Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

v9 infection [Solved]

v9 snap.do ads

  • This topic is locked This topic is locked

#31
weightdriven

weightdriven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

  • 0

Advertisements


#32
weightdriven

weightdriven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

The ESET window showed 19 infected files, but the log was just those three lines. 


  • 0

#33
weightdriven

weightdriven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here's the list:
 
C:\AdwCleaner\Quarantine\C\Program Files\Shop For Rewards\jvwn64.dll.vir Win64/Toolbar.Perion.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkedlkfabdindighkfjmndokfilfgchp\1.7\x4mJ8uOTcN.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Missdelaneyis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkedlkfabdindighkfjmndokfilfgchp\1.7\x4mJ8uOTcN.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\dsrvprn.exe.vir Win64/Toolbar.Perion.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan
C:\FRST\Quarantine\C\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc\107\Wqy.js JS/Kryptik.ATB trojan
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPTool64.exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll a variant of Win64/Conduit.SearchProtect.A potentially unwanted application
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\SPTool.dll a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\uninstall.exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\Holly\AppData\Local\DockPathRemote\DockPathRemote.exe Win32/Adware.Pirrit.L application
C:\Users\Holly\AppData\Local\DockPathRemote\SrDt.exe Win32/NetToolDetect.A potentially unwanted application
C:\Users\Holly\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Missdelaneyis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc\107\Wqy.js JS/Kryptik.ATB trojan
C:\Windows\System32\GUIMacroRepository\GUIMacroRepository.exe Win32/Adware.Pirrit.K application
C:\Windows\SysWOW64\GUIMacroRepository\GUIMacroRepository.exe Win32/Adware.Pirrit.K application

  • 0

#34
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi there. Thanks for the ESET log, highlighted a few things remaining that we can quickly deal with :D

Firstly

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached [attachment=74015:fixlist.txt] and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Then
Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machineThe program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

We need to uninstall a program
Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Select the following programs from the list below, one at a time and click Uninstall.Delete the following Files and Folders (If Present):
C:\Program Files (x86)\ESET
Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.



Keep your machine updated

Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


To enable automatic updates:

Windows 7
To turn on Automatic Updates yourself, follow these steps:It is recommended to install an anti-malware to help prevent reinfection.
Below are some free ones that can help keep you clean.

Malwarebytes AntiMalware

As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
Consider purchasing the full version for active monitoring of threats.

java.jpgJAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to update your Java, follow the instructions below:

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Update Adobe Flash Player

NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.Update Other Programs

Alongside keeping Windows updated, other programs installed on your computer should also be kept current as they too can introduce security risks.

Filehippo Update Checker will scan your computer for out of date programs and provide download links for the updates. This is worth doing on a regular basis.

Cryptolocker Warning
Go here for information about CryptoLocker Ransomeware.
The main thing with this infection is ~ Backup.
If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.

Recommended Programs
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.

Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

General Advice

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:delfix-select.png
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
  • Click Run
  • ESET Online Scanner
  • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
  • In the left pane, click Change settings.
  • Select the option that you want.
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.
  • For Firefox, install the NoScript add-on.
  • For Chrome, install the ScriptNo add-on.
    -->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
  • Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)
  • Please click here to go to the FlashPlayer Installation page.
  • In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
    • Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.
  • In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
  • Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
  • Close the browser and all open windows.
  • Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.
  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

  • 0

#35
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

I do apologise, my post was mixed up

FRST Fix

If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached [attachment=74016:fixlist.txt]and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Good news, it looks like your system is now clean. A good workman cleans up after himself so let's now attend to that :D

    Tool Removal

    We need to remove the tools we've used during cleaning your machine
    • Download Delfix from here
    • Ensure Remove disinfection tools is ticked
      Also tick:
      • Activate UAC
      • Create registry backup
      • Purge system restore
      • Reset System Settings
      delfix-select.png
    • Click Run
    • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

      We need to uninstall a program
      Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
      Select the following programs from the list below, one at a time and click Uninstall.
      • ESET Online Scanner
      Delete the following Files and Folders (If Present):
      C:\Program Files (x86)\ESET
      Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.



      Keep your machine updated

      Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


      To enable automatic updates:

      Windows 7
      To turn on Automatic Updates yourself, follow these steps:
      • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
      • In the left pane, click Change settings.
      • Select the option that you want.
      • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.
      It is recommended to install an anti-malware to help prevent reinfection.
      Below are some free ones that can help keep you clean.

      Malwarebytes AntiMalware

      As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

      The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
      Consider purchasing the full version for active monitoring of threats.

      java.jpgJAVA Advice
      WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
      See this article and this article.
      I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
      In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:
      • For Firefox, install the NoScript add-on.
      • For Chrome, install the ScriptNo add-on.
        -->IMPORTANT<--: After installing the add-ons you will need to tell them that the site you are visiting is allowed to run Javascript. If you don't, the sites won't work properly. Or not at all. You can go to the NoScript home page here to learn how to use the add-on.
      • Disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)
      If you still want to update your Java, follow the instructions below:

      If you do need to keep Java then download JavaRa
      Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
      Once done then run it again and select Update Java runtime > Download and install Latest version
      javara.JPG


      Update Adobe Flash Player

      NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.
      • Please click here to go to the FlashPlayer Installation page.
      • In the first column, Adobe Flash Player, make sure the system version (64bit) and the browser are correct.
        • Note: If you use IE and other browsers you will need to install both Flash Player for IE and Flash Player for Other Browsers.
      • In the middle column, Optional offer:, UNCHECK the box next to Yes, install free McAfee Security Scan Plus
      • Click the Install now button. A download window for the install_flashplayer15x64_mssd_aaa_aih.exe file will open. Save it to the desktop.
      • Close the browser and all open windows.
      • Back on the desktop, right click the install_flashplayer15x64_mssd_aaa_aih.exe file and click Run as Administrator to install Flash Player.
      Update Other Programs

      Alongside keeping Windows updated, other programs installed on your computer should also be kept current as they too can introduce security risks.

      Filehippo Update Checker will scan your computer for out of date programs and provide download links for the updates. This is worth doing on a regular basis.

      Cryptolocker Warning
      Go here for information about CryptoLocker Ransomeware.
      The main thing with this infection is ~ Backup.
      If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.

      Recommended Programs
      Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
      CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system.
      Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.

      Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

      General Advice
      • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
      • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
      • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
      • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

  • 0

#36
weightdriven

weightdriven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Holly at 2014-11-28 18:28:59 Run:4
Running from C:\Users\Holly\Desktop
Loaded Profiles: Holly & Missdelaneyis (Available profiles: Holly & Missdelaneyis)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPTool64.exe
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32.dll
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64.dll
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\SPTool.dll
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\uninstall.exe
C:\Users\Holly\AppData\Local\DockPathRemote
C:\Users\Holly\Downloads\ccsetup500.exe
C:\Users\Missdelaneyis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc\107\Wqy.js
C:\Windows\System32\GUIMacroRepository\GUIMacroRepository.exe
C:\Windows\SysWOW64\GUIMacroRepository\GUIMacroRepository.exe
end
*****************
 
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPTool64.exe => Moved successfully.
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32.dll => Moved successfully.
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC32Loader.dll => Moved successfully.
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64.dll => Moved successfully.
C:\Program Files (x86)\LenovoBrowserGuard\LenovoBrowserGuard\bin\SPVC64Loader.dll => Moved successfully.
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\SPTool.dll => Moved successfully.
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\uninstall.exe => Moved successfully.
C:\Users\Holly\AppData\Local\DockPathRemote => Moved successfully.
C:\Users\Holly\Downloads\ccsetup500.exe => Moved successfully.
C:\Users\Missdelaneyis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc\107\Wqy.js => Moved successfully.
"C:\Windows\System32\GUIMacroRepository\GUIMacroRepository.exe" => File/Directory not found.
C:\Windows\SysWOW64\GUIMacroRepository\GUIMacroRepository.exe => Moved successfully.
 
==== End of Fixlog ====

  • 0

#37
weightdriven

weightdriven

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
# DelFix v10.8 - Logfile created 28/11/2014 at 18:46:09
# Updated 29/07/2014 by Xplode
# Username : Holly - LENOVO
# Operating System : Windows 8.1  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\Users\Holly\Desktop\FRST64.exe
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #12 [Windows Update | 11/01/2014 20:28:14]
Deleted : RP #13 [Windows Update | 11/13/2014 19:48:46]
Deleted : RP #15 [Checkpoint by HitmanPro | 11/15/2014 01:45:59]
Deleted : RP #17 [Restore Point before Snap.Do was removed using Program Install and Uninstall troubleshooter | 11/22/2014 14:00:36]
Deleted : RP #19 [Windows Update | 11/27/2014 00:32:35]
Deleted : RP #21 [Windows Defender Checkpoint | 11/28/2014 14:32:14]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#38
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Excellent. That's it you are all done.

 

Safe surfing and thank you for seeing it through to the end. :D


  • 0

#39
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: v9, snap.do, ads

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP