paulbasaur Posted March 21, 2015 Share Posted March 21, 2015 Have some bad malware on my computer. ONlys eems to affect Google Chrome now, not Firefox. Popups informing me my computer is infected and to call some number..pcfixin.info or some sketch web page. very frustrating. I've tried removing all extensions to Chrome but the problem keeps happening. Everyone here has been very helpful in the past any tips would be greatly suggested. Link to comment Share on other sites More sharing options...
Jacee Posted March 21, 2015 Share Posted March 21, 2015 I'm going to move your topic to "Have I Been Hijacked?" Just click on the link I leave in this forum Next, download AdwCleaner by Xplode and save to your Desktop. Step 1. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator .Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report). The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it. Copy and paste the contents of that logfile in your next reply. A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool. Step 2. Using AdwCleaner v3: Scan & Clean: This time click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[s#].txt) will open automatically (where the largest value of # represents the most recent report). Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder ******Post both .txt logs Link to comment Share on other sites More sharing options...
paulbasaur Posted March 21, 2015 Author Share Posted March 21, 2015 # AdwCleaner v4.112 - Logfile created 21/03/2015 at 15:19:27# Updated 09/03/2015 by Xplode# Database : 2015-03-21.2 [server]# Operating system : Windows 7 Professional Service Pack 1 (x64)# Username : Paul - PAUL-PC# Running from : C:\Users\Paul\Desktop\AdwCleaner(1).exe# Option : Cleaning***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\AVG Security ToolbarFolder Deleted : C:\Users\Paul\Documents\UpdaterFolder Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\kbryytfl.default\Extensions\5LCy@N.comFile Deleted : C:\windows\DtcInstall.logFile Deleted : C:\windows\TSSysprep.logFile Deleted : C:\Users\Paul\AppData\Local\Temp\Uninstall.exeFile Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xmlFile Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorageFile Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage-journalFile Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorageFile Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal***** [ Scheduled tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}***** [ Web browsers ] *****-\\ Internet Explorer v11.0.9600.17689-\\ Mozilla Firefox v36.0.3 (x86 en-US)[kbryytfl.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,AVG Secure Search,DuckDuckGo,eBay,Twitter,Wikipedia (en)");[kbryytfl.default\prefs.js] - Line Deleted : user_pref("extensions.CSE9JJqAw1spBzZO.scode", "(function(){try{if(window.self.location.href.indexOf(\"pjwGpdsGqdw6rda7rTa6rdr8pn\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"flybrain.com\",\"w[...]-\\ Google Chrome v41.0.2272.101[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}[C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=2921&r=2015/02/20&hid=9128224170062070359&lg=EN&cc=US&unqvl=82*************************AdwCleaner[R0].txt - [8158 bytes] - [09/03/2015 07:45:04]AdwCleaner[R1].txt - [8217 bytes] - [09/03/2015 07:47:10]AdwCleaner[R2].txt - [3258 bytes] - [21/03/2015 15:14:33]AdwCleaner[s0].txt - [8195 bytes] - [09/03/2015 07:49:06]AdwCleaner[s1].txt - [3239 bytes] - [21/03/2015 15:19:27]########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [3298 bytes] ########## Shoot I think I saved over the first log. This is the second after cleaning my apologies. Thank you for your help what should I do next? Link to comment Share on other sites More sharing options...
Jacee Posted March 22, 2015 Share Posted March 22, 2015 Download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop. Save any unsaved work. TFC will close ALL open programs including your browser! This will also eliminate all desktop shortcuts, so just be aware! Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! Manually reboot the machine to ensure a complete clean. Tell me if you are still getting the pop-ups. Link to comment Share on other sites More sharing options...
paulbasaur Posted March 22, 2015 Author Share Posted March 22, 2015 Hello again. I've been using firefox this whole time. Just tried to use Chrome after running TFC and restarting....same problems. Click on a link from the local paper website and another window opens asking about refinancing a mortgage.. I still need help what should I do next? Thank you for the help you've already given me.. Link to comment Share on other sites More sharing options...
Jacee Posted March 22, 2015 Share Posted March 22, 2015 See if these instructions help: https://support.google.com/chromebook/answer/183083?hl=en Link to comment Share on other sites More sharing options...
paulbasaur Posted March 23, 2015 Author Share Posted March 23, 2015 Nope. Getting redirects, popups. Only in Chrome. In Extensions, this "Browser Adblocker" keeps reinstalling itself. Link to comment Share on other sites More sharing options...
Jacee Posted March 26, 2015 Share Posted March 26, 2015 Please download (free version) Malwarebytes' Anti-Malware to your desktop http://www.malwarebytes.org/products/malwarebytes_free/ * Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply. Link to comment Share on other sites More sharing options...
paulbasaur Posted March 29, 2015 Author Share Posted March 29, 2015 Here it is: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 3/28/2015Scan Time: 8:15:55 PMLogfile: malwarebytes log.txtAdministrator: YesVersion: 2.01.4.1018Malware Database: v2015.03.28.08Rootkit Database: v2015.03.26.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: PaulScan Type: Threat ScanResult: CompletedObjects Scanned: 354042Time Elapsed: 4 min, 50 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 2PUP.Optional.Multiplug, HKU\S-1-5-21-3737205948-2555619836-1812066780-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [8563b99194f6c571107cc16909fa48b8],PUP.Optional.Multiplug, HKU\S-1-5-21-3737205948-2555619836-1812066780-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [8563b99194f6c571107cc16909fa48b8],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 2PUP.Optional.Multiplug, C:\Program Files (x86)\SystemText\SystemText.dll, Quarantined, [29bf3119d7b3bb7b848064cbcb37a957],PUP.Optional.OutBrowse, C:\Users\Paul\Downloads\Installation.exe, Quarantined, [70788dbd7c0e60d607fc84c0a75b29d7],Physical Sectors: 0(No malicious items detected)(end) Link to comment Share on other sites More sharing options...
Jacee Posted March 29, 2015 Share Posted March 29, 2015 I'd like you to scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push Tell me if that little rascal is still there. Link to comment Share on other sites More sharing options...
paulbasaur Posted April 1, 2015 Author Share Posted April 1, 2015 C:\AdwCleaner\Quarantine\C\Program Files (x86)\ChEapMe\0SQVcmM3BzTz9V.dll.vir a variant of Win32/Adware.MultiPlug.FL applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\ChEapMe\0SQVcmM3BzTz9V.x64.dll.vir a variant of Win64/Adware.MultiPlug.G applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\CheapMei\2YMFBGMmoo2CLJ.dll.vir a variant of Win32/Adware.MultiPlug.FL applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\CheapMei\2YMFBGMmoo2CLJ.x64.dll.vir a variant of Win64/Adware.MultiPlug.G applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\SAverExTTensionn\LKEWQ2r9cj4uoI.dll.vir a variant of Win32/Adware.MultiPlug.FL applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\SAverExTTensionn\LKEWQ2r9cj4uoI.x64.dll.vir a variant of Win64/Adware.MultiPlug.G application Yes, the little rascal is in there....what do we do!! Link to comment Share on other sites More sharing options...
Jacee Posted April 2, 2015 Share Posted April 2, 2015 Read and follow instructions for browsers here: http://en.kioskea.net/faq/2528-how-to-disable-add-ons-extensions-in-your-browser Next: Copy and paste these lines in Note pad. @Echo on pushd\windows\system32\drivers\etc attrib -h -s -r hosts echo 127.0.0.1 localhost>HOSTS attrib +r +h +s hosts popd ipconfig /release ipconfig /renew ipconfig /flushdns netsh winsock reset all netsh int ip reset all shutdown -r -t 1 del %0 Save as flush.bat to your desktop. Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself. Tell me what's happening now. Link to comment Share on other sites More sharing options...
paulbasaur Posted April 3, 2015 Author Share Posted April 3, 2015 The script ran, computer rebooted. No problems with Google Chrome so far...So I guess nothing is happening now which is a good thing. Just worried that the chrome extension will rear its head again as in the past. Thanks for your help and patience it is appreciated. Anything else I need to do? Link to comment Share on other sites More sharing options...
Jacee Posted April 3, 2015 Share Posted April 3, 2015 Set a 'clean' restore point Keep TFC and Malwarebytes.... use them! In the upper right hand corner of IE ... click on the 'gear' Icon and click Safety, then turn on smart Screen. Keep all programs updated. Link to comment Share on other sites More sharing options...
Recommended Posts