Bonjour,
Depuis quelques jours et un malencontreux téléchargement d’outil gratuit, je suis confrontée à des publicités intempestives et autres ouvertures de pages de navigation, provenant je pense de Roll Around ADS.
J’utilise Chrome comme navigateur, j’ai Avast (free) et j’ai téléchargé Malwarebytes (free) pour scanner mon PC.
J’ai sélectionner les Rookits et détection des malveillants. J’ai télécharger MBAM-Chameleon.
Rien n’y fait :‘( :’(
Quelqu’un peut-il m’aider ?
Merci
Bonsoir.
Je aviserai la suppression des logiciels malveillants expert
Si il vous plaît les procédures attendent.
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.
https://dl.dropboxusercontent.com/u/73555776/frst.JPG
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.
Dear Essexboy,
thanks for your help, I’m not at home until the week-end, so I’ll send you the logs probably on Saturday
No problem
Dear essexboy,
Please find attached the two logs generated by Farbar recovery Scan tool. But it seems that, currently, the malware Roll Around ADS doesn’t open news windows. I’m not sure that i will be ok in the future…
Thanks in adavnce to confirm if I’ve managed to clean it.
Have a good day (or night )
A few bits left in IE, how is the computer ?
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: GroupPolicyUsers\S-1-5-21-287877325-2058081817-3300698545-1007\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-287877325-2058081817-3300698545-1002\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-287877325-2058081817-3300698545-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-287877325-2058081817-3300698545-1002 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites03_14_34_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtDtDyCzztBzzzzyCtCzztN0D0Tzu0SzyyCtAtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0FtByDtB0F0AtAtGtD0A0DyEtGtAtAzyyCtG0EyB0BtCtGtAtBtCtD0B0B0BtCtCtCyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0E0AyD0AyC0BtCtGtBzyyByBtGyC0CzzzytG0EyB0B0AtGtAyDyB0B0D0B0AyBtDtA0DtA2Q&cr=298421567&ir= SearchScopes: HKU\S-1-5-21-287877325-2058081817-3300698545-1002 -> {9FC0A371-8478-4B06-9DE3-AE7749F3DBE2} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYFR&apn_uid=1F1AC8CC-8638-4BE5-B44D-A07FA6551D8D&apn_sauid=FB6058D1-B37C-4F01-B602-CE67B78B5A56 SearchScopes: HKU\S-1-5-21-287877325-2058081817-3300698545-1002 -> {B92A88CC-BE28-44E0-B0C4-414BEFA2EADF} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_tele_14_34_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtDtDyCzztBzzzzyCtCzztN0D0Tzu0SzyyCyDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0EtByEyCtAtCtGtC0CyD0AtGtAyDzy0DtGzz0E0BtDtGtCtCzyyCtB0CyD0FyDtA0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0E0AyD0AyC0BtCtGtBzyyByBtGyC0CzzzytG0EyB0B0AtGtAyDyB0B0D0B0AyBtDtA0DtA2Q&cr=1498915612&ir= BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File 2015-03-10 23:24 - 2015-03-10 23:24 - 00003144 _____ () C:\windows\System32\Tasks\{C4A7CACE-A006-45FA-86D0-0117D961564C} EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
Dear essexboy,
here is the log that you requested.
I’m not an expert with computer and IT :-[ so if yiou have some advices for optimizing my computer, I’m interesting 
Thanks in advance
How is the computer behaving now ?
This is the set up I have on my system and so far I have never had an unintentional infection
How to set up a reasonable and light security regime for your system. Apart from cryptoprevent all other elements are install and forget.
DOWNLOAD AND INSTALL ANTIVIRUS
Select Custom install
Remove the ticks from the first page for the following unless you want them :
https://dl.dropboxusercontent.com/u/73555776/avastchrome.JPG
Dropbox
Chrome
Chrome toolbar
Select Next
Deselect the following from the middle column as you will not need them :
https://dl.dropboxusercontent.com/u/73555776/avasttools.JPG
SecureLine
Grimefighter
Select Continue and allow the programme to install
Be aware that the first reboot may take a few minutes as Avast builds the virtual machine
Avast will need to be registered as this helps them determine the server load, as updates are downloaded in small bursts every few minutes each is about 2Kb
How to register
https://www.youtube.com/watch?v=uyVsLF6OwM0
Once registered open Avast
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP’s) "
https://dl.dropboxusercontent.com/u/73555776//pups.JPG
PROTECT AGAINST RANSOMEWARE
CryptoPrevent install this programme to lock down and prevent crypto ransome ware.
Manually update monthly
https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG
PROTECT AGAINST UNWANTED BUNDLED SOFTWARE
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
https://dl.dropboxusercontent.com/u/73555776/unchecky.JPG
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme
IF YOU USE USB DRIVES
Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
https://dl.dropbox.com/u/73555776/mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan
BACKUP AND IMAGING
It is always advisable to have a backup of your current windows set up on a seperate USB external drive
I recommend Macrium Reflect for this
I have a small tutorial here on how to use it http://www.geekstogo.com/forum/topic/345434-macrium-reflect-imaging-tool/
The restore from backup usually completes in about 20 minutes (depending on the size of your drive )
https://dl.dropboxusercontent.com/u/73555776/macrium%20reflect.JPG
Thanks for all of that.
I have already installed avast on my computer (since several years) and I update it …
I’ll chek if your setting up is the same that I made
Are you experiencing any problems now ?