Start.qone8.com

Viruses and worms
1

Al descargar Java versión 7 recomendado por ustedes y redirigido desde su página web, se ha instalado un programa espía que Avast no detecta el qone.com, o bien – start.qone8.com – que suplanta el navegador (todos) y la página de inicio que se cambia a start.qone.com en mi caso, pero hay otros nombres circulando. Lo he desinstalado desde panel de control, eliminar programas, pero es imposible.
Ayuda por favor. Gracias.

2

Hello,

please post in english here if possible.

Follow this guide and attach the logs: http://forum.avast.com/index.php?topic=53253.0

When done malware removers will be notified and will help you to clean this up.

3

By installing java version 7 recommended from Avast. has downloaded a spyware program that supplants and replaces all browsers start page for start.qone8.com, looking so much like Google.com.

I tried manually desintalarlo but impossible. I have removed from elimination programs control panel, and is no longer, but still works to open any browser

4

Actually there is malware on this site: http://www.avgthreatlabs.com/website-safety-reports/domain/qone8.com/
Blacklisted on Sucuri: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fstart.qone8.com
So this is malware.

Please follow the instructions above and a malware remover will help you to clean this up.

5

Yes, this is invasive , this is malawere. :frowning: The solution is paying, and I am paying for Avast.

6

The solution is not paying.

NO Antivirus provides 100% protection. Not even Kaspersky or Bitdefender.

Malware removers will help you to get rid of this, for free. When logs are attached.

7

I can remove it for you … Where did you get the update ?

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropboxusercontent.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[]Select LOP and Purity
[]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir “%systemdrive%*” /S /A:L /C
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Attach both logs

8

http://malwarefixes.com/remove-start-qone8-com-redirect/

9

Please follow the steps from Essexboy, he knows what he is doing.

10

That link is using a sledgehammer to crack a nut and will probably not work

11

okay, thanks :slight_smile:

12

[i] have the same problem that AlbertoGilbert got.
I have done everything that essexboy suggested (run otl.exe etc.)
I am supposed to attach here the contents of the otl.txt and the extras.txt or what else?
thanks for your help

[/i]

13

@woland58 if you start your own thread I will pick you up there

14

Well, I ran the program OTL by old version and I have the report notes blok. Now what do I do?

15

Well, I ran the “OTL by old version” and I have the report in notepad. Now what do I do?

16

Could you attach the report please

17

“OTL by old version” and I have the report in notepad.

18

On completion of this let me know if it has gone

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=133&systemid=2&apn_uid=4555234650224002&apn_dtid=IME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=133&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&apn_uid=4555234650224002&o=APN10641&q="
FF - prefs.js..browser.search.order.1: "Search Results"
[2013/07/24 17:21:18 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\Alberto\AppData\Roaming\mozilla\firefox\profiles\dj1h1zez.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
[2012/04/07 16:58:54 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/10/13 22:57:33 | 000,000,664 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qone8.xml
[2013/05/26 18:09:03 | 000,002,646 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-1571150509-1092675849-722137386-1000..\Run: [iLivid] C:\Users\Alberto\AppData\Local\iLivid\iLivid.exe (Bandoo Media Inc.)
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
[2013/10/23 23:38:17 | 000,000,000 | ---D | C] -- C:\Users\Alberto\AppData\Local\iLivid
[2013/10/13 22:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/10/13 22:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013/10/13 22:57:31 | 000,000,000 | ---D | C] -- C:\Users\Alberto\AppData\Local\Lollipop
[2013/10/23 23:40:47 | 000,001,052 | ---- | M] () -- C:\Users\Alberto\Desktop\iLivid.lnk
[2013/10/23 23:40:47 | 000,001,060 | ---- | C] () -- C:\Users\Alberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2013/10/23 23:40:47 | 000,001,052 | ---- | C] () -- C:\Users\Alberto\Desktop\iLivid.lnk

:Files
C:\PROGRA~2\IMESHA~1\MediaBar

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]post the contents of JRT.txt into your next message.

19

Still appears: start.qone8.com

I post the contents

20

And the JRT