PDA

View Full Version : barowwsoe2save



jestyn
2013-05-14, 10:22
recently i got this malware/adware (barowwsoe2save)l, so what i did is scanned it with avast and tried to repair/quarantine it but can't seem to do it, so i tried deleting/repair through reboot by using avast but it still fail to do so, so what i did is installed spybot and found 8 infections in total but it also can't seem to repair it, so what did first is delete the file that i downloaded from the internet and by doing so it manage to fix 2 of it's infections, but still can't fix the remaining 6, and the browsers still got those annoying ads, then after that i tried checking the instructions about how to manually remove this malware on this website but before following that instruction, i first downloaded the AdwCleaner on CNET and it manage to remove 2 and of it's infections and no more those annoying ads thanks to that, so then the infection is down to 4 then i tried following the instruction that this site have (sorry i have to copy/paste because it's easier for to discribe it that way:


Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

The directory at "<$COMMONAPPDATA>\Barowwsoe2Save".
The directory at "<$COMMONAPPDATA>\InstallMate\{2077C680-1E39-4C90-AE7B-561BFB94E476}".
The directory at "<$COMMONAPPDATA>\InstallMate\{72F45041-9259-4167-A38C-DA7BA91772B7}".
The directory at "<$COMMONAPPDATA>\SoftSafe".
The directory at "<$COMMONPROGRAMS>\Barowwsoe2Save".
The directory at "<$PROGRAMFILES>\BrowseToSave".

Make sure you set your file manager to display hidden and system files. If Barowwsoe2Save uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

but can't seem to find any, so what did find a way to delete the malware without touching the registry but then i stumbled upon a post on this website that in order for spybot to the delete the infections it needs to run as admin then i did it and thanks to that the ramaining 4 infections is finally removed, and the computer is working fast again, but to make sure that the infections are gone, i did another run of spybot but can't seem to find any, then i run a full system scan with avast and found 1 infection (the file that i deleted earlier) but can't seem to repair it so i just quarantined it, then it asked me if i want to restart the computer i order for them to run a search for virus through reboot and pressed yes, then on the reboot it did found 1 infected file and asked me what do i want with it, so i choose delete all, and it managed to delete it, then after reboot, i did another run of spybot but can't find it anymore.

so now the question is, is it safe to assume that the malware is gone? i didn't touch the registry but tried searching for the entries that listed in this website in my registry but can't seem to find any

tashi
2013-05-14, 18:54
Hello jestyn,

To request assistance in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) the FAQ (http://forums.spybot.info/showthread.php?t=288) includes guidelines in post #1 and instructions in post #2 on how to provide the preliminary DDSand aswMBR logs used for analysis.

However, if the computer is running without issue and as you noted, "i did another run of spybot but can't find it anymore." it appears the problem has been resolved. :)

Best regards.