Shopop

Hi and thanks for looking at my problem. I recently downloaded Adobe Reader XI and it came with a slew of problems (Is there any software without malware these days?). Chrome has been hijacked and MBAM originally found a cluster of malicious objects. I have a program called Shopop that I can’t uninstall because it says that parts of the program have already been uninstalled. Chrome is hijacked to a site called search.conduit.com when it opens. I have run and attached a few reports as indicated. I would appreciate any help with my issue.

Thank you!

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Follow TwinHeadedEagle’s instructions to the dot.
Afterwards you can be entertained by reading the manual removal instructions here:
http://computervirusmanualremval.blogspot.nl/2014/01/remove-shopop-in-5-minutes-how-to-get.html

polonus

For some reason it didn’t generate Addition.txt? Here’s FRST.

Can you re-run FRST and press scan, but now making sure that Addition is checked…

Absolutely. I’ve attached both now.

Thank you.

Open Control Panel and remove Shopop. Restart your PC.

=====================================================

Download attached fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

=====================================================

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

o.k. done.

How is the situation now?

chrome still has issues with the hijacking. It’s loading to search.conduit.com.

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*]Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:


createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;

[*]Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

can you check the address of the links you provided? I’m not getting a functional address.

Download from here

http://hijackthis.nl/smeenk/

here’s Zoek’s results.

Re-run zoek with this script and attach here fresh zoek log results.

emptyalltemp;
iaimhpklononapfjngelgdokckfjekfc;chr
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3DF474D5-1D41-43B5-BEA7-7E320542FD61}];r
autoclean;
emptyclsid; 
ipconfig /flushdns >> %temp%\log.txt;b

How is the situation now?

It looks good from here. Do you see any bits from your end? Thank you for your help!

jb

Logs look clean, if everything is ok, we can finish?

Cool. Thank you much! I really appreciate it. I was going to ask you also, where I would start looking if I wanted to learn more about some of these utilities and log interpretation? I really am interested in being able to interpret and fix some of these issues. This is the second time I have had a serious problem with unwanted programs and they are becoming a nuisance quickly. I made a basic mistake this time when I downloaded from what I thought was the adobe site and it actually was not. LOL.

There are forums that provide malware removal course, you can look at this link

We’re done, just to remove used tools:

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.