is apparently worse then I realised called “portaldosites” which apparently works as a re-directory among other things. And After reading various articles and I have tried do do a few different solutions but with no success, So any successful help would be appreciated!
Thank You.
hey and welcome to the forum.
plaese follow this guide and attach your logs.
a malware epert will help you from there.
http://forum.avast.com/index.php?topic=53253.0
Pondus
April 16, 2013, 5:42am
3
i guess you mean portaldosites.com search?
if so you have a browser hijacker, and the first program (AdwCleaner) in the guide Mikaelrask gave you should kill it
after you have run it, run the next program (Malwarebytes) also
post the logs here and tell us how it did go…
if still problems, continue with OTL and attach that log, then a removal expert will remove it for you later today
system
April 16, 2013, 6:19am
4
Hi guys,
A complete success, and yes I meant portaldosites…com
And I was so glad to read an easy solution.
Thank you.
Pondus
April 16, 2013, 6:33am
5
Your welcome
you may post the logs here…
system
April 17, 2013, 6:30pm
6
malavida.com is pushing this browser hijacker. Got a few PCs with this nuisance. Malavida is a rather popular download site. Some AVs (won’t mention names) block this site which makes me think about different standards because they certainly do not block cnet which is clearly doing the same thing.
As for portaldosites, I noticed that the key point of complete removal failure is that people forget or do not know that hey also have to fix web browser’s shortcut, see this: http://deletemalware.blogspot.com/2013/04/remove-portaldosites-removal.html
Thankfully, bleeping computer offers this small utility called Shortcut Cleaner http://www.bleepingcomputer.com/download/shortcut-cleaner/
Tested, works fine and saves time So, anyone who can’t remove portaldosites after reseting web browser or removing it manually, use Shortcut Cleaner.
Cheers!
system
April 20, 2013, 8:58pm
7
I got the same problem and can’t seem to fix it. Can anyone help me please?
Could you post the OTL log if this small programmes fails to fix it
Please download to your desktop Short cut cleaner
Then run.
https://dl.dropbox.com/u/73555776/sc%20cleaner.JPG
When the Shortcut Cleaner has finished scanning your hard drive it will create a log file on your desktop called sc-cleaner.txt and then display it.
Please post that log
Follow essexboy’s instructions to the dot.
Also consider this additional info: http://deletemalware.blogspot.nl/2013/04/remove-portaldosites-removal.html (posted by Admin there)
polonus
system
April 21, 2013, 4:56am
10
The OTL file and the sc cleaner log attached. Really appreciate the help.
Try this and let me know the result
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE - HKU\S-1-5-21-1283327323-3804356362-3578856155-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE - HKU\S-1-5-21-1283327323-3804356362-3578856155-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
FF - prefs.js..browser.search.order.1: "portaldosites"
FF - prefs.js..browser.search.selectedEngine: "portaldosites"
FF - prefs.js..browser.startup.homepage: "http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985"
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
system
April 21, 2013, 12:51pm
12
Please find attached the log. There was an extra one this time (2 logs).
Could you confirm it has now gone ?
system
April 21, 2013, 2:50pm
14
I reinstalled chrome, and internet explorer, so the home page is normal now. Is there any other way of checking if the virus is there or not?
The elements I removed should have been the last, but as you reinstalled then no there should be nothing left