The Malware BroServices 4.0

So recentally I’ve been struggling to remove the malware BroServices 4.0. Not sure how it gets onto my tablet, but this is the second time the first being resolved via factory resetting it. I was wondering if anyone knows of it as I keep getting it somehow and I’m annoyed.

The problem it causes is that I loads a small add usually for kindle on my chrome browser in the corner.

I’ve uninstalled it but it force installs after a reboot and slips right by Avast and several other scanners.
So this is a helpme/look out for this app.

I bet you have Chrome set to synch, so every time you sign in you download it again

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

Tried to run it on the tablet and instead it ran on my C: drive should i still post the results?

That is the point :wink: … but attach the two logs, not copy and paste

Here ya go

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

  1. If you have bookmarks, let’s save them by exporting them - Export Bookmarks
  2. Then I need you to go Google Sync and sign into your account
  3. Scroll down until you see the “Stop and Clear” button and click on the button. At the prompt click on “Ok”
  4. Now we need to uninstall chrome.
    Note: When asked about user data or settings you must remove this also so please check the box.
  5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
  6. Import your bookmarks back into Chrome
  7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

NEXT

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File Toolbar: HKU\S-1-5-21-1547120079-1928927322-2534752939-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1547120079-1928927322-2534752939-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File 2015-05-29 23:50 - 2015-05-29 23:50 - 0000064 _____ () C:\Users\Lucas\AppData\Local\f928cf3812eb743139de18a4c690a295 Task: {17849965-39E0-4150-B01E-DFFBBE88E765} - \GeniusBox -> No File <==== ATTENTION Task: {516C1106-D0F1-4E5F-9043-EF1AC74AC758} - \Update Service YourFileDownloader -> No File <==== ATTENTION Task: {5739696D-FA54-4C61-B713-BF850CBCB6DB} - \ProPCCleaner_Popup -> No File <==== ATTENTION Task: {63DD4A5C-A650-4B2E-830E-B39A953E7811} - System32\Tasks\Check Updates => C:\Program Files (x86)\user extensions\updater.exe <==== ATTENTION C:\Program Files (x86)\user extensions Task: {B52EC425-17BA-4DAE-AAFC-D5D739C54E5B} - \ProPCCleaner_Start -> No File <==== ATTENTION Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

Alright I ran through the steps and glad that that HKLM thing is finally gone that has been a struggle for awhile now. But I’m not really sure how this is taking care of the original problem…on my tablet…

You mean the log was not for the tablet ?

No the log was for my laptop with tablet (Android) plugged in trough a usb…

The tablet has an App BroServices 4.0 that creates adds and other notifications. I’m trying to get rid of that as Avast and other software doesn’t recognize it and it just keeps re-installing without my permission.

Tablet is a Dragontouch E97 16gb

have you tried to factoty resett it?

I’ve done that once and a month later it somehow comes back I think it might be related to a preinstalled app “device manager” that AVG picks up but im skeptical and I really just want a way to update avast’s definition to prevent it from installing as each time it allows it to install while saying “safe to open”

Ah so it is on android, in that case I can do little … Mayhap if you disabled google synch