Hi all!!!

I’m new to this… I had a problem with my old laptop and bought a new one… I strongly suspect that while installing Google Chrome I blindly accepted a download, Healthy PC(?), maybe… Anyway, after that, omiga plus appears… I uninstalled the program and also went to settings and corrected my home page and search engines but whenever restarting the pc there it is… I then used the avast browser cleaning tool that detected Skytech and removed it… But restarting produced the same results… Now I’ve decided to reach you guys… I downloaded the programs recommended, in the “Logs to assist cleaning”, and saved the logs… Using the Malwarebytes’ Anti-Malware has quarantined the threat… I have to confess that the log saved I didn’t include “additions” as suggested but after repeating the operation all was well…

I not a IT expert like you guys so I would really appreciate a very easy guide to follow… lol… I hope the info attached won’t hurt me… lol…

A big thank you for your help!!!

J7

You have a adware city in there…
your Malwarebytes does not say if you did take any action…

selecting all PUP. http://blog.malwarebytes.org/news/2013/09/selecting-all-pups/

Could you let me know if this stops the popups

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [591776 2014-06-12] (Fuyu LIMITED) 2014-07-10 10:47 - 2014-07-10 10:47 - 00001251 _____ () C:\Users\JACK2K7\Desktop\Download App.lnk 2014-07-10 10:47 - 2014-07-10 10:47 - 00000000 ____D () C:\Users\JACK2K7\AppData\Roaming\Systweak 2014-07-10 10:47 - 2014-07-10 10:47 - 00000000 ____D () C:\Users\JACK2K7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download App 2014-07-10 10:47 - 2014-07-10 10:47 - 00000000 ____D () C:\Users\JACK2K7\AppData\Roaming\CBS Interactive 2014-07-10 10:44 - 2014-07-10 10:44 - 30133624 _____ (CBS Interactive) C:\Users\JACK2K7\Downloads\DownloadApp_1_7_0_190_Setup.exe 2014-06-28 18:07 - 2014-06-29 00:13 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-06-28 18:07 - 2014-06-28 18:07 - 00000000 ____D () C:\Users\JACK2K7\AppData\Local\globalUpdate 2014-06-28 18:06 - 2014-07-11 20:24 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-28 18:06 - 2014-07-11 20:20 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-06-28 18:06 - 2014-06-28 18:09 - 00000000 ____D () C:\Users\JACK2K7\AppData\Roaming\SupTab 2014-06-28 18:06 - 2014-06-28 18:06 - 00000000 ____D () C:\Users\JACK2K7\Documents\PC Health Kit 2014-06-28 18:06 - 2014-06-28 18:06 - 00000000 ____D () C:\ProgramData\WindowsProtectManger 2014-06-28 17:50 - 2014-07-10 10:08 - 00000451 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2014-06-28 17:09 - 2014-07-10 10:25 - 00000000 ____D () C:\ProgramData\softthinks 2014-06-28 17:09 - 2014-06-28 17:09 - 00000000 ____D () C:\Users\JACK2K7\AppData\Local\softthinks 2014-06-28 17:07 - 2014-07-02 15:20 - 00003462 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask 2014-06-28 17:07 - 2014-06-28 17:07 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-06-28 17:07 - 2014-06-28 17:07 - 00003204 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest CMD: DEL %TEMP%\*.* /F /S /Q CMD: RD /S /Q %TEMP% REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Hi Pondus!!!

Thanks for the reply!!!

I’ve deleted the PUP’s thought the free version makes you do it one by one… I did a new scan and the log is attached… I’m currently doing a custom total scan which will take time… I’ll post the results… essexboy also replied but I want to see what happens here first… I did the fixlist.txt file but not sure about: “Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that”

The FRST.exe is in the Downloads Folder… Do I attach to that folder or include in the FRst. txt??? Not sure what to do… Afraid of doing damage to a new laptop… Also confused with “Run FRST and press Fix”… Do I run the program and something shows up to select fix… I’ll also ask him…

A big thank you for the support!!!

J7

Hi essexboy!!!

Thanks for the reply!!!

As you can see I’ve also replied to Pondus.

I did the fixlist.txt file but not sure about: “Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that”

The FRST.exe is in the Downloads Folder… Do I attach to that folder or include in the FRst. txt??? Not sure what to do… Afraid of doing damage to a new laptop… Also confused with “Run FRST and press Fix”… Do I run the program and something shows up to select fix…

Thank you for your help!!!

J7

Save the fixlist.txt to the downloads folder and then run FRST from there

Hi essexboy.

Sorry for the delay but I do shift work, so I’ve had little time on the pc…

I’ve run a total custom scan a couple of times and only 1 file persists… Do I still run the fixlist or do you think that now another option is preferable? If I run the fix what exactly will it do?

Thanks again for the help!!!

J7

Adwcleaner if run should remove that last element … Have you run it yet ?

Hi essexboy,

I did download and run Adwcleaner. I then did a new full custom scan and totally clean!!!

Thank you so very much for your time and help!!!

J7

In that case methinks I will send you on your merry way

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe

Essexboy,

I ran Delfix, uninstalled Java and downloaded Cryptoprevent!!! Already had Malwarebytes which I downloaded before from the forum to help clean the system.

Thanks again!!! ;D

J7

My pleasure

hi
i´ve got SKYTECH and i can´t get rid of it. Could you help me please?

Please start your own topic: https://forum.avast.com/index.php?action=post;board=4.0