So recentally I’ve been struggling to remove the malware BroServices 4.0. Not sure how it gets onto my tablet, but this is the second time the first being resolved via factory resetting it. I was wondering if anyone knows of it as I keep getting it somehow and I’m annoyed.
The problem it causes is that I loads a small add usually for kindle on my chrome browser in the corner.
I’ve uninstalled it but it force installs after a reboot and slips right by Avast and several other scanners.
So this is a helpme/look out for this app.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
If you have bookmarks, let’s save them by exporting them - Export Bookmarks
Then I need you to go Google Sync and sign into your account
Scroll down until you see the “Stop and Clear” button and click on the button. At the prompt click on “Ok”
Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
Import your bookmarks back into Chrome
Sign back in to your Chrome browser so that your bookmarks sync with your online account.
NEXT
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
Toolbar: HKU\S-1-5-21-1547120079-1928927322-2534752939-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1547120079-1928927322-2534752939-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
2015-05-29 23:50 - 2015-05-29 23:50 - 0000064 _____ () C:\Users\Lucas\AppData\Local\f928cf3812eb743139de18a4c690a295
Task: {17849965-39E0-4150-B01E-DFFBBE88E765} - \GeniusBox -> No File <==== ATTENTION
Task: {516C1106-D0F1-4E5F-9043-EF1AC74AC758} - \Update Service YourFileDownloader -> No File <==== ATTENTION
Task: {5739696D-FA54-4C61-B713-BF850CBCB6DB} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {63DD4A5C-A650-4B2E-830E-B39A953E7811} - System32\Tasks\Check Updates => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION
C:\Program Files (x86)\user extensions
Task: {B52EC425-17BA-4DAE-AAFC-D5D739C54E5B} - \ProPCCleaner_Start -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
Alright I ran through the steps and glad that that HKLM thing is finally gone that has been a struggle for awhile now. But I’m not really sure how this is taking care of the original problem…on my tablet…
No the log was for my laptop with tablet (Android) plugged in trough a usb…
The tablet has an App BroServices 4.0 that creates adds and other notifications. I’m trying to get rid of that as Avast and other software doesn’t recognize it and it just keeps re-installing without my permission.
I’ve done that once and a month later it somehow comes back I think it might be related to a preinstalled app “device manager” that AVG picks up but im skeptical and I really just want a way to update avast’s definition to prevent it from installing as each time it allows it to install while saying “safe to open”