Ads all over facebook, fake statuses of friends.
Started by
boomerang531
, Jul 21 2011 03:54 PM
-
This topic is locked
#16
Posted 02 August 2011 - 04:05 PM
boomerang531
- Topic Starter
-
- Member
-
- 13 posts
Member
#17
Posted 02 August 2011 - 05:02 PM
patndoris
-
- Malware Removal
-
- 228 posts
Trusted Helper
I'm going to see if any of the other techs have a good idea how to find the issue when it's just in Chrome. I'll be back to you shortly.
#18
Posted 03 August 2011 - 06:08 AM
patndoris
-
- Malware Removal
-
- 228 posts
Trusted Helper
Someone who has dealt with the FaceTheme adware before had better eyes than me. You do indeed have a folder related to FaceTheme on your system, so let's go ahead and get rid of that and then see if there is any improvement.
Run OTL.exe by right-clicking and choosing Run as Administrator on the icon.
Run OTL.exe by right-clicking and choosing Run as Administrator on the icon.
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services :OTL 2011-07-20 22:28 . 2011-07-20 22:28 -------- d-----w- c:\program files\Object :Commands [purity] [emptytemp] [emptyflash] [createrestorepoint]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then post the resulting OTL log
#19
Posted 05 August 2011 - 08:54 AM
patndoris
-
- Malware Removal
-
- 228 posts
Trusted Helper
Were you able to run the OTL fix? If so, have you seen any improvement in the ads?
#20
Posted 05 August 2011 - 02:16 PM
boomerang531
- Topic Starter
-
- Member
-
- 13 posts
Member
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Roy
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 1200423 bytes
->Google Chrome cache emptied: 164354092 bytes
->Flash cache emptied: 4758 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8866 bytes
RecycleBin emptied: 554412200 bytes
Total Files Cleaned = 687.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Public
User: Roy
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.26.1 log created on 08052011_150947
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Roy
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 1200423 bytes
->Google Chrome cache emptied: 164354092 bytes
->Flash cache emptied: 4758 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8866 bytes
RecycleBin emptied: 554412200 bytes
Total Files Cleaned = 687.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Public
User: Roy
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.26.1 log created on 08052011_150947
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
#21
Posted 05 August 2011 - 02:22 PM
boomerang531
- Topic Starter
-
- Member
-
- 13 posts
Member
I still have the ad problem.
#22
Posted 05 August 2011 - 02:59 PM
patndoris
-
- Malware Removal
-
- 228 posts
Trusted Helper
It doesn't look like that folder was removed. Let's try one more time please.
Run OTL.exe by right-clicking and choosing Run as Administrator on the icon.
Run OTL.exe by right-clicking and choosing Run as Administrator on the icon.
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services :OTL [2011/07/20 17:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\Object :Commands [createrestorepoint]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then post the resulting OTL log
#23
Posted 06 August 2011 - 12:38 PM
boomerang531
- Topic Starter
-
- Member
-
- 13 posts
Member
I ran the fix and rebooted it. Still have the ads.
Here is the log:
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Program Files\Object\chromeaddon folder moved successfully.
C:\Program Files\Object folder moved successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.26.1 log created on 08062011_133039
Here is the log:
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Program Files\Object\chromeaddon folder moved successfully.
C:\Program Files\Object folder moved successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.26.1 log created on 08062011_133039
#24
Posted 06 August 2011 - 01:19 PM
patndoris
-
- Malware Removal
-
- 228 posts
Trusted Helper
In Chrome, on the right hand side of your toolbar you should have a little wrench icon. Please click on it, choose Tools and then Extensions. The more research I do on FaceTheme and the ad problem in Facebook, the more different names it appears it can be shown under (Yontoo, FaceTheme, Betterlinks, Fantapper, and probably others as well). Since our tools don't show me the extensions you have enabled, I'd recommend disabling all your extensions in Chrome (temporarily), close and open the browser, and see if the problem persists.
If it is gone, re-enable the extensions one at a time, and you should be able to identify the one causing the problem. Apparently from what I'm finding, just uninstalling and removing the program isn't even enough in this case. You have to disable the extension in Chrome (or Firefox for those users) to be clear up the problem. Once you identify the extension, I would most certainly uninstall it rather than just leave it disabled.
If this doesn't work, I do have some instructions for resetting Chrome to default without having to uninstall it. Unlike Internet Explorer and Firefox, there is no easy way of doing this in from the browser settings. It requires deleting a couple of files, and you may lose your program settings and bookmarks if we have to try it. I'm trying to avoid you losing any unnecessary data if we can.
Let me know how it goes checking the extensions.
If it is gone, re-enable the extensions one at a time, and you should be able to identify the one causing the problem. Apparently from what I'm finding, just uninstalling and removing the program isn't even enough in this case. You have to disable the extension in Chrome (or Firefox for those users) to be clear up the problem. Once you identify the extension, I would most certainly uninstall it rather than just leave it disabled.
If this doesn't work, I do have some instructions for resetting Chrome to default without having to uninstall it. Unlike Internet Explorer and Firefox, there is no easy way of doing this in from the browser settings. It requires deleting a couple of files, and you may lose your program settings and bookmarks if we have to try it. I'm trying to avoid you losing any unnecessary data if we can.
Let me know how it goes checking the extensions.
#25
Posted 07 August 2011 - 02:10 AM
boomerang531
- Topic Starter
-
- Member
-
- 13 posts
Member
Success at last: I found an extension named Facetheme, which I uninstalled, and reopened the browser and I no longer have the ad problems. Thank you very much, I really appreciate the time you have taken to help me out.
#26
Posted 07 August 2011 - 09:23 AM
patndoris
-
- Malware Removal
-
- 228 posts
Trusted Helper
I'm so glad to hear you found the offending extension! It must be a relief to have those huge ads gone! We do have a bit of cleanup to do before we say goodbye, and I'd like to give you some tips for staying malware free in the future.
The following will implement some cleanup procedures as well as reset System Restore points:
If there are any remaining tools or logs on your desktop you can right-click and delete them. I would advise keeping Malwarebytes as it is a program you'll want to run regularly.
Great job! Your logs appear to be malware free and you do not appear to be experiencing any malware related problems.
Please follow these simple steps in order to keep your computer malware free and secure:
Use and Update your AntiVirus Software
It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this. Simply using a Firewall in its default configuration can lower your risk greatly.
Use only one antivirus and one firewall on your machine
Having more than one anti-virus program and one firewall on your machine, even if only one is running, can cause conflicts and slowdowns in the performance of the machine.
If you need more information on free anti-virus or firewall options please let me know and I will give you some recommendations.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to Prompt
6. Change the Download unsigned ActiveX controls to Disable
7. Change the Initialize and script ActiveX controls not marked as safe to Disable
8. Change the Installation of desktop items to Prompt
9. Change the Launching programs and files in an IFRAME to Prompt
10. Change the Navigate sub-frames across different domains to Prompt
11. When all these settings have been made, click on the OK button.
12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
13. Next press the Apply button and then the OK to exit the Internet Properties page.
Keep your Java, Adobe Reader and Adobe Flash Up to Date
Older versions of these programs can contain security vulnerabilities. It is very important to keep them updated.
Update and Run Malwarebytes Anti-Malware
Scan your computer with this program on a regular basis just as you would an antivirus software making sure you update definitions each time you scan.
To simplify making sure you have the latest version of many of your security programs and applications, you may want to consider:
Secunia's Personal Software Inspector (PSI). It is a free utility that scans your computer for installed applications and checks to see if they have the latest security patches and updates. If it finds any applications with possible security issues, links and/or instructions are provided for the necessariy updates.
Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.
I would suggest you read:
Tony Klein's excellent article: How I got Infected in the First Place
PC Safety and Security--What Do I Need?
How to Prevent Malware
Good luck & Happy surfing!
The following will implement some cleanup procedures as well as reset System Restore points:
- Click the Windows Key + R to open the Run box.
- Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
If there are any remaining tools or logs on your desktop you can right-click and delete them. I would advise keeping Malwarebytes as it is a program you'll want to run regularly.
Great job! Your logs appear to be malware free and you do not appear to be experiencing any malware related problems.
Please follow these simple steps in order to keep your computer malware free and secure:
Use and Update your AntiVirus Software
It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this. Simply using a Firewall in its default configuration can lower your risk greatly.
Use only one antivirus and one firewall on your machine
Having more than one anti-virus program and one firewall on your machine, even if only one is running, can cause conflicts and slowdowns in the performance of the machine.
If you need more information on free anti-virus or firewall options please let me know and I will give you some recommendations.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to Prompt
6. Change the Download unsigned ActiveX controls to Disable
7. Change the Initialize and script ActiveX controls not marked as safe to Disable
8. Change the Installation of desktop items to Prompt
9. Change the Launching programs and files in an IFRAME to Prompt
10. Change the Navigate sub-frames across different domains to Prompt
11. When all these settings have been made, click on the OK button.
12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
13. Next press the Apply button and then the OK to exit the Internet Properties page.
Keep your Java, Adobe Reader and Adobe Flash Up to Date
Older versions of these programs can contain security vulnerabilities. It is very important to keep them updated.
Update and Run Malwarebytes Anti-Malware
Scan your computer with this program on a regular basis just as you would an antivirus software making sure you update definitions each time you scan.
To simplify making sure you have the latest version of many of your security programs and applications, you may want to consider:
Secunia's Personal Software Inspector (PSI). It is a free utility that scans your computer for installed applications and checks to see if they have the latest security patches and updates. If it finds any applications with possible security issues, links and/or instructions are provided for the necessariy updates.
Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.
I would suggest you read:
Tony Klein's excellent article: How I got Infected in the First Place
PC Safety and Security--What Do I Need?
How to Prevent Malware
Good luck & Happy surfing!
#27
Posted 08 August 2011 - 05:05 AM
patndoris
-
- Malware Removal
-
- 228 posts
Trusted Helper
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
