Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware.DealPly - Ads by Browser Shop - alerts "from" Norton, J

Adware.DealPly Browser Shop

  • This topic is locked This topic is locked

#31
ArielAZ

ArielAZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Yes, I think this has been happening exclusively in Chrome. I haven't used any other browsers lately, except for the time or two that I used IE as a part of getting this issue dealt with.

 

I've removed and re-installed Chrome. Now I have a very old set of bookmarks, though -- still useful ones, but not the ones from the last year or two. I suppose these bookmarks were tied to the gmail address (which I allowed Chrome to associate with the new installation of Chrome). 

 

Is there any easy way to combine the two lists of bookmarks without a lot of duplication? Many of the bookmark folders and sub-folders will have the same names.

 

I'll post the log next.


  • 0

Advertisements


#32
ArielAZ

ArielAZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by modar_000 at 2015-01-28 14:24:51 Run:2
Running from C:\Users\modar_000\Desktop
Loaded Profiles: modar_000 (Available profiles: DAVE & modar_000)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
Createrestorepoint:
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll
C:\Users\DAVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\182\smJt.js
C:\Users\modar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\182\smJt.js
C:\Users\modar_000\Downloads\adobe_flash_setup.exe
C:\Users\modar_000\Downloads\ReimageRepair.exe
I:\FileHistory\modar_000\NEPTUNE\Data\C\Users\modar_000\Downloads\adobe_flash_setup (2015_01_20 22_58_09 UTC).exe
I:\FileHistory\modar_000\NEPTUNE\Data\C\Users\modar_000\Downloads\Java (2015_01_23 23_34_04 UTC).exe
I:\FileHistory\modar_000\NEPTUNE\Data\C\Users\modar_000\Downloads\Java (2015_01_28 01_45_45 UTC).exe"
I:\FileHistory\modar_000\NEPTUNE\Data\C\Users\modar_000\Downloads\MyScrapNookSetup2.5.14.83.pd^9N^xdm002^YYA^us.CJGW19rB470CFcyTfgodLCsAEg (2015_01_20 22_58_09 UTC).exe
I:\FileHistory\modar_000\NEPTUNE\Data\C\Users\modar_000\Downloads\ReimageRepair (2015_01_20 22_58_09 UTC).exe
End
*****************
 
Restore point was successfully created.
"C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\chrome.dll" => File/Directory not found.
C:\Users\DAVE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\182\smJt.js => Moved successfully.
C:\Users\modar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\182\smJt.js => Moved successfully.
C:\Users\modar_000\Downloads\adobe_flash_setup.exe => Moved successfully.
C:\Users\modar_000\Downloads\ReimageRepair.exe => Moved successfully.
I:\FileHistory\modar_000\NEPTUNE\Data\C\Users\modar_000\Downloads\adobe_flash_setup (2015_01_20 22_58_09 UTC).exe => Moved successfully.
I:\FileHistory\modar_000\NEPTUNE\Data\C\Users\modar_000\Downloads\Java (2015_01_23 23_34_04 UTC).exe => Moved successfully.
I:\FileHistory\modar_000\NEPTUNE\Data\C\Users\modar_000\Downloads\Java (2015_01_28 01_45_45 UTC).exe => Moved successfully.
I:\FileHistory\modar_000\NEPTUNE\Data\C\Users\modar_000\Downloads\MyScrapNookSetup2.5.14.83.pd^9N^xdm002^YYA^us.CJGW19rB470CFcyTfgodLCsAEg (2015_01_20 22_58_09 UTC).exe => Moved successfully.
I:\FileHistory\modar_000\NEPTUNE\Data\C\Users\modar_000\Downloads\ReimageRepair (2015_01_20 22_58_09 UTC).exe => Moved successfully.
 
==== End of Fixlog 14:25:00 ====

  • 0

#33
ArielAZ

ArielAZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

To answer your other question: Yes, the problem with the ads is a lot better since removing and re-installing Chrome just now. I no longer see the HUGE proliferation of static ads and video ads by Browser Shop. However, when I arrived on this forum to post these replies, I was seeing several ads by AdChoices on each page. Now I don't see those ads, either, but I don't know what would have changed on my system during my few minutes here.


  • 0

#34
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Is there any easy way to combine the two lists of bookmarks without a lot of duplication? Many of the bookmark folders and sub-folders will have the same names.


I'm really not sure of an easy way to do that. I would think it would just add in the ones from the backup upon importation without duplicating them, but I'm not positive of that.

To answer your other question: Yes, the problem with the ads is a lot better since removing and re-installing Chrome just now. I no longer see the HUGE proliferation of static ads and video ads by Browser Shop. However, when I arrived on this forum to post these replies, I was seeing several ads by AdChoices on each page. Now I don't see those ads, either, but I don't know what would have changed on my system during my few minutes here.


That's great news! Regarding the ads on our site: Those ads appear to visitors who do not have an account with us. You would see them until you logged in under your account and that eliminates them from your sight. :)

If everything is running to your satisfaction, please let me know and I'll begin my cleanup procedures. :thumbsup:
  • 0

#35
ArielAZ

ArielAZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Yes, it's pretty great news all right! Thank you so much for all of your help. It's been great working with you. You've given excellent, clear, patient advice and instructions. :) Everything's shiny.


  • 0

#36
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Yes, it's pretty great news all right! Thank you so much for all of your help. It's been great working with you. You've given excellent, clear, patient advice and instructions. :) Everything's shiny.


You're quite welcome, it's my pleasure. :) Let's clear away my tools, and then create a new, clean restore point on your machine. I also have some tips and information and protection from a hideous ransomware program called CryptoLocker.


Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Step 3: Protection Against CryptoLocker

A warning about CryptoLocker

CryptoLocker is a ransomware program that was released around the beginning of September 2013 that targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

The main thing with this infection is ~ Backup.
If you're using an external hard drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever do come across it.


Please download and install CryptoPrevent to lock your machine down from this infection.

CryptoPrevent_zps1a3866db.jpg


Things I need to see in your next post

Delfix Log

  • 0

#37
ArielAZ

ArielAZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Yes, I plan to use my external hard drive for backups going forward. Performed one after the infection. I've removed that hard drive from my system now (per your advice). Should I plug it back in before performing the creation of the restore point tomorrow? I don't expect to be back on much at all this evening.


  • 0

#38
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Yes, I plan to use my external hard drive for backups going forward. Performed one after the infection. I've removed that hard drive from my system now (per your advice). Should I plug it back in before performing the creation of the restore point tomorrow? I don't expect to be back on much at all this evening.


If you performed one after the infection was on your machine, then you'll need to delete that backup and create a new one. Windows doesn't really care what it backs up, infections included. :)

As for plugging it back in before the new restore point is created, no need to. If that drive is used strictly for backups, it shouldn't have restore points on it. But I would definitely perform a backup after running the last steps, now that the machine is clean. Then safely store the drive. :thumbsup:

Also, thank you for your kind words in the Feedback thread. :)
  • 0

#39
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#40
ArielAZ

ArielAZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

I downloaded DelFix and started to run it as Administrator, with the three items ticked that you suggested. Almost immediately, it came back with an Application Error message box: Exception EAccessViolation in module ERUNT.exe at 00003A62. Access violation at address 00403A62 in module 'ERUNT.exe'. Read of address 0069005C.


  • 0

Advertisements


#41
ArielAZ

ArielAZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

However, I found that DelFix was still running. It finished and asked what I wanted the log file saved as. So I logged back in here to verify that you'd said to use Notepad for the log file. When I went back to find the window for DelFix, it had disappeared. Can I just run DelFix over again?


  • 0

#42
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Ok, disable your anti virus and try running it again. If it fails again, uncheck the Create Registry Backup box and attempt it one more time. If it still fails, please let me know.
  • 0

#43
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
That's ok, if it ran to completion successfully, you'll not see any of the tools we used on your desktop anymore. If you do, then run it again. :thumbsup:
  • 0

#44
ArielAZ

ArielAZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
It did throw another error message the second time, so I ran it the third time (with Create Registry Backup unchecked). I do see Resume Reimage Repair Installation as an icon on my desktop, and I'm wondering about it.
 
Here's the DelFix log from the third run --
 
# DelFix v10.8 - Logfile created 12/02/2015 at 11:59:40
# Updated 29/07/2014 by Xplode
# Username : modar_000 - NEPTUNE
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
 
~ Cleaning system restore ...
 
Deleted : RP #58 [End of disinfection | 02/12/2015 18:54:48]
 
New restore point created !
 
########## - EOF - ##########

  • 0

#45
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

It did throw another error message the second time, so I ran it the third time (with Create Registry Backup unchecked). I do see Resume Reimage Repair Installation as an icon on my desktop, and I'm wondering about it.


Ok, the log looks good. :thumbsup:

However, the Reimage Repair Installation is one of those system optimizers that aren't worth the code that their written in. Please uninstall that program from your machine and let me know that it went ok. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP