Jump to content
Sign in to follow this  
brownhornet

cant get rid of this

Recommended Posts

so im working on a neighbors laptop and i ran adware and jrt and malewarebyes and some others which got rid of alot of stuff,but some things still remain. i set the homepage on FF to yahoo but when i open browser i get something that says ''tuvaro'' also remaing is,mindspark,community smart bar and some others i can uninstall. please advise

 

 

EDIT: also im still getting a black window pop up that says:taskeng.exe also tried this site to get rid of this ''tuvaro'' pest http://malwaretips.com/blogs/www-search-net-removal/ but no luck

Edited by brownhornet

Share this post


Link to post
Share on other sites

Researching says it's not an easy infection to deal with.

 

Let's try the easy first:

 

reset web browser IE

 

Open Internet Explorer and click the Tools button, and then click Internet options.

Click the Advanced tab, and then click Reset. Select the Delete personal settings check box if you would also like to remove search providers, Accelerators and home pages. When Internet Explorer finishes applying default settings, click Close, and then click OK.

The changes will take effect the next time you open IE.

 

 

Firefox

At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.

To continue, click Reset Firefox in the confirmation window that opens. It will close and be reset.

When it's done, a window will list the information that was imported. Click Finish and Firefox will open.

 

 

 

We need to search for a few things with SystemLook:

  • Please download SystemLook by jpshortstuff and save it to your desktop
  • Double-click the program to run it, copy and paste the entire text into the main text box:

    :regfind
    tuvaro
    :filefind
    *tuvaro*
    :folderfind
    *tuvaro*
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Share this post


Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff
Log created at 11:55 on 01/08/2014 by castro
Administrator - Elevation successful

========== regfind ==========

Searching for "tuvaro"
No data found.

========== filefind ==========

Searching for "*tuvaro*"
C:\Users\castro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EBF7ANC2\tuvaro[1].png --a---- 648 bytes [11:53 01/08/2014] [11:53 01/08/2014] F0477FE6865178E33FD1EB93EED59DDE

========== folderfind ==========

Searching for "*tuvaro*"
No folders found.

-= EOF =-

Share this post


Link to post
Share on other sites

Please Run TFC by OldTimer to clear temporary files:

 

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

******************************

 

This following scan may have no effect at all or possibly shed some light.

 

If after you run this and we don't see what we need we'll have to step over to the Have I Been Hijacked? forum.

http://forums.pcpitstop.com/index.php?/forum/25-have-i-been-hijacked/

 

Shortcut Cleaner

 

Please download Shortcut Cleaner from the link below and save it to your Desktop.

 

Download Mirror #1

  • Double-click sc-cleaner.exe to run it.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Share this post


Link to post
Share on other sites

ran TFC and it cleaned 13.5mb of stuff. heres log from other scan:

 

 

Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 08/01/2014 03:34:18 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\

* Shortcut Cleaned: C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www-search.net/?s=E7Pzadku1,20df9981-ca25-4250-9ddd-669249672ff0,&pi=1

* Shortcut Cleaned: C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www-search.net/?s=E7Pzadku1,20df9981-ca25-4250-9ddd-669249672ff0,&pi=1

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

* Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www-search.net/?s=E7Pzadku1,20df9981-ca25-4250-9ddd-669249672ff0,&pi=1

* Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-search.net/?s=E7Pzadku1,20df9981-ca25-4250-9ddd-669249672ff0,&pi=1

Searching C:\Users\castro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

* Shortcut Cleaned: C:\Users\castro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www-search.net/?s=E7Pzadku1,20df9981-ca25-4250-9ddd-669249672ff0,&pi=1

* Shortcut Cleaned: C:\Users\castro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www-search.net/?s=E7Pzadku1,20df9981-ca25-4250-9ddd-669249672ff0,&pi=1

* Shortcut Cleaned: C:\Users\castro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www-search.net/?s=E7Pzadku1,20df9981-ca25-4250-9ddd-669249672ff0,&pi=1

* Shortcut Cleaned: C:\Users\castro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www-search.net/?s=E7Pzadku1,20df9981-ca25-4250-9ddd-669249672ff0,&pi=1

* Shortcut Cleaned: C:\Users\castro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www-search.net/?s=E7Pzadku1,20df9981-ca25-4250-9ddd-669249672ff0,&pi=1

* Shortcut Cleaned: C:\Users\castro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-search.net/?s=E7Pzadku1,20df9981-ca25-4250-9ddd-669249672ff0,&pi=1

Searching C:\Users\Public\Desktop\

Searching C:\Users\castro\Desktop


10 bad shortcuts found.

Program finished at: 08/01/2014 03:34:22 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)

Share this post


Link to post
Share on other sites

the browsers seem to be doing fine now but im still getting ''taskeng.exe'' pop up. from what i read it may be a virus/maleware but not sure. also tried to do a scan with malewarebytes and got this:http://i326.photobucket.com/albums/k402/mercflf8/IMG_20140801_162022_975_zps786f0720.jpg could this be due to the junk that was on the laptop,i cant run or update it.

Edited by brownhornet

Share this post


Link to post
Share on other sites

Let's try this

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • ***********************

     

     

    Don't know whats up with MBAM, have you tried to uninstall, reinstall?

     

    MBAM Clean Removal Process

     

    NEXT**

    Try to download it again,.

     

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    MBAMDashboard_zpsddef9b5f.gif
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
    *******************

Share this post


Link to post
Share on other sites

well after a reboot that ''tuvaro'' is back. here is log after tuvaro came back: also a fresh reinstall didnt work for malewarebytes and still have ''tuvaro'' even after the JRT scan

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by castro on Fri 08/01/2014 at 17:49:10.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-421815810-114840823-2280959742-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/01/2014 at 18:02:43.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by brownhornet

Share this post


Link to post
Share on other sites

Try turning off system restore first then doing everything Juliet suggested. Don't forget to turn system restore back on afterward AFTER creating a new clean restore point. ;)

 

 

 

 

:geezer:

Share this post


Link to post
Share on other sites

Personally, I'm not a fan of shutting off system restore. If something "unexpected" happens when running some tool... you won't have anything to fall back on. Also, you can't set a "clean" restore point until the system is actually clean.

Share this post


Link to post
Share on other sites

Try turning off system restore first then doing everything Juliet suggested. Don't forget to turn system restore back on afterward AFTER creating a new clean restore point. ;)

 

 

 

 

:geezer:

 

 

thinking bout giving that a try since it keeps regenerating itself..hmmm

 

 

EDIT: just looked at system restore points,the only ones are from 7-30-14 and this started before that.

Edited by brownhornet

Share this post


Link to post
Share on other sites

Please don't make changes just yet. I think you've got more going on here then we can see.

 

One last thing right now we can try and if it dont work you need to create a new topic in the HJT forum.

 

Open SystemLook by jpshortstuff

Double-click the program to run it, copy and paste the entire blue text into the main text box:

 

:regfind

*search.net*

:filefind

*search.net*

:folderfind

*search.net*

 

Click the Look button to start the scan

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Share this post


Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff
Log created at 05:22 on 02/08/2014 by castro
Administrator - Elevation successful

========== regfind ==========

Searching for "*search.net*"
No data found.

========== filefind ==========

Searching for "*search.net*"
No files found.

========== folderfind ==========

Searching for "*search.net*"
No folders found.

-= EOF =-

Share this post


Link to post
Share on other sites

need to start a new topic in HJT forum

do this and copy and paste the results

 

Scan with FRST in normal mode

 

Please download Farbar's Recovery Scan Tool to your desktop:

 

FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties)

(To use correct version for your system.....Which system am I using?)

  • Run FRST
  • FRSTicon.jpg

  • Don´t change the checkboxes just click on Scan.
  • Logfiles are created on your desktop.
  • Post the FRST.txt
  • The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply.

Share this post


Link to post
Share on other sites

Hi,



please start by uninstalling any free software associated with PUPs and adware from the PC. You should search for each entry in the Remove list so you can decide which software to keep.



Please also check the browser’s shortcut (target field) on start menu or task bar because many malicious software now add their URL in front of the executable so the browser launches the malicious page automatically when it starts.



Then install a trial version of one of the leading antimalware solutions if you don’t have one installed already. That will prevent silent reinstalls of most PUP and adwares while you continue the cleaning.



You should also run msconfig.exe and check the services tab (hide all Microsoft services) and especially the startup tab. Investigate every entry and check if they are legit or not (don’t jump in to conclusions, take your time, you might remove legitimate components). Based on your startup tab analysis, check the registry entries referenced there and remove the ones associated with malware. This will prevent the system from loading and reinstalling malware automatically at startup.



If you haven’t done so, please also run combofix on the PC. It has saved me from some tough situations.



After each pass, check what is still there to remove and search the web on how to remove that, and go from there.



Once a PC becomes so filled with trash, it really becomes an uphill battle…


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×