hi i get messages like this one every time i open my browser. Can this be fixed?
Infectie: URL:Mal
Proces: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
hi i get messages like this one every time i open my browser. Can this be fixed?
Infectie: URL:Mal
Proces: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
here are the log files
Hello,
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[]In the main box please paste in the following script:
createsrpoint;
autoclean;
C:\Program Files (x86)\OLBPre;fs
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Stijn on di 23/06/2015 at 15:37:33,30.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Stijn\Downloads\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 15:38:37,90 =====
— Create Environment Variables 15:38:40,70
— Create System Restore Point 15:38:56,31
— Checking Input 15:39:43,76
— AU AppData Check 15:40:11,88
— Remove From Windows Installer 15:40:20,34
— Empty Folders Check 15:41:51,12
— Registry HKLM Software Check 15:41:51,18
— Quick Launch Shortcut Check 15:42:12,13
— IE Startpage Check 15:42:16,32
— Program Files DB Check 15:42:54,08
— C:\Users\Default\AppData\Roaming DB Check 15:45:22,26
— C:\Users\Default User\AppData\Roaming DB Check 15:45:22,26
— C:\Users\Stijn\AppData\Roaming DB Check 15:45:22,26
— C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming DB Check 15:45:22,26
— C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming DB Check 15:45:22,26
— C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming DB Check 15:45:22,26
— C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming DB Check 15:45:22,26
— C:\Users\Stijn DB Check 15:52:46,62
— C:\PROGRA~3 DB Check 15:53:43,75
— C:\Users\Default\AppData\Local DB Check 15:53:56,50
— C:\Users\Default User\AppData\Local DB Check 15:53:56,50
— C:\Users\Stijn\AppData\Local DB Check 15:53:56,50
— C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check 15:53:56,50
— C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check 15:53:56,50
— C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check 15:53:56,50
— C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check 15:53:56,50
— C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 15:59:30,25
— C:\Users\Stijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 16:00:06,32
— Tasks DB Check 16:00:29,31
— Downloads DB Check 16:00:42,47
— C:\Users\Stijn\AppData\LocalLow DB Check 16:00:57,55
— C:\WINDOWS\SysNative\config\systemprofile\AppData\LocalLow DB Check 16:00:57,55
— C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 16:00:57,55
— C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow DB Check 16:00:57,55
— C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow DB Check 16:00:57,55
— Tasks2 DB Check 16:04:59,66
— Documents DB Check 16:07:08,54
— C:\Users\Public\Desktop DB Check 16:07:40,99
— C:\Users\Stijn\Desktop DB Check 16:08:00,50
— Services DB Check 16:08:33,40
— FF prefs.js DB Check 16:09:29,76
— Emptyclsid 16:09:32,75
— Del by CLSID 16:09:40,10
here you go
Zoek won’t finish?
i didnt wait long enough, now it is finished check the download file in the previous comment
Excellent.
How is your PC behaving now?
i think it worked, thank you very much. Can I delete all the programs that i had to download to remove the malware?
Post-cleanup procedures:
Download DelFix by Xplode and save it to your desktop.
[*]Run the tool by right click on the
http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png
icon and Run as administrator option.
[*]Make sure that these ones are checked:
[]Remove disinfection tools
[]Purge system restore
[*]Reset system settings
[*]Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:[B]DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Thank you very much, sir !!
today it happened again. URL MAL blocked, veterance.com.… AND adds an extension by itself called Discount Ext.
Can you please help me again? thanks anyway
i did all the scans again and the log files are attached already
Run Farbar and attach the logs.
i did check the previous comment.
Unless you installed it yourself, malware has changed Chrome into a developer version which allows other malware to install without the user noticing it.
I suggest you start with removing Chrome.
okay i did it now. Should I do something else?
No, just wait till one of the malware removers guide you further.
Most are in Europe and it is night here, so have patience please.
Okay, no problem
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
here you go