Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Cannot get rid of SelectionLinks Malware

  1. #11
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Thanks for the info.

    The SelectionLinks is not intentional, should I remove it?
    If it is listed, definitely.


    Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

    Run OTL

    • double click on the icon to run it.
    • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :Services
      
      :OTL
      IE - HKCU\..\SearchScopes\{77453DE9-748C-4165-AE42-941B70D4840E}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
      IE - HKCU\..\SearchScopes\{7AF8ED95-13ED-498a-88AF-E8AEF88A364F}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
      IE - HKCU\..\SearchScopes\{AAFDF7C2-4043-4118-BA5A-3E879506BE40}: "URL" = http://isearch.avg.com/search?cid={43F39CBB-458C-4555-9809-00AE1B0AC486}&mid=fe25f96646f647d19b6081ac0fc31acc-599363268f4c5dfb44aa55eea572ac49793f7bca&lang=en&ds=AVG&pr=fr&d=2012-05-13 16:19:48&v=11.0.0.9&sap=dsp&q={searchTerms}
      IE - HKCU\..\SearchScopes\{F9DE3B5C-D14A-45f2-90F5-9641C660CA0B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local
      FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
      FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
      FF - prefs.js..browser.search.order.1: "Privitize VPN"
      FF - prefs.js..browser.search.selectedEngine: "Privitize VPN"
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [purity]
      [emptytemp]
      [Reboot]

    • click the Run Fix button at the top
    • let the program run unhindered, reboot when it is done
    • please post the OTL fix log and new OTL log.

    ===================================================

    Run CKScanner

    Download CKScanner by askey127 from here & save it to your Desktop.
    • doubleclick CKScanner.exe then click Search For Files
    • when the cursor hourglass disappears, click Save List To File
    • a message box will verify the file saved
    • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

    Logs to include in the next post:

    OTL fix log
    New OTL log
    CKFiles.txt


    Satchfan

  2. #12
    Junior Member
    Join Date
    May 2013
    Posts
    12

    Default

    It seems to have worked. Is there anything else I should do?
    Attached Files Attached Files

  3. #13
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    You have a illegal software on your system, which is probably how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

    This forum, as well as all the other malware removal forums, does not condone the use of illegal software and does not offer support unless it is for the removal of it.

    Continuing to help you could be viewed as supporting/condoning this.

    If you want to continue, what I need you to do is to uninstall all the illegal software that you have downloaded and installed.

    When you have done this, run CKScanner again and post a new log. If I don’t hear back from you in 24 hours this thread will be closed and no more help will be offered.

    Satchfan

  4. #14
    Junior Member
    Join Date
    May 2013
    Posts
    12

    Default

    [QUOTE=Satchfan;440673]You have a illegal software on your system, which is probably how your computer became infected. Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

    Illegal?
    What is illegal on the computer?
    As far as I know only my brother and I use this computer, and I don't think he would do such a thing, and I definitely didnt.
    Tell me what it is and I will remove it immediately.

  5. #15
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    Hi yehonatans

    The results that came back were as the result of having suspect files/extensions. Having checked further, I’m happy that you are not using any illegitimate programs, so let's see what we can find.

    Let's have a deeper look to make sure that there is nothing else lurking.

    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------
    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    --------------------------------------------------------------------
    • double click on ComboFix.exe & follow the prompts.
    • when finished, it will produce a report: please post the C:\ComboFix.txt log in your reply.


    Satchfan

  6. #16
    Junior Member
    Join Date
    May 2013
    Posts
    12

    Default

    WHAT DID YOU DO!?!?
    I ran it, did what ever it told me, disabled my anti-virus, all of it.
    I let the "combo fix" do its magic, restart my computer and give me the report, i look over it, see that it destroyed many things in system32.
    "Well, if he says it will fix something, that's cool"
    Try to open chrome to thank you, post the info and tell you that i will donate to Spybot.
    Cannot open
    "WTF?"
    try again, says something like "illegal action on a file that needs to be deleted."
    "WTF?"
    freak out, try to open ie, same thing, try to open avira, same thing, try to open random stuff, same thing.
    WTF did he do?
    System restore.
    Succes!

    Care to explain?

  7. #17
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    It's quite normal to be disconnected after running ComboFix but a reboot should have been all that was required.

    Please send the ComboFix log. It can be found at c:\combofix.txt

    Thanks

    Satchfan

  8. #18
    Junior Member
    Join Date
    May 2013
    Posts
    12

    Default

    Disconnected?
    I couldn't open something that wasn't a part of windows!
    I checked combofix, there is no reason it should be running on my computer, its targets are 3 viruses that I have not reported and mostly CANNOT infect a win7 machine.
    I restarted, to no effect, no way I am running this again, the computer is functioning normally, if it comes back, so be it, i will ask again, but if this taught me one thing- If it aint broke, dont fix it.

    Thank you for your help.

  9. #19
    Security Expert Satchfan's Avatar
    Join Date
    Feb 2009
    Location
    Exeter, UK
    Posts
    259

    Default

    My Spybot reported that it solved 2 out of 8 SelectionLinks problems and told me to restart to get rid of the rest, 2 restarts later, spybot still cannot find any problem.

    Anyway, I am hoping you can help me
    It appears that you required help.

    If it aint broke, dont fix it.
    I'm unsure about whether you need help or not.

    Please let me know what your current situation is.

    Satchfan

  10. #20
    Junior Member
    Join Date
    May 2013
    Posts
    12

    Default

    Currently everything is fine, I needed help and you helped me.
    I do not have SelectionLinks anymore.
    But the final thing that you asked me to use (combofix) almost ruined my computer.
    So I used a system restore, and everything is fine now.
    I meant to say that i do not see a reason to use combofix, as its targets are malware/adware that cannot infect my computer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •