Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Can't remove win32.2urface.bho

  1. #11
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default

    C:\$Recycle.Bin\S-1-5-21-614374451-640586071-3639636259-1002\$RK68PJ2\Quarantine\C\Program Files (x86)\DeltaFix\DeltaFix.dll.vir a variant of Win32/Adware.MultiPlug.DX application
    C:\$Recycle.Bin\S-1-5-21-614374451-640586071-3639636259-1002\$RK68PJ2\Quarantine\C\ProgramData\Trusted Publisher\SW-Booster\SW-Booster.exe.vir Win32/TrojanDownloader.Agent.ACF trojan
    C:\$Recycle.Bin\S-1-5-21-614374451-640586071-3639636259-1002\$RK68PJ2\Quarantine\C\Users\UserPrime\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjlbpeobfoehgedfokphelfpbhmdphco\1\tFeo.js.vir JS/Kryptik.ATB trojan
    C:\$Recycle.Bin\S-1-5-21-614374451-640586071-3639636259-1002\$RK68PJ2\Quarantine\C\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\kE@I3AZM.com\content\bg.js.vir JS/Kryptik.ATB trojan
    C:\$Recycle.Bin\S-1-5-21-614374451-640586071-3639636259-1002\$RK68PJ2\Quarantine\C\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\kxm0TR@p.com\content\bg.js.vir JS/Kryptik.ATB trojan
    C:\$Recycle.Bin\S-1-5-21-614374451-640586071-3639636259-1002\$RK68PJ2\Quarantine\C\Users\UserPrime\AppData\Roaming\Mozilla\Firefox\Profiles\swnccxfp.default-1396138438950\Extensions\tfQ@S.com\content\bg.js.vir JS/Kryptik.ATB trojan
    C:\ProgramData\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll Win32/InstalleRex.M potentially unwanted application
    C:\ProgramData\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll Win32/InstalleRex.M potentially unwanted application
    C:\ProgramData\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll Win32/InstalleRex.M potentially unwanted application
    C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js JS/Kryptik.ATB trojan
    C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js JS/Kryptik.ATB trojan
    C:\Users\All Users\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll Win32/InstalleRex.M potentially unwanted application
    C:\Users\All Users\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll Win32/InstalleRex.M potentially unwanted application
    C:\Users\All Users\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll Win32/InstalleRex.M potentially unwanted application
    C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js JS/Kryptik.ATB trojan
    C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js JS/Kryptik.ATB trojan
    C:\Users\UserPrime\Desktop\FlashVault\MyApps\Download\setup.exe a variant of Win32/AirAdInstaller.A potentially unwanted application
    C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Design\New\156554.png HTML/Iframe.B.Gen virus
    C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Funny\2b67321367a594f08b38dbfbb2225b66.jpg HTML/Iframe.B.Gen virus
    C:\Users\UserPrime\Desktop\FlashVault\MyPictures\Photo Editors\cbsi-3_2_5_39-10703122.exe a variant of Win32/CNETInstaller.B potentially unwanted application
    C:\Users\UserPrime\Downloads\setup-adblock-master.exe Win32/Somoto.E potentially unwanted application
    C:\Users\UserPrime\Downloads\SmartHideIPSetup.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
    C:\Users\UserPrime\Downloads\SoftonicDownloader_for_winmail-reader.exe a variant of Win32/SoftonicDownloader.G potentially unwanted application
    C:\Users\UserPrime\Downloads\New folder (2)\rcsetup151.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

  2. #12
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    C:\$Recycle.Bin <-- remove/empty what you have in your Recycle bin.


    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

    start
    CloseProcesses:
    C:\ProgramData\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll
    C:\ProgramData\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll
    C:\ProgramData\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll
    C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js
    C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js
    C:\Users\All Users\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll
    C:\Users\All Users\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll
    C:\Users\All Users\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll
    C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js
    C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js
    C:\Users\UserPrime\Desktop\FlashVault\MyApps\Download\setup.exe
    C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Design\New\156554.png
    C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Funny\2b67321367a594f08b38dbfbb2225b66.jpg
    C:\Users\UserPrime\Desktop\FlashVault\MyPictures\Photo Editors\cbsi-3_2_5_39-10703122.exe
    C:\Users\UserPrime\Downloads\setup-adblock-master.exe
    C:\Users\UserPrime\Downloads\SmartHideIPSetup.exe
    C:\Users\UserPrime\Downloads\SoftonicDownloader_for_winmail-reader.exe
    C:\Users\UserPrime\Downloads\New folder (2)\rcsetup151.exe
    EmptyTemp:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    How's your computer?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #13
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default

    Ran by UserPrime at 2015-01-27 14:04:17 Run:2
    Running from C:\Users\UserPrime\Desktop
    Loaded Profiles: UserPrime (Available profiles: UserPrime)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    CloseProcesses:
    C:\ProgramData\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll
    C:\ProgramData\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll
    C:\ProgramData\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll
    C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js
    C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js
    C:\Users\All Users\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll
    C:\Users\All Users\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll
    C:\Users\All Users\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll
    C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js
    C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js
    C:\Users\UserPrime\Desktop\FlashVault\MyApps\Download\setup.exe
    C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Design\New\156554.png
    C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Funny\2b67321367a594f08b38dbfbb2225b66.jpg
    C:\Users\UserPrime\Desktop\FlashVault\MyPictures\Photo Editors\cbsi-3_2_5_39-10703122.exe
    C:\Users\UserPrime\Downloads\setup-adblock-master.exe
    C:\Users\UserPrime\Downloads\SmartHideIPSetup.exe
    C:\Users\UserPrime\Downloads\SoftonicDownloader_for_winmail-reader.exe
    C:\Users\UserPrime\Downloads\New folder (2)\rcsetup151.exe
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    C:\ProgramData\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll => Moved successfully.
    C:\ProgramData\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll => Moved successfully.
    C:\ProgramData\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll => Moved successfully.
    C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js => Moved successfully.
    C:\ProgramData\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js => Moved successfully.
    "C:\Users\All Users\InstallMate\{221E6025-3050-44E2-A609-7872F9FD42D3}\Custom.dll" => File/Directory not found.
    "C:\Users\All Users\InstallMate\{8C3F256D-75DD-4F92-AD79-3DFF57DC079B}\Custom.dll" => File/Directory not found.
    "C:\Users\All Users\InstallMate\{C2A4C3AF-268F-4FFC-AD17-6EAD1947E159}\Custom.dll" => File/Directory not found.
    "C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\gUz.js" => File/Directory not found.
    "C:\Users\All Users\ocgopgojnbidinlnlaofbdgbbeggikkf\lsdb.js" => File/Directory not found.
    C:\Users\UserPrime\Desktop\FlashVault\MyApps\Download\setup.exe => Moved successfully.
    C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Design\New\156554.png => Moved successfully.
    C:\Users\UserPrime\Desktop\FlashVault\MyPictures\1\Funny\2b67321367a594f08b38dbfbb2225b66.jpg jpg => Moved successfully.
    C:\Users\UserPrime\Desktop\FlashVault\MyPictures\Photo Editors\cbsi-3_2_5_39-10703122.exe => Moved successfully.
    C:\Users\UserPrime\Downloads\setup-adblock-master.exe => Moved successfully.
    C:\Users\UserPrime\Downloads\SmartHideIPSetup.exe => Moved successfully.
    C:\Users\UserPrime\Downloads\SoftonicDownloader_for_winmail-reader.exe => Moved successfully.
    C:\Users\UserPrime\Downloads\New folder (2)\rcsetup151.exe => Moved successfully.
    EmptyTemp: => Removed 436 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 14:04:29 ====


    Reran Spybot, Emisoft and ESET. No problems found, ESET reported previous issues in quarantine. Is there anything else I need to do?

  4. #14
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    If the computer feels back to normal I think we can finish up now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #15
    Junior Member
    Join Date
    Jan 2015
    Posts
    8

    Default

    It does. I've restarted Emisoft active protection and Spybot teatimer so hopefully that should prevent future issues. Thank your for your help.

  6. #16
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    DelFix

    -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #17
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Glad we could help.

    Since this issue appears resolved ... this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •