Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Having Trouble With IE Opening & Browsing [Solved]


  • This topic is locked This topic is locked

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

No Worries, Thank You for taking the time to help out. :)


You're quite welcome. :thumbsup:
  • 0

Advertisements


#17
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Good progress, let's sweep for remnants, and check for out of date programs. :thumbsup:

Step 1: Change Chrome's Homepage and Remove Search Engine

Changing Chrome's Homepage

Chrome's homepage is still set to a malware related site. Let's get rid of that site.

  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page.
  • Once you have typed in your new home page, click Ok.
  • Look further down the page under Search .
  • Click on the box that has your current Search Provider listed and choose a different search engine other than FindWide.
  • Once you have selected your new engine, click on Manage Search Engines and delete Findwide from the list.
  • Once you have changed these 2 items, you can close the window.



Step 2: Scan with Malwarebytes Anti-Malware


Posted Image Please download Malwarebytes' Anti-Malware from Here.

  • Double Click mbam-setup.exe to install the application (Windows 7 users, right click and select Run as Administrator.)
  • Proceed through the setup
    • Choose your language
    • Accept the License Agreement
    • Select Destination Location
    • Select Start Menu Folder
    • Select Addtional Tasks
    • Click Install
    • In the Completeing the Malwarebytes Anti-Malware Setup Wizard Window
      • Uncheck Enable free trial of Malwarebytes Anti-Malware PRO
      • Keep the check mark beside Update Malwarebytes' Anti-Malware
      • Keep the check mark beside Launch Malwarebytes' Anti-Malware
    • Click Finish.
    • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan
  • Click Scan. The scan may take some time to finish,so please be patient.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.



Step 3: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 4: Scan with SecurityCheck


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Things I need to see in your next post:

  • Malwarebytes Log
  • ESET Log
  • SecurityCheck Log

  • 0

#18
robkbriggs

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Okay,
I'll get that done, and the results to you, hopefully this afternoon.
  • 0

#19
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Okay,
I'll get that done, and the results to you, hopefully this afternoon.


:thumbsup:
  • 0

#20
robkbriggs

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Okay, Here are the log files

Malware Bytes Log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.06.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Sheets :: SHEETS-PC [administrator]

1/6/2014 8:07:39 PM
mbam-log-2014-01-06 (20-07-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207997
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Sheets\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Sheets\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Sheets\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Sheets\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)


ESET Log

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ed161c159e8c59439c248267248d87c2
# engine=16541
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-07 04:02:56
# local_time=2014-01-06 10:02:56 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=517 16777213 100 93 1852084 76663784 0 0
# compatibility_mode=5893 16776573 100 94 0 140610826 0 0
# scanned=157712
# found=14
# cleaned=0
# scan_time=5676
sh=F0B9CFBEE0179C02E0F0C8664CC0BDE3ACC6F888 ft=1 fh=616b2c78f1d72fca vn="a variant of Win32/YourFileDownloader.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\uninstall.exe.vir"
sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=D6CF7460A4F696A0E053E042B09C92A7970F30BD ft=1 fh=3da28455addb719c vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=35FE2F0240B1C8B745E61AB66FC58F2640C8FA83 ft=1 fh=998c61daf10a7bdb vn="a variant of Win32/Adware.RegRevive.A application" ac=I fn="C:\Users\Sheets\Downloads\Installer_Regwork.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 11\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=984CDAA7C03EDAA48660D6F8231E233AA9AD6857 ft=1 fh=223ae04b43908e86 vn="a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\_OTL\MovedFiles\01032014_202627\C_Program Files (x86)\Yontoo\YontooIEClient.dll"
sh=7CB11DF08F39E7776B27AAD157EC0C0A2C31EB11 ft=1 fh=9754d654824b71aa vn="a variant of Win32/ExFriendAlert.B application" ac=I fn="C:\_OTL\MovedFiles\01032014_202627\C_ProgramData\TubeDimmer\IE\common.dll"
sh=57279257E733B05B254033CFED9DF0A9239A0680 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B application" ac=I fn="C:\_OTL\MovedFiles\01032014_202627\C_Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\back.js"
sh=003F9494FFC30AC3A1C1E0A6F379C3FBE049B882 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A application" ac=I fn="C:\_OTL\MovedFiles\01032014_202627\C_Users\Sheets\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\yl.js"
sh=4018A4069773FC6394EC87DF693E7A8493DF5757 ft=1 fh=16d94743ac8b3821 vn="a variant of MSIL/WebCake.B application" ac=I fn="C:\_OTL\MovedFiles\01032014_202627\C_Users\Sheets\AppData\Roaming\Yontoo\YontooDesktop.exe"


Security Check Log

Results of screen317's Security Check version 0.99.78
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.8 Adobe Reader out of Date!
Google Chrome 29.0.1547.66
````````Process Check: objlist.exe by Laurent````````
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#21
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

Thank you for the logs. I've got my next step awaiting approval, but we're getting close to ending this problem. :thumbsup:
  • 0

#22
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looking good! :thumbsup: Let's get rid of the remnants that were found.

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:Files
C:\Users\Sheets\Downloads\Installer_Regwork.exe
C:\Windows\System32\Adobe\Shockwave 11
C:\Windows\System32\Adobe\Shockwave 12\gt.exe
C:\Windows\SysWOW64\Adobe\Shockwave 11
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe

:Commands
[reboot]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.

Things I need to see in your next post:

OTL Fix Log

  • 0

#23
robkbriggs

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Here is the OTL Log

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Sheets\Downloads\Installer_Regwork.exe moved successfully.
C:\Windows\System32\Adobe\Shockwave 11\Xtras folder moved successfully.
C:\Windows\System32\Adobe\Shockwave 11 folder moved successfully.
C:\Windows\System32\Adobe\Shockwave 12\gt.exe moved successfully.
File\Folder C:\Windows\SysWOW64\Adobe\Shockwave 11 not found.
File\Folder C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 01082014_224421
  • 0

#24
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

My apologies, I missed a malware entry that should have gone into the last fix I gave you. Here's a fix to remove that last entry, and then we'll have a few details to take care of after this.

Please post the log upon completion of this.


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
IE - HKCU\..\SearchScopes\547FC3B25EFA415F8D5CE62D2D036DFB: "URL" = http://search.findwi...k={searchTerms}

:Commands
[reboot]





  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.
  • 0

#25
robkbriggs

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
No Worries, Here is the log file after the latest OTL Fix

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 01092014_000758
  • 0

Advertisements


#26
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Great news, your logs are CLEAN! :thumbsup: :) But we still have a few things we need to address namely:

  • I need to remove the tools we installed on your machine.
  • We also have some programs on your machine that need updating to help protect you in the future.


Step 1: Program Update, Enable UAC and install FileHippo


  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.


Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.


Download Filehippo Updatechecker


Enable UAC in Windows 7

  • Open User Account Control Settings by clicking the Start button and then clicking Control Panel
  • In the Search Box, type in uac and then click Change User Account Control settings.
  • To turn on UAC, move the slider to choose when you want to be notified, and then click OK.
  • If you're prompted for an administrator password or confirmation, type the password or provide confirmation.



Step 2: Delete old Restore Points and Create a New One

We're going to delete your old restore points and create a new one. We do this in case you need to do a system restore, you will have a clean restore point.

Please follow the instructions below:

  • Start OTL and copy the text in the quote box below.
  • Paste the contents into the Custom Scans/Fixes box and click the Run Fix button.
  • OTL will delete the old restore points and create a new one.

:Files
%systemroot%\sysnative\vssadmin delete shadows /for=c: /all /quiet /c

:Commands
[CreateRestorePoint]



Step 3: Tool Removal


  • Start AdwCleaner and click the Uninstall button. It will remove the quarantined files and uninstall itself.
  • You can delete Junkware Removal Tool from your desktop.
  • Start OTL and click the Cleanup button. OTL will delete it's quarantined files and then uninstall itself.
  • You can uninstall ESET Online Scanner at this time.
  • You can delete SecurityCheck from your desktop.


Step 4: Tips, Information, and Protection against CryptoLocker


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Please download and install CryptoPrevent to lock your machine down from this infection.

Posted Image


Are there any further issues I can assist you with?
  • 0

#27
robkbriggs

robkbriggs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Hi,

I think you have fixed all the issues that they were experiencing. Thank You for your help!
  • 0

#28
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Great to hear! Glad we could help you out. :thumbsup: :)
  • 0

#29
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP