Last week, my laptop infected by some kinds of adware, I used adwcleaner and malwarebytes to remove it since avast did not detect it. Now, my Google Chrome has a extension named YTTBOokMark. I tried to remove it several times but it’s still there every single time I run Chrome and Chrome won’t notify me about its installation. Anyone knows how to remove it completely?
I’m using Windows 8.1 with the latest version of avast free.
We need Malwarebytes / OTL / aswMBR logs http://forum.avast.com/index.php?topic=53253.0
Hi,
This is Windows 8.1. Besides OTL, I’ll need you to run this tool as well:
Do not run aswMBR, it is not compatible with 8.1. You do not have to preform Malwarebytes scan. You can do that later if you will when we finish the checking and cleaning.
Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Hey I’m having the same problem with YTTBOokmark coming back. I’ve ran FRST and attached the files. Any help would be appreciated.
Hi Tigaz,
This FRSTScript (FixList) shall remove that one + some adware remains … TFC shall clean all temp and cache from all user accounts. AdwCleaner is here as addition PUP (adware, toolbar…) scan routine.
FRST’s FixList
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start C:\Program Files (x86)\Bench C:\Users\tigaz_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnnjbeaodpbichjblecaapnmlajmafmi C:\Users\tigaz_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkiacofncjbllhahfdfgghbklfgkkdh C:\Windows\System32\Tasks\bench-sys C:\ProgramData\YoutubeAdblocker C:\ProgramData\ggreatsaVer C:\ProgramData\9f7efc3c8ee59d6b C:\ProgramData\InstallMate C:\Users\tigaz_000\AppData\Local\Torch C:\Users\HomeGroupUser$\AppData\Local\Torch C:\Users\Guest\AppData\Local\Torch C:\Users\HomeGroupUser$\AppData\Local\Comodo C:\Users\Administrator\AppData\Local\Torch C:\Users\Guest\AppData\Local\Comodo C:\Users\Administrator\AppData\Local\Torch C:\Users\Administrator\AppData\Local\Comod C:\Users\tigaz_000\AppData\Local\Temp\211nohh3x3421.jpg.exe C:\Users\tigaz_000\AppData\Local\Temp\7za.exe C:\Users\tigaz_000\AppData\Local\Temp\Calculator.exe C:\Users\tigaz_000\AppData\Local\Temp\core.exe C:\Users\tigaz_000\AppData\Local\Temp\dxdiag.exe C:\Users\tigaz_000\AppData\Local\Temp\install.exe C:\Users\tigaz_000\AppData\Local\Temp\max.exe C:\Users\tigaz_000\AppData\Local\Temp\MediaPlayer__3137_i319486485_il9265.exe C:\Users\tigaz_000\AppData\Local\Temp\Mobogenie_Setup_2.1.37_506.exe C:\Users\tigaz_000\AppData\Local\Temp\nvStInst.exe C:\Users\tigaz_000\AppData\Local\Temp\setupQaz2o.exe Task: {5319E569-863D-4F15-ACBA-9DD60F31F6E8} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchinweb.info/?pid=2145&r=2014/01/28&hid=13303073038000284771&lg=EN&cc=CA&unqvl=47 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchinweb.info/?pid=2145&r=2014/01/28&hid=13303073038000284771&lg=EN&cc=CA&unqvl=47 SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchinweb.info/?l=1&q={searchTerms}&pid=2145&r=2014/01/28&hid=13303073038000284771&lg=EN&cc=CA&unqvl=47 SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchinweb.info/?l=1&q={searchTerms}&pid=2145&r=2014/01/28&hid=13303073038000284771&lg=EN&cc=CA&unqvl=47 SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchinweb.info/?l=1&q={searchTerms}&pid=2145&r=2014/01/28&hid=13303073038000284771&lg=EN&cc=CA&unqvl=47 SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchinweb.info/?l=1&q={searchTerms}&pid=2145&r=2014/01/28&hid=13303073038000284771&lg=EN&cc=CA&unqvl=47 CHR Extension: (YTTBookMark) - C:\Users\tigaz_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnnjbeaodpbichjblecaapnmlajmafmi [2014-01-27] CHR Extension: (SNT) - C:\Users\tigaz_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkiacofncjbllhahfdfgghbklfgkkdh [2014-01-27] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CMD: ipconfig /flushdns End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
TFC
Please download TFC by OldTimer to your desktop
[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
AdwCleaner
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.
=====================================
=> Tell me, how is your computer running now?
Thankyou this appears to have solved my problem. Sorry I took a while to reply. I’ve attached the log files generated.
Same problem basically except i am having some internet issues as well.i assume it is malware or a virus of some sort.please help me with this.The launcher info down error for my game and cannot load webpage for any browser i use is getting frustrating.I ran FRST already.I’ll attach the log files.Thank you for your time reading this and any help you can give is greatly appreciated.feel free to email me
start your own topic, helping multiple users in same topic will be chaos
Fix for Tigaz
• The following will implement some post-cleanup procedures:
=> Please download DelFix by Xplode to your Desktop.
Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Fix for arcticfoxofdeath
In the future, please known that each user should create their own new topic for malware resolver.
I’ll make an exception this time and we will continue in this topic.
Set the home page to Google Chrome back to google.
https://support.google.com/chrome/answer/95314?hl=en
This FRST FixList shall just show me some additional info as I’ll need deeper look to continue.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Folder: C:\Windows\ú'
File: C:\Windows\system32\apf004.sys
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Thank you for responding and attempting to help but after the post from uber i got a little mad and went ahead and just reinstalled entire operating system.i specifically stated i was having problems loading the page and they obviously could not understand that.again i thank you for trying and i apologize if this post upsets Uber but that was my only way of fixing without doing a complete OS reinstall.i do understand it gets hectic though,don’t get me wrong there.Again thank you for your time and continue to help people.i have gotten a lot of useful info just reading posts from you and Uber.Thanks again.and yes it’s fixed now.IE,chrome,and even Comodo all 3 load perfect.