New Malware Virus!!! > portaldosites

Viruses and worms
1

Hi All,
Ive been having trouble getting rid of this pesky virus that is apparently worse then I realised called “portaldosites” which apparently works as a re-directory among other things. And After reading various articles and I have tried do do a few different solutions but with no success, So any successful help would be appreciated!

Thank You.

2

hey and welcome to the forum.

plaese follow this guide and attach your logs.

a malware epert will help you from there.

http://forum.avast.com/index.php?topic=53253.0

3

i guess you mean portaldosites.com search?

if so you have a browser hijacker, and the first program (AdwCleaner) in the guide Mikaelrask gave you should kill it
after you have run it, run the next program (Malwarebytes) also
post the logs here and tell us how it did go…

if still problems, continue with OTL and attach that log, then a removal expert will remove it for you later today

4

Hi guys,
A complete success, and yes I meant portaldosites…com
And I was so glad to read an easy solution. :slight_smile:

Thank you.

5

Your welcome :wink:

you may post the logs here…

6

malavida.com is pushing this browser hijacker. Got a few PCs with this nuisance. Malavida is a rather popular download site. Some AVs (won’t mention names) block this site which makes me think about different standards because they certainly do not block cnet which is clearly doing the same thing.

As for portaldosites, I noticed that the key point of complete removal failure is that people forget or do not know that hey also have to fix web browser’s shortcut, see this: http://deletemalware.blogspot.com/2013/04/remove-portaldosites-removal.html

Thankfully, bleeping computer offers this small utility called Shortcut Cleaner http://www.bleepingcomputer.com/download/shortcut-cleaner/

Tested, works fine and saves time :slight_smile: So, anyone who can’t remove portaldosites after reseting web browser or removing it manually, use Shortcut Cleaner.

Cheers!

7

I got the same problem and can’t seem to fix it. Can anyone help me please?

8

Could you post the OTL log if this small programmes fails to fix it

Please download to your desktop Short cut cleaner
Then run.

https://dl.dropbox.com/u/73555776/sc%20cleaner.JPG

When the Shortcut Cleaner has finished scanning your hard drive it will create a log file on your desktop called sc-cleaner.txt and then display it.
Please post that log

9

Follow essexboy’s instructions to the dot.
Also consider this additional info: http://deletemalware.blogspot.nl/2013/04/remove-portaldosites-removal.html (posted by Admin there)

polonus

10

The OTL file and the sc cleaner log attached. Really appreciate the help.

11

Try this and let me know the result

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE - HKU\S-1-5-21-1283327323-3804356362-3578856155-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE - HKU\S-1-5-21-1283327323-3804356362-3578856155-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
FF - prefs.js..browser.search.order.1: "portaldosites"
FF - prefs.js..browser.search.selectedEngine: "portaldosites"
FF - prefs.js..browser.startup.homepage: "http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985"



:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

12

Please find attached the log. There was an extra one this time (2 logs).

13

Could you confirm it has now gone ?

14

I reinstalled chrome, and internet explorer, so the home page is normal now. Is there any other way of checking if the virus is there or not?

15

The elements I removed should have been the last, but as you reinstalled then no there should be nothing left

16

Thanks a ton man!