Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

LinkBucks Adware [Solved]


  • This topic is locked This topic is locked

#16
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
The file and location that Windows Defender calls for is not related to Windows Defender.


Step 1.

Please run Autoruns again. Uncheck the box next to Windows Defender as well as the AvgScan.bat we discussed in an earlier post. The Windows Defender will be under this heading:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Then reboot your computer to verify that we have found the offending files.


Step 2.


We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    O4 - HKLM..\Run: [AvgScan] C:\Windows\SysWOW64\AvgScan.bat ()
    
    :files
    ipconfig /flushdns /c
    C:\plugins\server.jar
    C:\plugins
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Verify on reboot that the LInkBucks is no longer coming up.

Now click Start > All Programs > Startup

If you see Windows Defender, please right click on it and select Delete.


Step 3.

Please post:

OTL fix log


Is the issue with LInkbucks resolved? Are there any remaining issues?
  • 0

Advertisements


#17
Gilfindel

Gilfindel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
LinkBucks did not come up when I booted up today, so avgscan may have been the culprit. Regardless, it seems to be gone now. The Startup folder is empty.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AvgScan not found.
C:\Windows\SysWOW64\AvgScan.bat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Darren.SHMEXY\Desktop\cmd.bat deleted successfully.
C:\Users\Darren.SHMEXY\Desktop\cmd.txt deleted successfully.
C:\plugins\Server.jar moved successfully.
C:\plugins\lib folder moved successfully.
C:\plugins\data folder moved successfully.
C:\plugins folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: ADMINI~1
->Temp folder emptied: 0 bytes

User: All Users

User: Darren

User: Darren.SHMEXY
->Temp folder emptied: 64191 bytes
->Temporary Internet Files folder emptied: 12118490 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gilfindel

User: Public

User: Simee

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6493326 bytes

Total Files Cleaned = 18.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01042012_175455

Files\Folders moved on Reboot...
C:\Users\Darren.SHMEXY\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Darren.SHMEXY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Darren.SHMEXY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21XVWJDO\fastbutton[3].htm moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#18
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
What issues do you have remaining?
  • 0

#19
Gilfindel

Gilfindel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
I think that's it. Thanks for helping out!
  • 0

#20
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
The topic is here

I think that's it. Thanks for helping out!


Another Happy Bunny!!


Proposed Fix:


Very well done!! This is my general post for when your logs show no more signs of malware :thumbsup: - Please let me know if you are
still having problems with your computer and what these problems are.


The following procedure will implement some cleanup and update procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made. Finally, I have several recommendations to keep your computer safe and secure.

Any programs and logs that are left over can just be deleted from the desktop.


Remove Tools:

Please open OTL.
Click on the Cleanup button. This will remove most of the tools left on your desktop.
You will be prompted to reboot. Please reboot.

Clear System Restore Points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:\)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files

Antivirus Software:

Antvirus software is a necessity. This is your primary line of defense against the type of malware that has infected your computer. Each of the following products have real-time protection and scheduled scans. Please choose one, install it, update the antivirus database/definitions, and run a complete scan.

These are among the best free antivirus/antispyware products.
*Please note* You should never install more than one anti-virus program on a PC because it will cause conflicts.

Firewall:

Without a firewall your computer is succeptible to being hacked and taken over. Using a firewall will allow you to allow/deny access for applications that want to go online. Select one of these, or another of your choice:

For the Windows Firewall, just enable by following the directions in the link and for either of the other two, just download and install in the normal/standard configuration.


Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.


Make Firefox more secure:

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox



Make Sure Your Applications Have All of Their Updates:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


Turn On Automatic Updates:

To turn on Automatic Updates:
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site specific to your computer. Updates are downloaded automatically in the background, and you are not interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

You can also visit http://www.windowsupdate.com regularly. This will ensure your computer always has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update Java:

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

Uninstall all previous versions.
Download the latest version from: http://www.adobe.com.../readstep2.html

If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you do not like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It is a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful, do not install anything to do with AskBar.


Antispyware programs:

I recommend the download and installation of some or all of the following programs (all free), and remember to update them regularly:
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machine.
  • Malwarebytes' Anti-Malware - It is a powerful anti-malware tool. It is totally free, but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and we recomend keeping it and using it often.


Here is some great reading about how to be safer online:
PC Safety and Security - What Do I Need?
and
COMPUTER SECURITY - a short guide to staying safer online from Malware Removal

Keep Safe Posted Image




Please reply to this post so that I know you have read it. Then if you have no further questions, the thread can be closed.

I Will Keep This Open For About Three Days. If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM
  • 0

#21
Gilfindel

Gilfindel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
All done. Thanks!
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP