Here you go!
Popup ad virus won't go away [Closed]
#16
Posted 24 March 2015 - 12:14 PM
#17
Posted 24 March 2015 - 12:49 PM
Click "File" > "Custom scripts"
A dialogue will open
Copy and paste the following script into the marked space then press run
Script for insertion :
begin SetAVZGuardStatus(True); SearchRootkit(true, true); SetServiceStart('LavasoftTcpService', 4); StopService('LavasoftTcpService'); DeleteService('SearchProtectionService'); StopService('SearchProtectionService'); TerminateProcessByName('LavasoftTcpService.exe'); BC_DeleteFile('LavasoftTcpService.exe'); BC_DeleteSvc('SearchProtectionService'); BC_DeleteSvc('LavasoftTcpService'); BC_ImportDeletedList; BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.Ensure that you copy from begin to end
#18
Posted 24 March 2015 - 01:00 PM
Done. Nothing's changed, now what?
#19
Posted 24 March 2015 - 02:02 PM
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKU\S-1-5-21-3754106926-3601097053-1584288023-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1380672 2015-01-23] (Lavasoft)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [1364392 2015-01-23] (Lavasoft Limited)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-01-23] ()
C:\Program Files (x86)\Lavasoft
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
#20
Posted 25 March 2015 - 09:35 AM
IE works fine, no popups, but I noticed something odd: I opened Spotify, and the popups appear there too for some reason.
Also, I don't know if you know what Steam is, but the viruses have taken over Steam's own browser too. I attached a (censored) photo to show you what I mean - the main page of Steam normally shows games that are on sale, but whenever I open Steam, the virus redirects me to a porn site.
After running FRST, Chrome seemed fine for a short while, until I opened Spotify to check if it was clean too. It wasn't, and now the popups are back in Chrome too.
Here's the fixlog:
#21
Posted 25 March 2015 - 09:55 AM
As from the description it appears that the malware is within Spotify and is changing the DNS settings, I should imagine that IE will also show this if you open it after Spotify
To confirm or deny this hypothesis could you uninstall Spotify then run the following fix
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\Run: [Spotify Web Helper] => C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-12] (Spotify Ltd)
2015-03-18 19:48 - 2014-10-05 15:53 - 00000000 ____D () C:\Users\Natu-ti-ti\AppData\Local\Spotify
2015-03-18 18:32 - 2014-10-05 15:52 - 00000000 ____D () C:\Users\Natu-ti-ti\AppData\Roaming\Spotify
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
#22
Posted 25 March 2015 - 11:32 AM
I always have Steam running in the background, so I ran it before I opened Spotify.
IE didn't show popups even after I had opened Spotify, which is odd.
Fixlog:
#23
Posted 25 March 2015 - 11:39 AM
Is Chrome still showing the ads
#24
Posted 25 March 2015 - 11:46 AM
No, I didn't - should I?
Right now, Chrome seems to be clean. No ads have showed up for the past 10 minutes.
Although the ads still pop up when I open Steam's own browser.
Edited by Samyaza, 25 March 2015 - 11:47 AM.
#25
Posted 25 March 2015 - 12:03 PM
#26
Posted 29 March 2015 - 12:55 PM
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
#27
Posted 30 March 2015 - 09:36 AM
#28
Posted 01 April 2015 - 02:53 AM
Popups seem to be gone. Thanks for the help!
Haven't checked my mother's computer though, I will do that later today.
Fixlog:
#29
Posted 01 April 2015 - 07:37 AM
Any further problems on your system
#30
Posted 05 April 2015 - 06:50 AM
My computer seems clean now, thank you very much for the help.
I haven't checked my mother's computer myself, but she said she hasn't gotten popups either for some time now. So it seems to be fine.
However, my tablet (Samsung Galaxy Note 10.1) is still acting a bit weird. Sometimes, when using Chrome on it, I get redirected to odd pages telling me my tablet is infected and stuff, and pressing back won't help because I'll just get redirected again. I cleaned all cookies and browsing history, but the problem persists. What's odd, is that the problem only occurs when I'm using our home wifi, and when I turn it off and use mobile data, everything's fine.
Edited by Samyaza, 05 April 2015 - 06:50 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users