Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware or Malware, getting bad, personal information could be comprom


  • This topic is locked This topic is locked

#76
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets manually remove it now

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5199592 2015-10-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2015-10-06]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5199592 2015-10-06] (SoftEther VPN Project at University of Tsukuba, Japan.)
C:\Program Files\SoftEther VPN Client
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

Advertisements


#77
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Here are my logs. I am still getting pops ups still sadly. :(

Attached Files


  • 0

#78
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are these MBAM alerts or actual ad popups ?

Are any other computers in the house experiencing the same problems

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#79
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Will edit here in a bit once i finish the fix. The pop ups only happen when I click in browsers, and malwarebytes is blocking ports outbound, i'm sure i would have more pop ups happening without it. I also bring my laptop to work and no other computers have this issue. So using another internet, everything happens the same, even with windows update. :(

Attached Files


Edited by Destiny000, 10 December 2015 - 01:37 PM.

  • 0

#80
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So you still get the popups at work
  • 0

#81
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Fix list is in earlier post. And yes even at work. Wherever I go, no matter what internet I use. :( Would uninstalling all browsers then reinstalling do something do you think? I have bookmarks in oprah and firefox, not sure how i save those since the browsers are different than chrome. When malwarebytes shows it is blocking, you remember how it says chrome is sending it, well it changes depending on browser so if i close chrome and use oprah then malwarebytes says oprah is sending. Oh and i also don't get actual pop ups in oprah. . . . . . . never mind. They are now finally happening.


Edited by Destiny000, 10 December 2015 - 02:03 PM.

  • 0

#82
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes that would be one way to go as I cannot see what is causing the problem.. Although adware is getting very smart now and actually subverting some browser files

When you uninstall/reinstall the browsers ensure that none are set to synchronise with online data as that could re-install the problem
  • 0

#83
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

How do I do that with chrome so it doesn't auto sync it with being windows 10? Also how do I somehow save my bookmarks in the various browsers? Is this possible?

 

Also is there actually a separate file online for downloading microsoftedge aside from having to download and install windows 10?

 

And i know there are some programs that when uninstalling it checks to see if there are any remainder files remaining after the installation that it can then delete if user chooses too. Would this be a good idea?

 

Do you know of any newer browsers that have been made that combat more browser based malware?


Edited by Destiny000, 10 December 2015 - 03:38 PM.

  • 0

#84
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Edge is fairly safe at the moment as it is new. With regards to full removal you could use something like revo uninstaller http://www.revounins...e_download.html

There should be an export bookmark function in all browsers

I have instructions for removing Chrome


1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.

Firefox has details here https://support.mozi...m-your-computer

For IE go to Control Panel > Internet Options > Advanced and click reset
  • 0

#85
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

I'm guessing the reset button at the bottom is the "stop and clear button" since there was no actually button saying that, only a reset button. That cleared all my data it said.

 

Also I used that program to run a scan just to see what it would find. I took pictures and have not done anything. I have added pics. Are any of these files/types safe to delete?

Attached Thumbnails

  • tmp 1.jpg
  • tmp 2.jpg
  • tmp 3.jpg
  • tmp 4.jpg
  • tmp 5.jpg
  • tmp 6.jpg
  • tmp 7.jpg
  • tmp 8.jpg
  • tmp 9.jpg
  • tmp 10.jpg

Edited by Destiny000, 10 December 2015 - 05:58 PM.

  • 0

Advertisements


#86
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Aye they are all temp files and safe to remove


  • 0

#87
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Ok Just letting you know. I have not had any pop ups at all thus far. I have not reinstalled any other browsers yet. I may do just opera. I will see what happens int he next few days. Thanks! :)


  • 0

#88
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this was a weird one... I believe it is related to Chrome, keep me informed please
  • 0

#89
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

I think I had one pop up in Microsoft edge. Went to check statements in online banking and when sent url to go to it, another page opened  for a telus net survey winner. 0.o


Edited by Destiny000, 11 December 2015 - 11:25 AM.

  • 0

#90
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Is Telus your ISP ?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP