Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: multiple scans with spybot do not get rid of all malware; some keep coming back

  1. #11
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Those ESET findings can be ignored

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.


    Any issues left?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  2. #12
    Member
    Join Date
    Jun 2013
    Posts
    31

    Default adwcleaner log

    Here's the log. I Can happily report that both google chrome and firefox are working and the delta and babylon search engine tabs have gone. Cheers blade81

    # AdwCleaner v3.001 - Report created 29/08/2013 at 11:48:58
    # Updated 24/08/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Severin - SDOUBLE-LAP
    # Running from : C:\Users\Severin\Desktop\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Severin\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Severin\AppData\Roaming\DSite
    Folder Deleted : C:\Users\Janet\AppData\Roaming\DSite
    File Deleted : C:\Users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\4sbx0wty.default\user.js
    File Deleted : C:\windows\System32\Tasks\BrowserDefendert
    File Deleted : C:\windows\System32\Tasks\EPUpdater
    File Deleted : C:\windows\System32\Tasks\QtraxPlayer

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
    Key Deleted : HKCU\Software\e57ded9b06ebe46
    Key Deleted : HKLM\SOFTWARE\e57ded9b06ebe46
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
    Key Deleted : HKCU\Software\Conduit
    [#] Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Tarma Installer

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16660


    -\\ Mozilla Firefox v15.0.1 (en-GB)

    [ File : C:\Users\Severin\AppData\Roaming\Mozilla\Firefox\Profiles\4sbx0wty.default\prefs.js ]

    Line Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=NT_ss&mntrId=EA00F2DF9AA08F3A");
    Line Deleted : user_pref("browser.search.order.1", "Delta Search");

    [ File : C:\Users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\s1tnczqs.default\prefs.js ]

    Line Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=NT_ss&mntrId=EA00F2DF9AA08F3A");
    Line Deleted : user_pref("browser.search.order.1", "Delta Search");
    Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
    Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=EA00F2DF9AA08F3A");

    -\\ Google Chrome v28.0.1500.95

    [ File : C:\Users\Severin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : urls_to_restore_on_startup

    [ File : C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [4268 octets] - [28/08/2013 14:08:04]
    AdwCleaner[R1].txt - [4328 octets] - [28/08/2013 18:47:56]
    AdwCleaner[R2].txt - [4388 octets] - [29/08/2013 11:48:06]
    AdwCleaner[S0].txt - [4138 octets] - [29/08/2013 11:48:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4198 octets] ##########

  3. #13
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Good. Let's see the final steps then


    THESE STEPS ARE VERY IMPORTANT

    Let's reset system restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

    A To disable the System Restore feature:

    1. Click on the Start button.
    2. Hover over the Computer option, right click on it and then click Properties.
    3. On the left hand side, click Advanced Settings.
    4. If asked to permit the action, click on Allow.
    5. Click on the System Protection tab.
    6. Select c: drive and click Configure...
    7. Select Turn off protection
    8. Press OK.
    Repeat steps 6-8 for each hard drive.

    B. Reboot.

    C Turn ON System Restore.
    Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.

    Uninstall adwCleaner
    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.




    Now lets uninstall ComboFix:
    • Click START then RUN
    • Now copy-paste Combofix /uninstall in the runbox and click OK



    UPDATING WINDOWS AND INTERNET EXPLORER

    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.



    Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


    Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •