Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Searchnu, adware, Yontoo and maybe other malware [Solved]


  • This topic is locked This topic is locked

#16
manikmom

manikmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Oops, so sorry for not paying attention, I usually am more careful than this. Here is the OTL Fix Log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Users\Administrator\AppData\Local\Babylon not found.
File\Folder C:\Users\Administrator\AppData\Local\Temp\BabylonToolbar not found.
File\Folder C:\Users\Administrator\AppData\Local\Temp\YontooLayers not found.
File\Folder C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u8r5auec.default\extensions\[email protected] not found.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\defaults\preferences folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\defaults folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\chrome folder moved successfully.
C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\s2viuahw.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0} folder moved successfully.
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\defaults\preferences folder moved successfully.
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\defaults folder moved successfully.
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\chrome folder moved successfully.
C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\om23her1.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0} folder moved successfully.
C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\defaults\preferences folder moved successfully.
C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\defaults folder moved successfully.
C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\chrome folder moved successfully.
C:\Users\Mari\AppData\Roaming\Mozilla\Firefox\Profiles\j48lbsf9.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0} folder moved successfully.
C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\defaults\preferences folder moved successfully.
C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\defaults folder moved successfully.
C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0}\chrome folder moved successfully.
C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\rmph1iyx.default\extensions\{78d1bf49-f021-4397-9791-83c2bdafb4b0} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 436200 bytes
->Temporary Internet Files folder emptied: 133 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29840407 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Dan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Heidi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mari
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nikki
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124381 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09012013_121346

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements


#17
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,412 posts
Hello Manikmon,

Oops, so sorry for not paying attention, I usually am more careful than this. Here is the OTL Fix Log:

No problem sometimes it could happen. No harm done so all good.


Now the best part... Your log looks clean to me :), good work :thumbsup:

Before you go I have some housekeeping tasks for you, updates, remove the tools we use and I would like to provide some recommendations about how to protect your computer against future malware infections.
One advice from my Teacher, due to the nature of the malware found in your computer we recommend the reading of this blog post about the pitfalls of "free" downloads http://blog.avast.co...wnload-servers/.


Step 1 - Update Programs

From the Security Check log there are some critical programs that you need to update:

» Update Java
Your version of Java Runtime is outdated! In light of the recent events surrounding Java that is constantly target by malware, users must seriously consider their use of Java.
Do you really need it? If yes, go to the Java download page and click from the link Windows Offline this file will not include any unneeded extras like the ASK Toolbar. When java is installed its extremely important to update immediately when you get a notification pop-up from the Java Updater.

» Update Adobe Reader
The Adobe Reader you have is outdated! and vulnerable to security exploits. The version presently installed it's very old, you need to Uninstall Adobe Reader by using the Control Panel > Uninstall a program (or Programs and Features if in Classic View). Next download and install the most recent version by visiting the Adobe Reader page, make sure you uncheck the box offering any extra programs like the McAfee Security Scan Plus.


Step 2 - Empty The System Restore

Remove infected Restore Points and create a New Clean Restore Point.
  • Right click on the icon Posted Image and choose Run as Administrator to execute the tool. Make sure all other windows are closed and to let it run uninterrupted.
    Do not change any other settings unless otherwise told to do so.
  • Under the Posted Image box at the bottom, paste in the following:
    :Files
    %windir%\system32\vssadmin delete shadows /for=c: /all /quiet /c
    
    :Commands
    [CreateRestorePoint]
    
  • click the Run Fix button at the top
    Notes:
  • when done OTL will show a windows with Fix Complete!, click OK to access the report.
  • Copy & Paste the result in your next reply and not as attachment.

Step 3 - Remove the Tools we use

» AdwCleaner
  • Double-click then Posted Image icon on the Desktop to run the program.
    (On Windows Vista and higher accept the UAC prompt to allow changes to the computer).
  • click the Uninstall button.
» OTL
  • Double-click the OTL Icon Posted Image on the Desktop to start the program
    (On Windows Vista and higher accept the UAC prompt to allow changes to the computer).
  • click the Posted Image button. Accept the prompt to Reboot.
» Uninstall ESET On-line Scanner
  • Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate ESET On-line Scanner on the list and uninstall because it's no longer needed.
» Others
  • Delete any .log, .txt, file created on the Desktop during the cleaning process.

Step 4 - How to prevent new infections

To protect your computer from being infected again its very important to keep Windows Updated and all the programs related with the internet, Web Browser, Flash Player, Adobe Reader and Java only to mention the most targeted by today security exploits. Follow the instructions below to keep these critical programs updated:
    • Windows and Internet Explorer
      To keep Windows and Internet Explorer updated make sure you have Windows Update enabled on the Control Panel applet, follow the instructions for Windows 7 on this MS article How to configure and use Automatic Updates in Windows or use the FixIt tool provided.
    • Antivirus and Antimalware programs
      Make sure you have a Antivirus program always updated and running.
      Sometimes Antivirus can miss some malware, when that happens its good to have Malwarebytes installed like you have, Update and run weekly to keep your system clean. Malwarebytes is also good to revert some system changes made by the malware.
    • Enable the Firewall
      No system can be considered safe if not protected by a Firewall. If you are connected to the Internet by a Router you should check its configuration and make sure the firewall is active.
      If you connect by modem or to a open Local Network you should enable the Windows 7 built-in firewall.
    • Adobe Flash Player
      To update Adobe Flash Player accept any prompt to update or manually initiate the update by opening Start Menu > Settings > Control Panel open the applet called Flash Player, on the Advanced tab click the Check Now button. Accept any prompt to install an updated version.
      If the update process redirect you to the Adobe webpage you need to download the latest version of Adobe Flash and install for both Internet Explorer and Firefox, make sure you uncheck the box offering to install any extra programs (Google Chrome and Google Toolbar or McAfee Security Scan Plus) before downloading. Repeat the above steps with the other browser.
    • Adobe Reader
      Adobe Reader, can be updated by opening Adobe Reader from the Start Menu, when the program full load click on the Help menu next click the Check for updates now option. Follow the prompts to install any new update.
    • Java Runtime
      When java is installed its extremely important to update immediately when you get a notification pop-up from the Java Updater. Or update manually by opening the Start Menu > Settings > Control Panel, open the applet called Java on the Update tab click the Update Now button. The program will prompt you to install any new updated version available.
      Every time you update Java make sure you uncheck the box asking to Install the Ask Toolbar and make Ask my default search provider
    Use the instructions above to keep the programs updated or use one of the following programs to help you keeping the programs updated:
  • Keep Installed Programs Up to Date
    It's important to keep all other programs on your computer updated because they can also have security vulnerability explored by the malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications to fix vulnerabilities, this can be done manually by using the Update feature included in most programs or you can use one of the following programs to help you with this task:
  • Surf the Net with extra Security
    Every web browser is a target for malware, the bad guys are always trying to explorer security holes to infect the computers, and this is especially true for Internet Explorer because is one of the most used. Using alternatives like Mozilla Firefox or Google Chrome can help protecting your computer from infections.
    And for Firefox and Chrome you can get an extra layer of protection by installing two add-ons AdBlockPlus and Web Of Trust (WOT). WOT can also protect Internet Explorer.

::: Some final recommendations :::
Best Regards and have a Safe surfing! :wave:
  • 0

#18
manikmom

manikmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Yay, thank you so much for your help. I've posted the last OTL log below and uninstalled everything per your recommendations, also updated Java and Adobe Reader. (My daughter like to play Minecraft and it requires Java.) I installed Secunia PSI, I already have that on my work and personal computers, and will instruct my daughters on updating programs. I'm also going to go over the recommended reading about how computers get infected, etc, with both of them, and will install Adblock and WOT on Chrome.

Good luck with your training, I think it is wonderful that people like you are willing to help people like me, and I think you did an excellent job!



========== FILES ==========
< %windir%\system32\vssadmin delete shadows /for=c: /all /quiet /c >
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
© Copyright 2001-2005 Microsoft Corp.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 09012013_202923
  • 0

#19
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,412 posts

Yay, thank you so much for your help. I've posted the last OTL log below and uninstalled everything per your recommendations, also updated Java and Adobe Reader. (My daughter like to play Minecraft and it requires Java.) I installed Secunia PSI, I already have that on my work and personal computers, and will instruct my daughters on updating programs. I'm also going to go over the recommended reading about how computers get infected, etc, with both of them, and will install Adblock and WOT on Chrome.

Good. I notice Minecraft that's why I didn't recommend to remove Java... I can't browse without AdBlock it makes the webpages cleaner by removing all that misleading buttons and images.

Good luck with your training, I think it is wonderful that people like you are willing to help people like me, and I think you did an excellent job!


Thank You. I'm glad we could help. :thumbsup:

Regards.
  • 0

#20
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,412 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP