My laptop has somehow got infected by the delta toolbar virus and I am having trouble removing it. I would prefer to remove it without having to format my computer so was hoping someone might have some suggestions.

Basically I have run various spyware/malware tools (spybot, mcafee, ad-aware, malwarebytes) in both normal mode and safemode but they either find problems and remove them but they return immediately (I run the tool twice to check), or they can't remove the delta-related ones at all. I have also tried going into the registry and searching for the keys that various web pages suggest removing but none of them are there! (And obviously I have removed it all (exensions/homepage etc) from Chrome.

My computer is a Dell Inspiron ultrabook with Windows 8. The registry key that spybot keeps finding but not being able to remove is HKLM/SOFTWARE/Datamngr.

Any suggestions would be very much appreciated.

:snwelcome:

Read this please and provide the logs

http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)

Thanks. I'll do this tomorrow.

I have now backed up my registry using ERDNT. DDS wouldn't run for some reason it just kept coming up with the error message "DDS will not run in 'compatibility mode'".

This is my aswMBR log:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-29 21:54:17
-----------------------------
21:54:17.196 OS Version: Windows x64 6.2.9200
21:54:17.197 Number of processors: 4 586 0x3A09
21:54:17.199 ComputerName: JANE UserName:
21:54:17.599 Initialze error 1
21:57:14.014 AVAST engine defs: 14012901
21:58:09.727 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002f
21:58:09.731 Disk 0 Vendor: A110 Size: 476937MB BusType: 8
21:58:09.736 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000030
21:58:09.740 Disk 1 Vendor: WLAD Size: 8192MB BusType: 8
21:58:09.746 Disk 0 MBR read successfully
21:58:09.751 Disk 0 MBR scan
21:58:09.825 Disk 0 unknown MBR code
21:58:09.830 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
21:58:09.873 Disk 0 scanning C:\WINDOWS\system32\drivers
21:58:09.878 Service scanning
21:58:10.746 Modules scanning
21:58:10.752 Disk 0 trace - called modules:
21:58:10.761 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorAV.sys
21:58:10.771 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000021c3060]
21:58:10.778 3 CLASSPNP.SYS[fffff80000601abb] -> nt!IofCallDriver -> \Device\0000002f[0xffffe00000fe9060]
21:58:10.787 AVAST engine scan C:\WINDOWS
21:58:10.796 AVAST engine scan C:\WINDOWS\system32
21:58:10.804 AVAST engine scan C:\WINDOWS\system32\drivers
21:58:10.813 AVAST engine scan C:\Users\YouTarzan
21:58:10.821 AVAST engine scan C:\ProgramData
21:58:10.830 Scan finished successfully
21:58:22.325 Disk 0 MBR has been saved successfully to "C:\Users\YouTarzan\Desktop\MBR.dat"
21:58:22.347 The log file has been saved successfully to "C:\Users\YouTarzan\Desktop\aswMBR.txt"

And this is the spybot log:

26/01/2014 12:18:48
Scan took 00:30:04.
6 items found.

Delta.Toolbar: [SBI $15E43F9C] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-880496913-865728010-2256035260-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-880496913-865728010-2256035260-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-880496913-865728010-2256035260-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-880496913-865728010-2256035260-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

History: [SBI $49804B54] Browser: History (1) (Browser: History, nothing done)


The Delta.toolbar one in bold above is the one that spybot can't seem to remove. There have also been a number of weird things going on with my computer recently which I don't know if they are anything to do with this/a virus so I'll mention them just in case. - 1. my microsoft password mysteriously changed to a different one of my passwords so I changed my microsoft password properly on the website in case it had been hacked. 2, now that i have changed my password my computer now recognises that the old one is wrong so tells me this everytime i turn my computer on and doesnt seem to want to 'remember' the new one!

I'm afraid I won't be able to respond/try any fixes for the next week but I would be very grateful for any responses and will check back as soon as I can.

Thanks!

Hi,

Threads are closed if no reply in 3 days but since you let me know that you will be unavailable for a week I would be more than happy to keep this one open for you.

Its possible that whats going on with your system wont let DDS run, so lets do this


Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Hi,

You told me that you would be gone for a week, its been almost ten days and no reply from you



Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.