[isolationary]

I'm at my "grandma's"  house (next door elderly neighbour) and she keeps getting scammers pretending to be microsoft. It looks like they highjacked her IE (even though she tries not to use it in favour of Google Chrome) but now she has a "You have malware/Critical Login Failure" window from IE up and it will not close no matter what we do. It also has a bunch of telephone numbers for "Microsoft  Support" That are definitely not Microsoft support. 

 

Her computer is running

Windows 7 Home Premium 

Service Pack 1 

32 Bit 

 

 

Thank you so much for helping me out. I thought I had gotten rid of the problem before but it's a little too insidious for me. 

 

I've attached the logs since my copypaste seems to go nuts. 

 

 

 

Ames

 

 

 

 

Attached Files

•  FRST.txt   33.28KB   167 downloads
•  Addition.txt   22.89KB   165 downloads

[Advertisements]

Hi ,



My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction, stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

 

• Step #1 Uninstall Programs
  I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
  • Ask Shopping Toolbar
  • Java 7 Update 13 [Outdated]

 

• Step #2 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --
    

    Start
    CreateRestorePoint:
    CloseProcesses:
    EmptyTemp:
    RemoveProxy:
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    AlternateDataStreams: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
    AlternateDataStreams: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
    AlternateDataStreams: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
    HKU\S-1-5-21-2236742639-3553270136-2762376138-1000\...\MountPoints2: {b764cf5e-d515-11e1-a3d7-806e6f6e6963} - D:\Setup.exe
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    2015-07-23 14:08 - 2015-07-23 14:08 - 6420480 _____ () C:\Program Files\GUT9888.tmp
    2015-09-11 16:05 - 2015-09-11 16:05 - 6420480 _____ () C:\Program Files\GUTB29C.tmp
    2015-10-05 09:34 - 2015-10-05 09:34 - 6420480 _____ () C:\Program Files\GUTFCE5.tmp
    2013-03-09 13:46 - 2013-03-09 13:46 - 0000057 _____ () C:\ProgramData\Ament.ini
    CMD: bitsadmin /reset /allusers
    End

  • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

 

• Step #3 Fix with AdwCleaner
  • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Download Link #1
    • Download Link #2
  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Option and put a tick mark on everything;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
  • Copy and Paste the contents of this log in your reply.

 

• Required Log(s):
  • FRST Fix Log
  • AdwCleaner Log

Regards,
Valinorum

[Valinorum]

Hi ,



My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction, stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

 

• Step #1 Uninstall Programs
  I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
  • Ask Shopping Toolbar
  • Java 7 Update 13 [Outdated]

 

• Step #2 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --
    

    Start
    CreateRestorePoint:
    CloseProcesses:
    EmptyTemp:
    RemoveProxy:
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    AlternateDataStreams: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
    AlternateDataStreams: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
    AlternateDataStreams: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
    HKU\S-1-5-21-2236742639-3553270136-2762376138-1000\...\MountPoints2: {b764cf5e-d515-11e1-a3d7-806e6f6e6963} - D:\Setup.exe
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    2015-07-23 14:08 - 2015-07-23 14:08 - 6420480 _____ () C:\Program Files\GUT9888.tmp
    2015-09-11 16:05 - 2015-09-11 16:05 - 6420480 _____ () C:\Program Files\GUTB29C.tmp
    2015-10-05 09:34 - 2015-10-05 09:34 - 6420480 _____ () C:\Program Files\GUTFCE5.tmp
    2013-03-09 13:46 - 2013-03-09 13:46 - 0000057 _____ () C:\ProgramData\Ament.ini
    CMD: bitsadmin /reset /allusers
    End

  • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

 

• Step #3 Fix with AdwCleaner
  • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Download Link #1
    • Download Link #2
  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Option and put a tick mark on everything;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
  • Copy and Paste the contents of this log in your reply.

 

• Required Log(s):
  • FRST Fix Log
  • AdwCleaner Log

Regards,
Valinorum

[isolationary]

Thank you so much for responding! 

 

I tried to uninstall the Ask Shopping Toolbar but it didn't show up in the list of programs to uninstall. I did uninstall the Java with no problems.

 

Here are the logfiles for ADWCleaner and FRST. 

 

Thank you, 

Ames

Attached Files

•  Fixlog.txt   3.41KB   188 downloads
•  AdwCleanerS1.txt   5.9KB   187 downloads

[Valinorum]

Is she still getting the fake alerts?