Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Tikotin, Shopping Helper Smartbar and Multiple Popups on PC


  • Please log in to reply

#16
frobey

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Hi Joe,

 

Chrome browser still comes up with Tikotin home page even thought the startup page is set to www.google.com

 

There was a message from CHrome saying it had disabled an extension called Krab Web

 

The popups seemed to have stopped so that's a good thing!!

 

Frank


  • 0

Advertisements


#17
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Hello Frank,

Lets try resetting chrome,
Please follow these instructions here to reset chrome.

Try that and let me know.

Krab Web is an adware program, that displays pop-up ads and advertisements on web pages that you visit. Thought we removed that.

Thanks
Joe :)
  • 0

#18
frobey

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Resetting Chrome seemed to fix that...I also went into extensions and deleted krab web and another one that was in there...

 

PC seems to be working much better....he was also having issues with his Outlook email and that seems to be better as well...

 

YAHOOOOO :-)

 

Anything else I should check? IE seems OK as well...

 

Frank


  • 0

#19
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Yes a bit more to do,

We need to run an Online Scan called ESET. Warning this scan could take a while so run it when your done with the computer for the nite. I'll look at the results and take it from there. Then we will clean up the tools we used and I'll let you go

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Thanks
Joe :)
  • 0

#20
frobey

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Hi Joe,

 

I ran the scanner and it found 19 "Infected files", yet the log file doesn't have much in it

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

 

Before I uninstalled the app I wanted to see if there's another log file I should be sending you...

 

I found this under "List of found threats"

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe.vir Win32/SpeedBit.B.gen potentially unwanted application
C:\FRST\Quarantine\C\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdijnalfcndckfbhkjakjoekpfojjilg\1.0.1_0\background.js Win32/BrowseFox.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\bobramsay\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdijnalfcndckfbhkjakjoekpfojjilg\1.0.1_0\content.js Win32/BrowseFox.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\bobramsay\AppData\Local\Temp\ConsumerInputSetup.exe.xBAD Win32/Compete.A potentially unwanted application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\OpenSoftwareUpdater\spnocrc.exe Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\bobramsay\AppData\Local\nshD30D.tmp Win32/AnyProtect.F potentially unwanted application
C:\Users\bobramsay\AppData\Local\nsj92E9.tmp Win32/AnyProtect.F potentially unwanted application
C:\Users\bobramsay\AppData\Roaming\BTOSQF JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\bobramsay\AppData\Roaming\CYHPK JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\bobramsay\AppData\Roaming\HGGI JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\bobramsay\AppData\Roaming\OQERG JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\bobramsay\AppData\Roaming\PDFU JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\bobramsay\AppData\Roaming\QOILJM JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Public\Temp\3B1A1F69BCD045A4A0DDC601F9F86B7C\setup.exe multiple threats
C:\Users\Public\Temp\9E17C533813A48EFAAA673829CBA15C6\setup.exe Win32/OutBrowse.AO potentially unwanted application
C:\Users\Public\Temp\BDC1A106813D461C80047C596F453F12\setup.exe a variant of Win64/BrowseFox.AU potentially unwanted application
C:\Users\Public\Temp\CAA429C6F87C4CABB6616999E1D09D43\setup.exe a variant of Win32/Amonetize.BQ potentially unwanted application

 


  • 0

#21
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Hello,

There are some minor things in your online scan that should be removed.

delete files
  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Program Files (x86)\OpenSoftwareUpdater\spnocrc.exe"
    rd /s /q "C:\Users\bobramsay\AppData\Local\nshD30D.tmp"
    rd /s /q "C:\Users\bobramsay\AppData\Local\nsj92E9.tmp"
    rd /s /q "C:\Users\bobramsay\AppData\Roaming\CYHPK JS/Toolbar.Crossrider.C"
    rd /s /q "C:\Users\bobramsay\AppData\Roaming\HGGI JS/Toolbar.Crossrider.C"
    rd /s /q "C:\Users\bobramsay\AppData\Roaming\OQERG JS/Toolbar.Crossrider."
    rd /s /q "C:\Users\bobramsay\AppData\Roaming\PDFU JS/Toolbar.Crossrider.C"
    rd /s /q "C:\Users\bobramsay\AppData\Roaming\QOILJM JS/Toolbar.Crossrider.C"
    rd /s /q "C:\Users\bobramsay\AppData\Roaming\BTOSQF JS/Toolbar.Crossrider.C"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.
Next

Clean out your temporary internet files and temp files.

Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the cleaning process.
  • Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
  • Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Next remove all our tools an logs

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.
Post the delfix log in your next reply.

Thanks
Joe :)
  • 0

#22
frobey

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Delfix.txt file

 

# DelFix v10.8 - Logfile created 22/10/2014 at 21:34:57
# Updated 29/07/2014 by Xplode
# Username : bobramsay - WINDOWS-E4ELKUL
# Operating System : Windows 8.1  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\bobramsay\Desktop\FRST-OlderVersion
Deleted : C:\Users\bobramsay\Desktop\Addition.txt
Deleted : C:\Users\bobramsay\Desktop\AdwCleaner.exe
Deleted : C:\Users\bobramsay\Desktop\Extras.Txt
Deleted : C:\Users\bobramsay\Desktop\Fixlog.txt
Deleted : C:\Users\bobramsay\Desktop\FRST.txt
Deleted : C:\Users\bobramsay\Desktop\FRST64.exe
Deleted : C:\Users\bobramsay\Desktop\JRT.exe
Deleted : C:\Users\bobramsay\Desktop\JRT.txt
Deleted : C:\Users\bobramsay\Desktop\OTL.Txt
Deleted : C:\Users\bobramsay\Desktop\OTL.exe
Deleted : C:\Users\bobramsay\Desktop\Result.txt
Deleted : C:\Users\bobramsay\Desktop\TFC.exe
Deleted : C:\Users\bobramsay\Downloads\adwcleaner_4.000.exe
Deleted : C:\Users\bobramsay\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #5 [Scheduled Checkpoint | 10/01/2014 06:24:40]
Deleted : RP #6 [Scheduled Checkpoint | 10/09/2014 12:16:11]
Deleted : RP #7 [Windows Update | 10/15/2014 06:23:35]
Deleted : RP #8 [Windows Update | 10/21/2014 23:20:20]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#23
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
And,

Tell your friend,

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here

Thanks
Joe :)
  • 0

#24
frobey

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Thanks for all your help!! I'll send him that link, thanks. I'll also be telling him if he does it again he's going to need to figure out how to clean it himself :-)

 

One last question, under the "Action Center" (little flag in the taskbar) there is a message "Click here to enter your most recent password (Important)" is that a bogus alert or something still hiding on the system somewhere?


  • 0

#25
frobey

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Was just checking Programs under control panel and the Shopping Helper Smartbar and Shopping Helper Smartbar Engine are still in there, does that matter?


  • 0

Advertisements


#26
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
That's a windows 8 issue, it's not Malware. There's some discussion about it on the link below. I did not see a direct solution or the reason it comes up like that.

See Here

Yes. I forgot about Shopping Helper Smartbar and Shopping Helper Smartbar Engine Let me see what we can do there.



Thanks
Joe :)
  • 0

#27
frobey

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Thanks, it is now ignored and has gone away.


  • 0

#28
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
What error do you get when you try to uninstall..... Shopping Helper Smartbar and Shopping Helper Smartbar Engine
  • 0

#29
frobey

frobey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Same as before, for Shopping helper Smartbar a Windows Installer box pops up that says "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, etc.)" The source it wants to use is an .msi file that was in a temp directory.

 

Trying to uninstall Shopping Helper Smartbar engine it just briefly flashes and then nothing happens.

 

I found this as a "tip" to get rid of stuck programs like this but editing the registry always makes me cringe :-)

 

http://www.windows-s...emove-programs/


  • 0

#30
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,806 posts
Yes. It's a registry edit. I'm not sending you into the registry. A broken registry is a broken Windows.

Those entries are under this key.

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall]
"Shopping Helper Smartbar"
"Shopping Helper Smartbar Engine"

I'll get a fix for you for that. I need to confirm the fix is correct also. I may not get back to you tonite. We may need to redownload OTL. I'll let you know.

Thanks
Joe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP