Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SW-Booster, possibly more... Adware [Solved]

swbooster sw-booster adware

  • This topic is locked This topic is locked

#16
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

don't know, it was at it for hours, then I came back and the computer was off so I figured it had finished.

ESET doesn't shut down the Computer ... Please do the scan again.
  • 0

Advertisements


#17
okiol

okiol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

i became a little bit disheartened now... i will do a second scan when it fits good, might take some time, but i'll do it in less than a week. Please don't close the thread in the meanwhile.


  • 0

#18
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
OK, forget the scan for now. I will search for another solution. I will come back with further instructions later.
  • 0

#19
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
OK, the instructions were running two scanners: Makwarebytes and ESET. Do you mean you haven't the log of ESET? What's with MBAM?
  • 0

#20
okiol

okiol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

oh yes i forgot that one... here goes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2014-04-08
Scan Time: 13:59:32
Logfile: Malwarebytes Anti-Malware.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.08.01
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Jens
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359532
Time Elapsed: 3 hr, 51 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-2523931591-3497646636-795491354-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Quarantined, [eb15c739d22e17e9c5ee9bef5da6639d], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2523931591-3497646636-795491354-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [19e71ee242bebf41e3f52165d330be42], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 5
PUP.Optional.MultiPlug.A, C:\Windows\SysWOW64\setup.exe, Quarantined, [bd43f40c38c84bb58662b55838ccaa56], 
PUP.Optional.Installrex, C:\Users\Jens\Downloads\[Go Igo Baduk Weiqi] [mafutrct] [2010.08.12] Book Collection (1).exe, Quarantined, [6f9154aca45c8779733e1b4a5ca502fe], 
PUP.Optional.Installrex, C:\Users\Jens\Downloads\[Go Igo Baduk Weiqi] [mafutrct] [2010.08.12] Book Collection.exe, Quarantined, [67997e82e31d748caa07065f867bd62a], 
PUP.Optional.Searchqu.A, C:\Users\Jens\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, Quarantined, [659b4eb2a45c31cfcaa2097e37cc15eb], 
PUP.Optional.SnapDo.A, C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://feed.snap.do/...Date=06/04/2013",), Replaced,[7a86b44c90708c7461f19ca7689cbe42]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#21
okiol

okiol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Btw as a sidenote: the adware came like those annoying add-ons connected to the dl of this: 

 

PUP.Optional.Installrex, C:\Users\Jens\Downloads\[Go Igo Baduk Weiqi] [mafutrct] [2010.08.12] Book Collection (1).exe, Quarantined, [6f9154aca45c8779733e1b4a5ca502fe]

 

But I don't think that it was actually in that file though.


  • 0

#22
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
How is your PC running?
  • 0

#23
okiol

okiol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Not sure, it's very subjective and I do different things all the time, so... Also tbh I never really push my computer to its limits nowadays anyway. It's doing good. I think it's better than before, but I couldn't say for sure. It's definately doing better than after I got the adware anyway haha.

 

Btw in your first post you talked about increasing space, and I will take your advice on that. It will just take a little bit longer than quick fixes. I have like 150 Gb assigned to a paralell installed linux that I never use, so... :)


  • 0

#24
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hello,
in my opinion your PC is clean.

We need to remove the tools we've used during cleaning your machine
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa
Please also update FireFox.

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:
  • 0

#25
okiol

okiol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

Malwarebytes Anti-Malware is blocking the file I dled, is it the correct one or did I make a mistake? jZipSetup-r341-w-bc.exe actually, it even removed it ^^


  • 0

Advertisements


#26
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
OK, if MBAM removed it, it should be removed. For the future there shouldn't be further warnings about Malware. Any questions? Or am I free to close that topic?
  • 0

#27
okiol

okiol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts

It was the javara file, I probably downloaded the wrong thing?


  • 0

#28
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Did you run the file? Please use this link here: http://www.majorgeek...r/javara,2.html You probably clicked on the wrong Download Button :S
  • 0

#29
okiol

okiol

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
# DelFix v10.6 - Logfile created 11/04/2014 at 15:40:53
# Updated 11/11/2013 by Xplode
# Username : Jens - JENS-DATOR
# Operating System : Windows 7 Home Premium  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\32788R22FWJFW
Deleted : C:\AdwCleaner
Deleted : C:\AdwCleaner[S1].txt
Deleted : C:\Users\Jens\Desktop\JRT.txt
Deleted : C:\Users\Jens\Downloads\AdwCleaner (1).exe
Deleted : C:\Users\Jens\Downloads\Extras.Txt
Deleted : C:\Users\Jens\Downloads\JRT.exe
Deleted : C:\Users\Jens\Downloads\OTL.Txt
Deleted : C:\Users\Jens\Downloads\OTL.exe
Deleted : C:\Users\Jens\Downloads\SecurityCheck.exe
Deleted : C:\Users\Jens\Downloads\SystemLook.exe
Deleted : C:\Users\Jens\Downloads\SystemLook.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #1813 [OTL Restore Point - 2014-04-08 09:48:16 | 04/08/2014 07:48:16]
Deleted : RP #1814 [Windows Update | 04/08/2014 21:39:11]
Deleted : RP #1815 [Windows Update | 04/09/2014 22:31:26]
Deleted : RP #1816 [Windows Update | 04/10/2014 22:01:24]
Deleted : RP #1817 [Windows Update | 04/11/2014 08:36:25]
Deleted : RP #1818 [Installed QuickTime 7 | 04/11/2014 10:57:16]
 
New restore point created !
 
########## - EOF - ##########
 
Yep, it was the wrong file. I ran it now without trouble.
 
Seemed like I had 3 different versions of java? :s Either way, removed all, and installed the new java.
 
I'd rather just uninstall firefox since I don't use i, either way;
 
I now have two anti virus software.Malwarebytes Anti-malware (trial), and avast! free antivirus. I should keep it at one, right?

  • 0

#30
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey :)

I should keep it at one, right?


There should be no problem running MBAM and AVAST at the same time, but if you like you can uninstall MBAM.

Keep Safe, okiol. :)
  • 0






Similar Topics


Also tagged with one or more of these keywords: swbooster, sw-booster, adware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP