yet another clickered.com problem

Hello All,
Have been pulling my hair out trying to get rid of the clickered.com issue. Ran avast, Malwarebytes, spybot and sophos with no success. Tried to prep for this post by running Farbar64 to give you the logs before you asked for them but it hangs everytime on getting events. I can provide the farbar logs it did create. Keep getting the popup from avast about the event asking if I want to set as a false positive. The alert says a chrome.exe process and I have removed chrome. I use Firefox about 98% of the time. Do not have a good restore point to use either. Was going to try creating a new account on the laptop thinking it may be an issue with my wife’s profile.

Any thoughts from this point? I am running win7 64 bit. Please don’t make me run Linux on this box… Terrified of explaining to my wife how to use Linux :slight_smile:

Thanks,
Steve

hey and welcome to the forum please follow this guide and attach the logs from mbam,and farbor

https://forum.avast.com/index.php?topic=53253.0

a malware expert will help you from there.

spybot is no good anymore sens it can’t keep up with the malware out there today. So i suggest you uninstall it and keep malwarebytes instead.

Attach what logs you have and I will see where we can go from there

thanks for the reply. I was not able to get the full logs logged on as my wife. I did create a new user profile and while the pop ups keep happening, I was able to get a full scan for the logs as attached.

Thanks again for all your help,
Steve

OK lets get started. Once these fixes have run could you go to the infected user (I believe it is Pat) and run a fresh FRST scan from there

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM-x32\...\Run: [BrowserSafeguard] => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe" HKLM-x32\...\Run: [] => [X] SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-search.net/search?sid=516&aid=104&itype=n&ver=12791&tm=427&src=ds&p={searchTerms} SearchScopes: HKLM - {E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-search.net/search?sid=516&aid=104&itype=n&ver=12791&tm=427&src=ds&p={searchTerms} SearchScopes: HKLM-x32 - {E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-07-23] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-23] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-07-23] 2014-08-28 11:02 - 2014-08-28 16:57 - 00000000 ____D () C:\Users\pat\AppData\Local\Idle~_~Crawler 2014-08-28 11:02 - 2014-08-28 11:02 - 00004578 _____ () C:\Windows\System32\Tasks\Idle~_~Crawler Runner 2014-08-28 11:01 - 2014-08-28 11:02 - 00000000 ____D () C:\Users\Public\30486184C2A347E7A52AC8D62AF1C776 2014-08-14 18:17 - 2014-08-14 18:18 - 00000000 ____D () C:\Users\Public\9B5FA4664AAA43488A3338B456970A30 2014-08-08 11:20 - 2014-08-08 11:20 - 00000000 ____D () C:\Users\Public\5E4D98A75092499E8108FB1068D15D46 2014-08-07 13:44 - 2014-08-07 13:44 - 00000000 ____D () C:\Users\Public\3A58226D150C4FF8BD48FE3415141072 2014-08-02 20:09 - 2014-08-02 20:09 - 00000000 ____D () C:\Program Files (x86)\predm 2014-08-02 19:54 - 2014-08-02 20:12 - 00000000 ____D () C:\Program Files (x86)\Linkey 2014-08-02 19:53 - 2014-08-02 23:10 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-08-02 19:53 - 2014-08-02 19:53 - 00000000 ____D () C:\Users\pat\AppData\Local\globalUpdate 2014-08-02 19:50 - 2014-07-30 15:45 - 04816384 _____ () C:\Windows\score.exe 2014-08-28 16:57 - 2014-08-28 11:02 - 00000000 ____D () C:\Users\pat\AppData\Local\Idle~_~Crawler 2014-08-28 11:02 - 2014-08-28 11:02 - 00004578 _____ () C:\Windows\System32\Tasks\Idle~_~Crawler Runner 2014-08-28 11:02 - 2014-08-28 11:01 - 00000000 ____D () C:\Users\Public\30486184C2A347E7A52AC8D62AF1C776 2014-08-28 09:21 - 2010-07-20 12:25 - 00000000 ____D () C:\Users\pat\AppData\Local\WeatherBug 2014-08-14 18:18 - 2014-08-14 18:17 - 00000000 ____D () C:\Users\Public\9B5FA4664AAA43488A3338B456970A30 2014-08-08 11:20 - 2014-08-08 11:20 - 00000000 ____D () C:\Users\Public\5E4D98A75092499E8108FB1068D15D46 2014-08-07 13:44 - 2014-08-07 13:44 - 00000000 ____D () C:\Users\Public\3A58226D150C4FF8BD48FE3415141072 Task: {5BA11EA9-4278-4FB2-A91D-B53173ECCC0A} - System32\Tasks\Idle~_~Crawler Runner => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe Task: {DB610975-CF1D-4494-832B-B81DF636DFF9} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe C:\Program Files (x86)\Browsersafeguard C:\Users\pat\AppData\Local\Idle~_~Crawler C:\Windows\score.exe EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

here are the log files generated.

thanks,
steve

Have the alerts ceased for all users ?

so far so good …

I assume the log looks good to you?

Thanks for your help
Steve

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

looks good, thanks again,
Steve