jestyn
2013-05-14, 10:22
recently i got this malware/adware (barowwsoe2save)l, so what i did is scanned it with avast and tried to repair/quarantine it but can't seem to do it, so i tried deleting/repair through reboot by using avast but it still fail to do so, so what i did is installed spybot and found 8 infections in total but it also can't seem to repair it, so what did first is delete the file that i downloaded from the internet and by doing so it manage to fix 2 of it's infections, but still can't fix the remaining 6, and the browsers still got those annoying ads, then after that i tried checking the instructions about how to manually remove this malware on this website but before following that instruction, i first downloaded the AdwCleaner on CNET and it manage to remove 2 and of it's infections and no more those annoying ads thanks to that, so then the infection is down to 4 then i tried following the instruction that this site have (sorry i have to copy/paste because it's easier for to discribe it that way:
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$COMMONAPPDATA>\Barowwsoe2Save".
The directory at "<$COMMONAPPDATA>\InstallMate\{2077C680-1E39-4C90-AE7B-561BFB94E476}".
The directory at "<$COMMONAPPDATA>\InstallMate\{72F45041-9259-4167-A38C-DA7BA91772B7}".
The directory at "<$COMMONAPPDATA>\SoftSafe".
The directory at "<$COMMONPROGRAMS>\Barowwsoe2Save".
The directory at "<$PROGRAMFILES>\BrowseToSave".
Make sure you set your file manager to display hidden and system files. If Barowwsoe2Save uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
but can't seem to find any, so what did find a way to delete the malware without touching the registry but then i stumbled upon a post on this website that in order for spybot to the delete the infections it needs to run as admin then i did it and thanks to that the ramaining 4 infections is finally removed, and the computer is working fast again, but to make sure that the infections are gone, i did another run of spybot but can't seem to find any, then i run a full system scan with avast and found 1 infection (the file that i deleted earlier) but can't seem to repair it so i just quarantined it, then it asked me if i want to restart the computer i order for them to run a search for virus through reboot and pressed yes, then on the reboot it did found 1 infected file and asked me what do i want with it, so i choose delete all, and it managed to delete it, then after reboot, i did another run of spybot but can't find it anymore.
so now the question is, is it safe to assume that the malware is gone? i didn't touch the registry but tried searching for the entries that listed in this website in my registry but can't seem to find any
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$COMMONAPPDATA>\Barowwsoe2Save".
The directory at "<$COMMONAPPDATA>\InstallMate\{2077C680-1E39-4C90-AE7B-561BFB94E476}".
The directory at "<$COMMONAPPDATA>\InstallMate\{72F45041-9259-4167-A38C-DA7BA91772B7}".
The directory at "<$COMMONAPPDATA>\SoftSafe".
The directory at "<$COMMONPROGRAMS>\Barowwsoe2Save".
The directory at "<$PROGRAMFILES>\BrowseToSave".
Make sure you set your file manager to display hidden and system files. If Barowwsoe2Save uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
but can't seem to find any, so what did find a way to delete the malware without touching the registry but then i stumbled upon a post on this website that in order for spybot to the delete the infections it needs to run as admin then i did it and thanks to that the ramaining 4 infections is finally removed, and the computer is working fast again, but to make sure that the infections are gone, i did another run of spybot but can't seem to find any, then i run a full system scan with avast and found 1 infection (the file that i deleted earlier) but can't seem to repair it so i just quarantined it, then it asked me if i want to restart the computer i order for them to run a search for virus through reboot and pressed yes, then on the reboot it did found 1 infected file and asked me what do i want with it, so i choose delete all, and it managed to delete it, then after reboot, i did another run of spybot but can't find it anymore.
so now the question is, is it safe to assume that the malware is gone? i didn't touch the registry but tried searching for the entries that listed in this website in my registry but can't seem to find any