[Phel]

So, any changes yet? How it is running now?

[Advertisements]

Still has the popups and hover ads...

[quasarn01]

Still has the popups and hover ads...

[Phel]

Hello,

Please, follow these steps:

• Launch your Mozilla Firefox browser.
• In the address bar paste the following:

• about:addons

• Now, please click the following key sequence:
  
  Alt+Print Screen
  
  NOTE: If you don't know location of Print Screen key, please see it here.
  
• Open Start menu
• In the search box type paint and press enter key.
• Paint window should appear.
• Press following key sequences:
  
  Ctrl+V and after that Ctrl+S
  
• Save the picture under name screenshot.png on your Desktop.
• Attach screenshot.png to your next message:
  
  
• Under your message field click on Use Full Editor button.
• In Attachments section click Choose File button.
• Select screenshot.png on your Desktop.
• Click Attach This File.

[quasarn01]

Ok... I've attached two screenshot pics... One is for the plugins and the other is for the extensions...

Attached Thumbnails

• 
• 

[Phel]

Please, follow these steps:

• Launch your Mozilla Firefox browser.
• In the address bar paste the following:
  

  about:addons

• Near the countinnuetosavve 3.9 extension click Remove button.
• Restart Firefox.

So, how your computer is running after these steps?

[quasarn01]

So far it's running well... Doesn't seem to be doing any of the things that it was doing before... I never thought of looking in my addons for Firefox... Some rogue code must've gotten past me... Thanks a lot for your help...

[Phel]

So far it's running well...

Glad to hear that! Please, don't leave this topic now, because pieces of malware could be left in the system. That's why problems can come back. Let's fix your computer completely.

Please, follow these steps:

Step 1. MBAM scan.

Run Malwarebytes Anti-Malware.

• Go to the Update tab.
• Click on the Check for updates button. New small window should appear.
• If an update is found, it will download and install the latest definitions.
• Go back to the Scanner tab.
• Select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

So, please, don't forget to post in your next message:

• ESET Online Scanner's log
• MBAM log

[quasarn01]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.15.10

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16540
Michael :: MICHAEL [administrator]

5/15/2013
mbam-log-2013-05-15 (17-08-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227016
Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Michael\Downloads\FlashPlayer_V.116212524b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Users\Michael\Local Settings\Temporary Internet Files\Content.IE5\RNV5J70T\516a9c425b319[1].exe (PUP.Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Michael\Local Settings\Temporary Internet Files\Content.IE5\TTOBL35T\5185834829a2d[1].exe (PUP.Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Michael\Local Settings\Temporary Internet Files\Content.IE5\TTOBL35T\aol_checker[1].exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\Users\Michael\Local Settings\Temporary Internet Files\Content.IE5\V6B1WOYC\aol_checker[1].exe (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\Windows\AutoKMS.exe (Riskware.Keygen) -> Quarantined and deleted successfully.

(end)





***********************************************************
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bbba986f4d4642428ecb39a2012a6675
# engine=13839
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-16 12:34:10
# local_time=2013-05-15 08:34:10 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776573 100 94 0 9167197 0 0
# scanned=235409
# found=18
# cleaned=18
# scan_time=10753
sh=B3A44F9CAD31AB32342B8EC277CEF80D902000C5 ft=1 fh=6aff0ef64301ca69 vn="Win32/PSWTool.Brutus application (cleaned by deleting - quarantined)" ac=C fn="C:\brutus-aet2\BrutusA2.exe"
sh=9877A39DB91DC2380E54872926A38A5509B4F27F ft=1 fh=c80c3f2d2e633611 vn="Win32/Toggle application (cleaned by deleting - quarantined)" ac=C fn="C:\TRAVEL E\Mary Ann\Downloads\installer_aol_9_1_beta_8.exe"
sh=7160BA54AC527036D06BD9450759E1E2CF4316A7 ft=1 fh=631b3f12ef693326 vn="Win32/AdInstaller application (cleaned by deleting - quarantined)" ac=C fn="C:\TRAVEL E\Mary Ann\Downloads\IWON.exe"
sh=9ABFD9313D361F5FE296B084A3B2569C001305AE ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.A application (deleted - quarantined)" ac=C fn="C:\TRAVEL E\Mary Ann\Downloads\WeatherBugSetup.msi"
sh=13D25BD999108AF453134FC2ECCE927DB89D4A1F ft=1 fh=b9e34cebe6fb2f8d vn="a variant of Win32/SProtector.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RKK3WP91\search_defender_166[1].exe"
sh=13D25BD999108AF453134FC2ECCE927DB89D4A1F ft=1 fh=b9e34cebe6fb2f8d vn="a variant of Win32/SProtector.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6B1WOYC\search_defender_166[1].exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Michael\Downloads\cbsidlm-tr1_13-Toshiba_Drivers_Update_Utility-SEO-75206691.exe"
sh=C0D600CF03DBFA2CD723D195CE96901581A60B7C ft=1 fh=85fa512aebe9a260 vn="Win32/InstalleRex.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Michael\Downloads\Microsoft Office 2013 with Visio Professional Plus CP x86 Setup Key.exe"
sh=39AE05B15CE699A0AE9A61F5C427F8D66A5CE764 ft=1 fh=e88052485b48b431 vn="a variant of Win32/Bundled.Toolbar.Ask.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Michael\Downloads\PFPortChecker.exe"
sh=327A638598CE58E33E7471DE3BCA65672CE07C02 ft=1 fh=63816a464cb1304e vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Michael\Downloads\Portforward-Setup-Static-IP-Address.exe"
sh=EF30AFADEE16055CC8369E45EB8D17862313210A ft=1 fh=02673e388ed7987f vn="a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Michael\Downloads\SoftonicDownloader_for_setiahome.exe"
sh=2EB3DA8BD377AE4D2104901CC06B14966337DCD2 ft=1 fh=84766037af050d0d vn="a variant of Win32/ExpressFiles.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Michael\Downloads\toshiba_Drivers_Update_Utility_3.2_cracked.rar_downloader_us_224.exe"
sh=FD210F16312C992C33942CC721521D708746F169 ft=1 fh=816745ab578aaaa4 vn="probably a variant of Win32/InstallIQ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Michael\Downloads\vioplayer2_d3795701.exe"
sh=5638CFEBC6EAC7C0352DF1D1D3635278E47ECE12 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application (deleted - quarantined)" ac=C fn="C:\Users\Michael\Downloads\WeatherBugSetup.msi"
sh=0164FE3B660C147F0FB550C4FF3886C0BC4336F5 ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Michael\Downloads\Axandra Internet Business Promoter (IBP) v11.9 By DJB3000\Patch\AIBP Easy Activator By Cool Release.cmd"
sh=0D6088E5A2523C6EE2ED2E308659C32CC3960E25 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="C:\Users\Michael\Downloads\Hiren's BootCD 15.2 Rebuild All in One Bootable CD\12.Hiren.s.Boot.CD.15.2.iso"
sh=85210A58713863657AD9A6802D45AE6C1480FB79 ft=1 fh=d21c132faaa44a48 vn="a variant of Win32/HackTool.Patcher.T application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Michael\Downloads\Macrium Reflect Professional v5.0.4620 Enhaced\patch.exe"
sh=D56BB2826630A8529F4E117EA00552ED6A7CD38D ft=1 fh=b1cb30fc13c1f454 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Michael\Downloads\PFConfig 1.0.296+working serial\PFCSetup.exe"

[Phel]

So, are all the problems solved now?

[quasarn01]

Seems to be running well now... No problems so far...

[Phel]

Congratulations, your PC is clean now.

However, you need to follow some important steps to remove tools and prevent infection again.

Step 1. Uninstalling Programs.

• Open Start menu.
• Click on Control Panel.
• Click on Programs and Features. New window should appear.
• Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

• ESET Online Scanner

Step 2. Uninstall AdwCleaner.

• Run AdwCleaner on your Desktop.
• Click Uninstall button.
• AdwCleaner will be removed from your computer.

Step 3. CleanUp.

Run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  :Commands
  [EMPTYTEMP]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• After reboot run OTL again.
• Click on CleanUp button.
• OTL will be removed from your computer.

Here are some recommendations for you, how to stay safe in the internet.

• Keep your system up-to-date. It will increase your protection level, because a lot of malware uses system vulnerabilities.
  
  To learn more, how to turn Automatic Updates on, click here.
  
• Keep another software up-to-date too. Malware often uses third party software vulnerabilities.
  
  You can monitor news about vulnerabilities or simply install software which will scan your computer for outdated and vulnerable software and will notify you about results. Some of these programs are Secunia PSI (Requires installation, you can download it here) and Secunia OSI (java applet, requires Java Runtime Environment, learn more here).
  
• Keep your antivirus software up-to-date.
  
  Turn on automatic updates for your antivirus, it's a basis of protection. Don't forget to keep your antivirus version up-to-date, new versions usually have advanced functionality, clean and prevent infection more effectively, than outdated versions.
  
• Use limited user account. It will considerably increase your level of protection.
  
  90% of Malware won't work under limited user account, because they need administrator priveleges. If you are using Windows XP, then you can use DropMyRights while you are surfing on the internet.
  
• Invent strong and long passwords for your accounts, if you want to keep your personal and confidential data in safety.
  
  Some malware have very dangerous functionality - they can crack your passwords. Please, set very strong password for your administrator account in Windows, then malware won't harm your PC. For each account on the internet invent individual password.

Hope that these recommendations will help you and you will avoid malware infections in the future. Good luck and safe web to you!

[quasarn01]

Thanks a bunch for your help...