Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Browser auto starts & goes to popclk.com

  1. #11
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    Hi JazzListener,

    Not much left to do now. Have you had any issues since running the OTL fix?


    Security Check
    • Please download Security Check by screen317 from one of the links below:
    • Save it to your Desktop.
    • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt
    • Please post the contents of that document.



    Run OTL Script
    We need to run an OTL Fix
    • Right click on OTL.exe and select Run as Administrator to start the program.
    • Copy and Paste the following code into the textbox. Do not include the word Code
      Code:
      :files
      C:\Users\Henry\Downloads\freeripmp3-setup.exe
      :commands
      [EMPTYTEMP]
      [CLEARALLRESTOREPOINTS]
    • Then click the Run Fix button at the top.
    • Click .
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
    Proud Graduate of the MalWare Removal University

  2. #12
    Junior Member
    Join Date
    Feb 2012
    Posts
    8

    Talking

    Hi Diver

    I've had no issues running OTL - other than I have to use the .scr version. This means I do not have the option of running as "administrator" but it seems to work fine. Outputs of the Security Check and OTL are below.

    Does this mean that the Freerip download had a trojan/malware or did it just come and hide there? Freerip is still installed. I also have it installed on other computers and there seems to have been no problem.

    Security Check output:


    Results of screen317's Security Check version 0.99.31
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    ESET Online Scanner v3
    ZoneAlarm Firewall
    ZoneAlarm Free
    ZoneAlarm Security
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    MVPS Hosts File
    Spybot - Search & Destroy
    Java(TM) 6 Update 29
    Java version out of date!
    Adobe Reader 9 Adobe Reader out of date!
    Mozilla Firefox (10.0.1)
    Mozilla Thunderbird (7.0.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Spybot Teatimer.exe is disabled!
    AVG avgwdsvc.exe
    AVG avgtray.exe
    Symantec Norton Online Backup NOBuAgent.exe
    CheckPoint ZoneAlarm vsmon.exe
    CheckPoint ZoneAlarm zatray.exe
    ``````````End of Log````````````


    and OTL:


    All processes killed
    ========== FILES ==========
    C:\Users\Henry\Downloads\freeripmp3-setup.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Henry
    ->Temp folder emptied: 1582904 bytes
    ->Temporary Internet Files folder emptied: 35883 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 44901799 bytes
    ->Google Chrome cache emptied: 7468856 bytes
    ->Flash cache emptied: 0 bytes

    User: Nancy
    ->Temp folder emptied: 1432800 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 57596962 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 854 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2406133 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 64 bytes

    Total Files Cleaned = 110.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.31.0 log created on 02162012_212840

    Files\Folders moved on Reboot...
    C:\Users\Henry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Henry\AppData\Local\Temp\MMDUtl.log moved successfully.
    C:\Users\Henry\AppData\Local\Temp\~DFC6FFEDF259A257F7.TMP moved successfully.
    C:\Users\Nancy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Nancy\AppData\Local\Temp\MMDUtl.log moved successfully.
    C:\Users\Nancy\AppData\Local\Temp\~DF0B8EA2FD85B593BA.TMP moved successfully.
    File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.
    C:\Windows\temp\ZLT06892.TMP moved successfully.

    Registry entries deleted on Reboot...

  3. #13
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    Hi JazzListener,

    Congratulations your PC is now free from infection
    Follow the below steps to remove vulnerable programs and tighten your systems security.

    Quote Originally Posted by JazzListener View Post
    Does this mean that the Freerip download had a trojan/malware or did it just come and hide there?
    It looks like this software modifies the default IE search hook to mywebsearch - See Here. Because of this it is classified as adware and may be why ESET flagged it. I am not familiar with this software but the scan only identified the install file as a threat, so the program may well be legitimate aside from the sneaky web search modification.

    SecurityCheck identified Java and Adobe Reader as being out of date. Both of these programs contain vulnerabilities that leave your machine open to re-infection. You can get the latest versions below.
    Adobe Reader
    http://get.adobe.com/uk/reader/
    Java Update
    http://www.java.com/en/download/index.jsp


    OTL Cleanup
    Double click on OTL.scr, if prompted by UAC, please allow it.
    Press the CleanUp button.
    When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

    Enable TeaTimer
    Open Spybot-S&D in Advanced Mode.
    If it is not already set to do this go to the "Mode" menu and select "Advanced Mode".
    On the left hand side, click on "Tools".
    Then click on the Resident Icon in the List.
    Check "Resident TeaTimer" and OK any prompts.
    Restart your computer.


    Additional Security Tips.
    Update your Antivirus programs and other programs regularly.
    Secunia Personal Software Inspector - Copyright Secunia. This app will monitor programs on your computer for known vulnerabilities. You can set it to auto-update for you, or just prompt you if an update is available. I highly recommend it.
    F-secure Health Check - Copyright F-Secure Corporation. F-Secure Health Check is a free application that tells you if your computer is protected and helps you fix possible security issues.

    Please let me know you have completed the above steps so this post can be closed.

    Good work!

    diver79
    Proud Graduate of the MalWare Removal University

  4. #14
    Junior Member
    Join Date
    Feb 2012
    Posts
    8

    Default

    Diver

    All done.

    Thanks very much for all your help.

    Presumably I can run these other security software on my other computers?

  5. #15
    Senior Member
    Join Date
    Feb 2012
    Location
    Ireland
    Posts
    176

    Default

    Hi JazzListener,

    You can use SecurityCheck and the ESET Online scan on the other computers, but you should not use OTL without the supervision of a trained malware fighter.
    The custom fix given in this post was for this problem only and could cause issues if used on another machine.

    diver79.
    Proud Graduate of the MalWare Removal University

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •