Jump to content

Conspire

Trusted Malware Techs
  • Content Count

    684
  • Joined

  • Last visited

Everything posted by Conspire

  1. Yes you can remove them.
  2. Very well. You're good to go. Follow these steps to uninstall Combofix [*]Click START then RUN [*]Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there. Combofix /Uninstall =================================================== Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred. -------------------------------------------------------------------------------------------------------------- MICROSOFT UPDATES It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. Passwords It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe. SPYWARE PREVENTION This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles: [*] [*]How Did I Get Infected In The First Place? by TonyKlein [*]How to Prevent Malware by miekiemoes [*]PC Safety and Security--What Do I Need? To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: [*]Green to go [*]Yellow for caution [*]Red to stop WOT has an add-on available for both Firefox and IE. [*]SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here [*]MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here [*]Download Host.zip and Save it to your Desktop. [*]Right-click hosts.zip and select 'Extract all files' or 'Extract files...'. [*]Follow the prompts and click 'Finish'. [*]This will open the newly created hosts folder on your Desktop. [*]Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. [*]Once updated you should see another prompt that the task was completed. Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically. Hopefully this should take care of your problems! Good luck. Do you have any questions or problems to ask? Please do not hesitate to do so. **Please respond this one more time to ensure it is resolved and close this topic.
  3. What unwanted files that you wish to remove?
  4. How is it running so far?
  5. I'd like you to run DDS again for review after running the steps below. -AdwCleaner- Please download AdwCleaner by Xplode onto your desktop. [*]Close all open programs and internet browsers. [*]Double click on AdwCleaner.exe to run the tool. [*]Click on Delete. [*]Confirm each time with Ok. [*]Your computer will be rebooted automatically. A text file will open after the restart. [*]Please post the content of that logfile with your next answer. [*]You can find the logfile at C:AdwCleaner[s1].txt as well. =================================================== Please download Junkware Removal Tool to your desktop. [*]Shutdown your antivirus to avoid any conflicts. [*]Right-mouse click JRT.exe and select Run as administrator [*]The tool will open and start scanning your system. [*]Please be patient as this can take a while to complete. [*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open. [*]Post the contents of JRT.txt into your next message =================================================== On your next reply please post : AdwCleaner log JRT log Fresh DDS log Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have. Good Day!
  6. Sure. I'll be happy to wait.
  7. Are you still with us?
  8. No worries. Please read through these instructions to familiarize yourself with what to expect when this tool runs Refer to the ComboFix User's Guide Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT- Save ComboFix.exe to your Desktop ==================================================== Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs ==================================================== Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply for further review.
  9. Sure. Here goes Please download aswMBR.exe and save it to your desktop. [*]Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator) [*]Allow it to update where necessary [*]Click Scan [*]Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet. [*]You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well. =================================================== Download TDSSKiller.exe and save it to your desktop Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log. Once complete, a log will be produced at the root drive which is typically C: ,for example, C:TDSSKiller.<version_date_time>log.txt =================================================== On your next reply please post : aswMBR log MBR.dat (attachment) TDSS Killer log Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have. Good Day!
  10. Hello there, bhk I'm Conspire, I'll be glad to help you with your computer problems. Please observe these rules while we work: [*]Read the entire procedure [*]It is important to perform ALL actions in sequence. [*]If you don't know, stop and ask! Don't keep going on. [*]Please reply to this thread. Do not start a new topic. [*]Stick with me till you're given the all clear. [*]Remember, absence of symptoms does not mean the infection is all gone. [*]Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on. --------------------------------------------------------------------------------------------------- Sorry for the delayed response. Do you still need help on this? ---------------------------------------------------------------------------------------------------
  11. Conspire

    Removed my web search and had sporadic ie crashes

    Very well. Take care, stay safe.
  12. Conspire

    Removed my web search and had sporadic ie crashes

    Indeed it was. It's time for some housekeeping if you don't have any problems left. You can remove the rest of the tools we used except for Combofix which you have to follow the steps outlined. Follow these steps to uninstall Combofix [*]Click START then RUN [*]Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there. Combofix /Uninstall =================================================== Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred. -------------------------------------------------------------------------------------------------------------- MICROSOFT UPDATES It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. Passwords It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe. SPYWARE PREVENTION This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles: [*] [*]How Did I Get Infected In The First Place? by TonyKlein [*]How to Prevent Malware by miekiemoes [*]PC Safety and Security--What Do I Need? To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: [*]Green to go [*]Yellow for caution [*]Red to stop WOT has an add-on available for both Firefox and IE. [*]SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here [*]MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here [*]Download Host.zip and Save it to your Desktop. [*]Right-click hosts.zip and select 'Extract all files' or 'Extract files...'. [*]Follow the prompts and click 'Finish'. [*]This will open the newly created hosts folder on your Desktop. [*]Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. [*]Once updated you should see another prompt that the task was completed. Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically. Hopefully this should take care of your problems! Good luck. Do you have any questions or problems to ask? Please do not hesitate to do so. **Please respond this one more time to ensure it is resolved and close this topic.
  13. Conspire

    Removed my web search and had sporadic ie crashes

    Open Notepad and copy/paste the entire contents of the codebox below into Notepad: if exist "%temp%log.txt" del "%temp%log.txt"for %%g in ("C:UsersJamesAppDataLocalLowGamingWonderlandEIInstallrCache0061C62D.exe""C:UsersJamesAppDataLocalLowMindDabble_4pEIInstallrCache00233256.exe") do (del /a/f/q %%g >nul 2>&1if exist %%g echo.%%~g>>"%temp%log.txt")if exist "%temp%log.txt" ( start notepad "%temp%log.txt") else echo.Deleted Successfully !!pausedel %0Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.It should look like this: Double-click on fix.bat to run it. Tell me what it says in your next reply. Press any key to continue.
  14. Conspire

    Removed my web search and had sporadic ie crashes

    Did you manage to complete the scan? If yes, post it. No need to re-run anymore. Save you some time.
  15. Conspire

    Removed my web search and had sporadic ie crashes

    Hi, Let's check for remnants before doing some housekeeping. Download TFC to your desktop [*]Close any open windows. [*]Double click the TFC icon to run the program [*]TFC will close all open programs itself in order to run, [*]Click the Start button to begin the process. [*]Allow TFC to run uninterrupted. [*]The program should not take long to finish it's job [*]Once its finished it should automatically reboot your machine, [*]if it doesn't, manually reboot to ensure a complete clean =================================================== Go here and click 'ESET Online Scanner'. [*]If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'. [*]Turn off the real-time scanner of any existing antivirus program while performing the online scan. [*]Tick the box next to YES, I accept the Terms of Use. [*]Click Start [*]If using Internet Explorer, allow the ActiveX control to install when asked. [*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. [*]Click on Advanced Settings and ensure these options are ticked: [*]Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth Technology [*]Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button. [*]Tick all the boxes that correspond to your external/inserted drives. [*]Click Start [*]Wait for the scan to finish. [*]When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..." [*]Save that text file to your desktop, and then copy/paste the contents in your next reply. Please do not attach it. =================================================== Malwarebytes' Anti-Malware Download Malwarebytes' Anti-Malware here and save to your desktop. [*]Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.) [*]At the end, be sure a checkmark is placed next to: [*]Update Malwarebytes' Anti-Malware [*]Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]If an update is found, it will download and install the latest version. [*]Once the program has loaded, select Perform quick scan, then click Scan. [*]When the scan is complete, click OK, then Show Results to view the results. [*]Be sure that everything is checked, and click Remove Selected. [*]When completed, a log will open in Notepad. Please copy and paste the log back into your next reply Note: [*]The log can also be found here: C:Documents and SettingsUsernameApplication DataMalwarebytesMalwarebytes' Anti-MalwareLogsmbam-log-date (time).txt [*]Or via the Logs tab when Malwarebytes' Anti-Malware is started. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. =================================================== On your next reply please post : ESET log MBAM log Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have. Good Day!
  16. Conspire

    Removed my web search and had sporadic ie crashes

    -AdwCleaner- Please download AdwCleaner by Xplode onto your desktop. [*]Close all open programs and internet browsers. [*]Double click on AdwCleaner.exe to run the tool. [*]Click on Delete. [*]Confirm each time with Ok. [*]Your computer will be rebooted automatically. A text file will open after the restart. [*]Please post the content of that logfile with your next answer. [*]You can find the logfile at C:AdwCleaner[s1].txt as well. =================================================== Please download Junkware Removal Tool to your desktop. [*]Shutdown your antivirus to avoid any conflicts. [*]Right-mouse click JRT.exe and select Run as administrator [*]The tool will open and start scanning your system. [*]Please be patient as this can take a while to complete. [*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open. [*]Post the contents of JRT.txt into your next message =================================================== On your next reply please post : AdwCleaner log JRT log Are you still having browser crashes? Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have. Good Day!
  17. Conspire

    Removed my web search and had sporadic ie crashes

    I would prefer to have logs posted unless I specifically requested for it to be attached. Please read through these instructions to familiarize yourself with what to expect when this tool runs Refer to the ComboFix User's Guide Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT- Save ComboFix.exe to your Desktop ==================================================== Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs ==================================================== Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply for further review.
  18. Conspire

    Removed my web search and had sporadic ie crashes

    Please download aswMBR.exe and save it to your desktop. [*]Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator) [*]Allow it to update where necessary [*]Click Scan [*]Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet. [*]You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
  19. Conspire

    Chrome redirect issues

    Log looks good. If you have no more issues, we will do some housekeeping. Follow these steps to uninstall Combofix [*]Click START then RUN [*]Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there. Combofix /Uninstall =================================================== Clean up with OTL: [*]Double-click OTL.exe to start the program. [*]Close all other programs apart from OTL as this step will require a reboot [*]On the OTL main screen, press the CLEANUP button [*]Say Yes to the prompt and then allow the program to reboot your computer. =================================================== Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred. -------------------------------------------------------------------------------------------------------------- MICROSOFT UPDATES It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. Passwords It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe. SPYWARE PREVENTION This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles: [*] [*]How Did I Get Infected In The First Place? by TonyKlein [*]How to Prevent Malware by miekiemoes [*]PC Safety and Security--What Do I Need? To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: [*]Green to go [*]Yellow for caution [*]Red to stop WOT has an add-on available for both Firefox and IE. [*]SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here [*]MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here [*]Download Host.zip and Save it to your Desktop. [*]Right-click hosts.zip and select 'Extract all files' or 'Extract files...'. [*]Follow the prompts and click 'Finish'. [*]This will open the newly created hosts folder on your Desktop. [*]Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. [*]Once updated you should see another prompt that the task was completed. Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically. Hopefully this should take care of your problems! Good luck. Do you have any questions or problems to ask? Please do not hesitate to do so. **Please respond this one more time to ensure it is resolved and close this topic.
  20. Conspire

    Chrome redirect issues

    Run OTL.exe [*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL :FilesC:UsersDavidDownloadsFlashPlayer.exeC:UsersDavidDownloadsiLividSetup (1).exeC:UsersDavidDownloadsiLividSetup.exe:Commands[EMPTYTEMP][CLEARALLRESTOREPOINTS][*]Then click the Run Fix button at the top[*]Let the program run unhindered, reboot when it is done [*]Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.
  21. Conspire

    Chrome redirect issues

    Hi, Great, let's check for remnants. =================================================== Go here and click 'ESET Online Scanner'. [*]If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'. [*]Turn off the real-time scanner of any existing antivirus program while performing the online scan. [*]Tick the box next to YES, I accept the Terms of Use. [*]Click Start [*]If using Internet Explorer, allow the ActiveX control to install when asked. [*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. [*]Click on Advanced Settings and ensure these options are ticked: [*]Scan for potentially unwanted applications [*]Scan for potentially unsafe applications [*]Enable Anti-Stealth Technology [*]Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button. [*]Tick all the boxes that correspond to your external/inserted drives. [*]Click Start [*]Wait for the scan to finish. [*]When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..." [*]Save that text file to your desktop, and then copy/paste the contents in your next reply. Please do not attach it. =================================================== Malwarebytes' Anti-Malware Download Malwarebytes' Anti-Malware here and save to your desktop. [*]Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.) [*]At the end, be sure a checkmark is placed next to: [*]Update Malwarebytes' Anti-Malware [*]Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]If an update is found, it will download and install the latest version. [*]Once the program has loaded, select Perform quick scan, then click Scan. [*]When the scan is complete, click OK, then Show Results to view the results. [*]Be sure that everything is checked, and click Remove Selected. [*]When completed, a log will open in Notepad. Please copy and paste the log back into your next reply Note: [*]The log can also be found here: C:Documents and SettingsUsernameApplication DataMalwarebytesMalwarebytes' Anti-MalwareLogsmbam-log-date (time).txt [*]Or via the Logs tab when Malwarebytes' Anti-Malware is started. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. =================================================== On your next reply please post : ESET log MBAM log Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have. Good Day!
  22. Conspire

    Chrome redirect issues

    Do you still need help?
  23. Conspire

    Chrome redirect issues

    Seems like uninstalling Chrome is the only way. uninstall Chrome completely and remove the user folder, then re-install it if you want to keep Chrome C:UsersDavidAppDataLocalGoogleChromeUser Data you will need to show hidden files and folders to find that folder Also if you have utilized chrome's "sync" ability, that may be bringing the infection back as well you need to uninstall check the section for "delete your synced data from your Google Account " at the bottom of the page http://support.google.com/chrome/bin/answer.py?hl=en&answer=185277
  24. Conspire

    Chrome redirect issues

    Not sure what am I missing here. I'm going to consult with my colleagues.
×