Jump to content
Sign in to follow this  
leftydrummrr

best way to take out pup.optional.installbrain.a?

Recommended Posts

Which version of Malwarebytes do you have?

Recently there was a software update that now is 2.0., check your version.

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Share this post


Link to post
Share on other sites

I believe I have the latest version of MalwareBytes. I update each time I use it. Here are the scans.

 

# AdwCleaner v3.023 - Report created 12/04/2014 at 09:58:03
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : mark gisi - YOUR-DCA4C55FD8
# Running from : C:\Documents and Settings\mark gisi\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found C:\Documents and Settings\All Users\Application Data\apn
Folder Found C:\Documents and Settings\mark gisi\Local Settings\Application Data\FileTypeAssistant
Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
Folder Found C:\Program Files\File Type Assistant
Folder Found C:\WINDOWS\system32\AI_RecycleBin
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\File Type Assistant\TSAssist.exe]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages] - hxxp://us-mg205.mail.yahoo.com/neo/launch?.rand=2146636319&action=showLetter&umid=2_0_0_1_158104_AOvTimIAANteUepq4QHRNTP5vxM&box=Inbox
-\\ Google Chrome v34.0.1847.116
[ File : C:\Documents and Settings\mark gisi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2601 octets] - [12/04/2014 09:58:03]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2661 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by mark gisi on Sat 04/12/2014 at 10:05:06.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
~~~ Files
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\mark gisi\Local Settings\Application Data\filetypeassistant"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/12/2014 at 10:10:08.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thank you Juliet.

Share this post


Link to post
Share on other sites

Uninstall File Type Assistant.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • This time in the list of objects, Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
How's your computer now?

Share this post


Link to post
Share on other sites

Here is the file. The computer is faster now.

 

# AdwCleaner v3.023 - Report created 12/04/2014 at 14:10:40
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : mark gisi - YOUR-DCA4C55FD8
# Running from : C:\Documents and Settings\mark gisi\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\File Type Assistant
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
Folder Deleted : C:\Documents and Settings\mark gisi\Local Settings\Application Data\FileTypeAssistant
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\File Type Assistant\TSAssist.exe]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages]
-\\ Google Chrome v34.0.1847.116
[ File : C:\Documents and Settings\mark gisi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2741 octets] - [12/04/2014 09:58:03]
AdwCleaner[R1].txt - [2024 octets] - [12/04/2014 14:07:32]
AdwCleaner[s0].txt - [1833 octets] - [12/04/2014 14:10:40]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1893 octets] ##########
Did I get it all?

Share this post


Link to post
Share on other sites

Did I get it all?

I hope

 

This has shown up twice on a Malwarebytes scan. Keeps coming back after I delete. What should I do, Am i missing something?

You were able to delete the original problem. Is the computer experiencing anything else?

Share this post


Link to post
Share on other sites

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

~~~~~~~~~~~~~~~~~

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Share this post


Link to post
Share on other sites

Here is the report.

 

C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\ftacfg.exe.vir Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\TSASetup.exe.vir Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\tsassist.exe.vir Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\File Type Assistant\temp\~tmp.exe.vir Win32/FileTypeAssistant.A potentially unwanted application
C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP549\A0082992.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP549\A0082995.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP549\A0082996.exe Win32/FileTypeAssistant.A potentially unwanted application
C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP549\A0082998.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP577\A0086503.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP577\A0086545.exe Win32/FileTypeAssistant.A potentially unwanted application
C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP577\A0086547.exe Win32/FileTypeAssistant.A potentially unwanted application
C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP577\A0086548.exe Win32/FileTypeAssistant.A potentially unwanted application
C:\System Volume Information\_restore{EB844A99-6E06-4AAD-BD6B-8B1A294877A0}\RP577\A0086552.exe Win32/FileTypeAssistant.A potentially unwanted application
H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\RADMIN FILE\radmin22.zip Win32/RemoteAdmin.RAdmin.22 potentially unsafe application
H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\RADMIN FILE\radmin22\RADMIN22.EXE Win32/RemoteAdmin.RAdmin.22 potentially unsafe application
Still more infections?

Share this post


Link to post
Share on other sites

What was found is held in quarantine, system restore which cannot hurt you unless you click on one of those restore points, and a couple in a back up you made.

not-a-virus:RemoteAdmin.Win32.RAdmin.22 - Riskware, potentially unsafe application

~~~~~~~~~~

 

To remove AdwCleaner quarantine folder, double click on adwcleaner.exe to run the tool.

Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

 

Click Start Menu > Run > type (or copy and paste)

 

%SystemRoot%\System32\restore\rstrui.exe

 

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

 

Next goto Start Menu > Run > type

 

cleanmgr

 

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

 

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

 

 

~~~~~~~~~~~~

 

Go to My Computer->Tools->Folder Options->View tab:

  • Under the Hidden files and folders heading:
  • Select - Show hidden files and folders.
  • Uncheck- Hide protected operating system files (recommended) option.
  • Also, make sure there is no checkmark beside Hide file extensions for known file types.
  • Click OK. (Remember to Hide files and folders once done)
Using Windows Explorer (right-click your "Start" button and select "Explore"), please navigate to and delete the following files/folders in bold

 

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\RADMIN FILE\radmin22.zip

H:\Maxtor backup\D539F051\C\Documents and Settings\Mark Gisi\My Documents\RADMIN FILE\radmin22\RADMIN22.EXE

 

reboot the computer.

 

Running good now?

 

Please take time to read over the below article

Important information regarding Windows XP

http://forums.whatthetech.com/index.php?showtopic=127901

Share this post


Link to post
Share on other sites

I think we're done with what we found. If something was still lurking in the background you would know it.

 

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×