Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ads all over facebook, fake statuses of friends.


  • This topic is locked This topic is locked

#16
boomerang531

boomerang531

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I checked, and I do not have facetheme installed.
  • 0

Advertisements


#17
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
I'm going to see if any of the other techs have a good idea how to find the issue when it's just in Chrome. I'll be back to you shortly.
  • 0

#18
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
Someone who has dealt with the FaceTheme adware before had better eyes than me. You do indeed have a folder related to FaceTheme on your system, so let's go ahead and get rid of that and then see if there is any improvement.

Run OTL.exe by right-clicking and choosing Run as Administrator on the icon.
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    :OTL
    2011-07-20 22:28 . 2011-07-20 22:28	--------	d-----w-	c:\program files\Object
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the resulting OTL log

  • 0

#19
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
Were you able to run the OTL fix? If so, have you seen any improvement in the ads?
  • 0

#20
boomerang531

boomerang531

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Roy
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 1200423 bytes
->Google Chrome cache emptied: 164354092 bytes
->Flash cache emptied: 4758 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8866 bytes
RecycleBin emptied: 554412200 bytes

Total Files Cleaned = 687.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Roy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.26.1 log created on 08052011_150947

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#21
boomerang531

boomerang531

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I still have the ad problem.
  • 0

#22
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
It doesn't look like that folder was removed. Let's try one more time please.



Run OTL.exe by right-clicking and choosing Run as Administrator on the icon.
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    :OTL
    [2011/07/20 17:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\Object
    
    :Commands
    [createrestorepoint]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the resulting OTL log

  • 0

#23
boomerang531

boomerang531

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I ran the fix and rebooted it. Still have the ads.
Here is the log:


========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Program Files\Object\chromeaddon folder moved successfully.
C:\Program Files\Object folder moved successfully.
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.26.1 log created on 08062011_133039
  • 0

#24
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
In Chrome, on the right hand side of your toolbar you should have a little wrench icon. Please click on it, choose Tools and then Extensions. The more research I do on FaceTheme and the ad problem in Facebook, the more different names it appears it can be shown under (Yontoo, FaceTheme, Betterlinks, Fantapper, and probably others as well). Since our tools don't show me the extensions you have enabled, I'd recommend disabling all your extensions in Chrome (temporarily), close and open the browser, and see if the problem persists.

If it is gone, re-enable the extensions one at a time, and you should be able to identify the one causing the problem. Apparently from what I'm finding, just uninstalling and removing the program isn't even enough in this case. You have to disable the extension in Chrome (or Firefox for those users) to be clear up the problem. Once you identify the extension, I would most certainly uninstall it rather than just leave it disabled.

If this doesn't work, I do have some instructions for resetting Chrome to default without having to uninstall it. Unlike Internet Explorer and Firefox, there is no easy way of doing this in from the browser settings. It requires deleting a couple of files, and you may lose your program settings and bookmarks if we have to try it. I'm trying to avoid you losing any unnecessary data if we can.

Let me know how it goes checking the extensions.
  • 0

#25
boomerang531

boomerang531

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Success at last: I found an extension named Facetheme, which I uninstalled, and reopened the browser and I no longer have the ad problems. Thank you very much, I really appreciate the time you have taken to help me out.
  • 0

Advertisements


#26
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
I'm so glad to hear you found the offending extension! It must be a relief to have those huge ads gone! We do have a bit of cleanup to do before we say goodbye, and I'd like to give you some tips for staying malware free in the future.



The following will implement some cleanup procedures as well as reset System Restore points:
  • Click the Windows Key + R to open the Run box.
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Posted Image

If there are any remaining tools or logs on your desktop you can right-click and delete them. I would advise keeping Malwarebytes as it is a program you'll want to run regularly.




Great job! Your logs appear to be malware free and you do not appear to be experiencing any malware related problems.
Please follow these simple steps in order to keep your computer malware free and secure:

Use and Update your AntiVirus Software
It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this. Simply using a Firewall in its default configuration can lower your risk greatly.

Use only one antivirus and one firewall on your machine
Having more than one anti-virus program and one firewall on your machine, even if only one is running, can cause conflicts and slowdowns in the performance of the machine.

If you need more information on free anti-virus or firewall options please let me know and I will give you some recommendations.

Make your Internet Explorer more secure
This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to Prompt
6. Change the Download unsigned ActiveX controls to Disable
7. Change the Initialize and script ActiveX controls not marked as safe to Disable
8. Change the Installation of desktop items to Prompt
9. Change the Launching programs and files in an IFRAME to Prompt
10. Change the Navigate sub-frames across different domains to Prompt
11. When all these settings have been made, click on the OK button.
12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
13. Next press the Apply button and then the OK to exit the Internet Properties page.

Keep your Java, Adobe Reader and Adobe Flash Up to Date
Older versions of these programs can contain security vulnerabilities. It is very important to keep them updated.

Update and Run Malwarebytes Anti-Malware
Scan your computer with this program on a regular basis just as you would an antivirus software making sure you update definitions each time you scan.

To simplify making sure you have the latest version of many of your security programs and applications, you may want to consider:
Secunia's Personal Software Inspector (PSI). It is a free utility that scans your computer for installed applications and checks to see if they have the latest security patches and updates. If it finds any applications with possible security issues, links and/or instructions are provided for the necessariy updates.

Filehippo's Update Checker. It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

I would suggest you read:
Tony Klein's excellent article: How I got Infected in the First Place
PC Safety and Security--What Do I Need?
How to Prevent Malware

Good luck & Happy surfing!
  • 0

#27
patndoris

patndoris

    Trusted Helper

  • Malware Removal
  • 228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP