Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus on Acer Laptop [Solved]

virus removal

  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that means that Chrome is infected so we will need to uninstall and then re-install. Once done let me know how it is behaving

Re-install Chrome

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.
  • 0

Advertisements


#17
bjgran123

bjgran123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

ARGGGHHH -- having lots of trouble with this one.

 

Keeps redirecting me to other sites or telling me the page isn't available. I'm going to keep trying.

Must try and keep my sense of humor...LOL

Beverly G. 


  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Which browser is this in ?

If it is chrome then just uninstall it and use IE

Then run a fresh FRST scan for me please
  • 0

#19
bjgran123

bjgran123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Hi again, Essexboy:

Yes, I think you're right perhaps. Keep getting ads that redirect me....

So, I uninstalled Chrome and will attach latest FRST log...

Thanks,

Beverly

Attached Files


  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Even in that short time it managed to install extra rubbish

We will look at re-installing Chrome later

After the FRST fix and reboot, run AdwCleaner again

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StormWatch] => "C:\Program Files (x86)\StormWatch\StormWatchApp.exe"
HKU\S-1-5-21-1549872881-2707188407-3888870972-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-07-03] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1549872881-2707188407-3888870972-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
2015-04-03 08:49 - 2015-04-03 08:49 - 01577472 _____ () C:\Users\Sandra\AppData\Roaming\BQZfKpZPMfIXjscCFb7UN04h8KC.exe
2015-04-02 07:34 - 2015-04-02 20:29 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-01 20:34 - 2015-04-03 07:34 - 00001346 _____ () C:\WINDOWS\Tasks\disco_savings_notification_service.job
2015-04-01 20:34 - 2015-04-02 20:30 - 00001042 _____ () C:\WINDOWS\Tasks\BQZfKpZPMfIXjscCFb7UN04h8KC.job
2015-04-01 20:34 - 2015-04-02 20:29 - 00000708 _____ () C:\WINDOWS\Tasks\disco_savings_updating_service.job
2015-04-01 20:34 - 2015-04-01 20:34 - 00004340 _____ () C:\WINDOWS\System32\Tasks\disco_savings_notification_service
2015-04-01 20:34 - 2015-04-01 20:34 - 00004044 _____ () C:\WINDOWS\System32\Tasks\BQZfKpZPMfIXjscCFb7UN04h8KC
2015-04-01 20:34 - 2015-04-01 20:34 - 00003702 _____ () C:\WINDOWS\System32\Tasks\disco_savings_updating_service
2015-04-01 20:34 - 2015-04-01 20:34 - 00000000 ____D () C:\Program Files (x86)\disco savings
2015-04-01 20:29 - 2015-04-02 20:27 - 00000000 ____D () C:\Program Files (x86)\74f41bbe-a969-4bd2-86a7-0ec7d4920547
2015-04-01 20:28 - 2015-04-01 20:28 - 00819144 _____ (Google Inc.) C:\Users\Sandra\Desktop\chrome_installer.exe
2015-04-01 20:26 - 2015-04-01 20:26 - 00000064 _____ () C:\Users\Sandra\AppData\Local\6901648b8c35b3ba1360076fbf5f9d99
2015-04-01 20:26 - 2015-04-01 20:26 - 00000000 ____D () C:\Program Files (x86)\user extensions
2015-04-01 20:25 - 2015-04-01 20:25 - 00000000 ____D () C:\ProgramData\{73959B56-2317-4AD0-9291-3A524213E9DC}
2015-03-31 03:14 - 2015-03-31 03:14 - 00005655 _____ () C:\Users\Sandra\AppData\Roaming\BQZfKpZPMfIXjscCFb7UN04h8KC
2015-03-11 09:34 - 2015-02-06 18:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-31 03:14 - 2015-03-31 03:14 - 0005655 _____ () C:\Users\Sandra\AppData\Roaming\BQZfKpZPMfIXjscCFb7UN04h8KC
2015-04-03 08:49 - 2015-04-03 08:49 - 1577472 _____ () C:\Users\Sandra\AppData\Roaming\BQZfKpZPMfIXjscCFb7UN04h8KC.exe
2015-04-01 20:26 - 2015-04-01 20:26 - 0000064 _____ () C:\Users\Sandra\AppData\Local\6901648b8c35b3ba1360076fbf5f9d99
C:\Program Files (x86)\StormWatch
C:\Program Files (x86)\Itibiti Soft Phone
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
C:\Program Files (x86)\StormWatch
C:\Program Files (x86)\Itibiti Soft Phone
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#21
bjgran123

bjgran123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

OK...Essexboy...

What now?

Thanks,

BeverlyAttached File  Fixlog.txt   10.9KB   212 downloads


  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the next question is .... How is the computer behaving now ?
  • 0

#23
bjgran123

bjgran123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Seems to be working fine, Mr. Guru!

Can I reinstall Chrome now?

Later,

Beverly


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes re-install chrome now and let me know how it is behaving once done, let me know of any problems at all
  • 0

#25
bjgran123

bjgran123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Seems to be behaving fine, Essexboy....is there anything else I should do?

I will send payment tomorrow.

Thanks so very much for helping me once again...

Beverly G.


  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The only remaining task now is to tidy you up and remove my rubbish :)

Then boost your security so that you do not have to go through this again

In this post is my idealised security for a general users computer http://www.geekstogo...m-slowly/page-2post 18. It is fairly light and gives good coverage, if you use the web just for basic surfing and e-mail, along with downloading the odd game or two :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: virus, removal

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP