Getting rid of ShopDrop from Chrome
- Thread starter MrLutz
- Start date
- Status
ken545
Emeritus-Security Expert
Lets do another search, you will need to download and run the 64 bit version of this program
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code::folderfind ShopDrop :filefind ShopDrop :regfind ShopDrop - Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Ok, i did the search, but it didnt find anything. but thats because i wrote the malware wrong in the title! that thing is actually written with two O's, sorry. i hope that didnt make all the stuff we did before useless..
i did the search again written correctly:
SystemLook 30.07.11 by jpshortstuff
Log created at 04:59 on 12/01/2014 by Lutz
Administrator - Elevation successful
========== folderfind ==========
Searching for "ShopDroop"
No folders found.
========== filefind ==========
Searching for "ShopDroop"
No files found.
========== regfind ==========
Searching for "ShopDroop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop]
@="ShoPDroop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop.4.7]
@="ShoPDroop"
-= EOF =-
i did the search again written correctly:
SystemLook 30.07.11 by jpshortstuff
Log created at 04:59 on 12/01/2014 by Lutz
Administrator - Elevation successful
========== folderfind ==========
Searching for "ShopDroop"
No folders found.
========== filefind ==========
Searching for "ShopDroop"
No files found.
========== regfind ==========
Searching for "ShopDroop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop]
@="ShoPDroop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop.4.7]
@="ShoPDroop"
-= EOF =-
ken545
Emeritus-Security Expert
Hi,
I saw the way it was spelled in your log, looks like they are trying to confuse us
Open OTL.exe
I saw the way it was spelled in your log, looks like they are trying to confuse us
Open OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code::OTL :Services :Reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop.4.7] :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [EMPTYJAVA] [emptytemp] [start explorer] [Reboot] - Then click the Run Fix button at the top. <--Not run Scan
- Let the program run unhindered, reboot when it is done
- Then post the results of the log it produces
Ok, i ran OTL with the code.
I forgot to switch of antivir the first time, i intercepted some move from OTL.
so i did it gain, with all protection software switched of.
here is the first fix(i guess that one worked allready), below that the second fix with antivir etc of.
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop.4.7\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lutz\Desktop\cmd.bat deleted successfully.
C:\Users\Lutz\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Lutz
->Java cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Lutz
->Temp folder emptied: 32327 bytes
->Temporary Internet Files folder emptied: 1864097 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 367767159 bytes
->Flash cache emptied: 708 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12065 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 353.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01122014_145342
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(201401121444477CC).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(201401121444477CC).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(201401121444517CC).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.de-de.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
SECOND FIX:
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop.4.7\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Lutz\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Lutz
->Java cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Lutz
->Temp folder emptied: 25798 bytes
->Temporary Internet Files folder emptied: 556436 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6689466 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1930 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 7.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01122014_145915
Files\Folders moved on Reboot...
C:\Users\Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(2014011214554779C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(2014011214554779C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(2014011214554779C).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.de-de.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
I forgot to switch of antivir the first time, i intercepted some move from OTL.
so i did it gain, with all protection software switched of.
here is the first fix(i guess that one worked allready), below that the second fix with antivir etc of.
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop.4.7\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lutz\Desktop\cmd.bat deleted successfully.
C:\Users\Lutz\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Lutz
->Java cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Lutz
->Temp folder emptied: 32327 bytes
->Temporary Internet Files folder emptied: 1864097 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 367767159 bytes
->Flash cache emptied: 708 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12065 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 353.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01122014_145342
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(201401121444477CC).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(201401121444477CC).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(201401121444517CC).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.de-de.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
SECOND FIX:
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopeDRop.ShopeDRop.4.7\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Lutz\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Lutz
->Java cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Lutz
->Temp folder emptied: 25798 bytes
->Temporary Internet Files folder emptied: 556436 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6689466 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1930 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 7.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01122014_145915
Files\Folders moved on Reboot...
C:\Users\Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(2014011214554779C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(2014011214554779C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(2014011214554779C).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.de-de.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
ken545
Emeritus-Security Expert
ok
- Click the Chrome menu
on the browser toolbar.
- Select Settings.
- Scroll down to Show advanced settings...
- Locate the Privacy Section, select Content Settings
- In the pop up window scoll to Plug-Ins, select Disable individual plug-ins...
- Locate the following plug-ins and set them to Disable:
- Shoopdrop
- Exit Chrome settings menu.
ken545
Emeritus-Security Expert
Can you go in there and remove or disable it ?
https://support.google.com/chrome/answer/187443?hl=en
https://support.google.com/chrome/answer/187443?hl=en
ken545
Emeritus-Security Expert
Good, then just keep deactivated
There is a new tool out by Malwarebytes Malwarebytes Anti Exploit, no scan to run, just down load and install it and it will help block your browser from exploits
http://downloads.malwarebytes.org/file/mbae_beta/
Give it a shot and let me know what you think
Read this
https://forums.malwarebytes.org/index.php?showtopic=136424
There is a new tool out by Malwarebytes Malwarebytes Anti Exploit, no scan to run, just down load and install it and it will help block your browser from exploits
http://downloads.malwarebytes.org/file/mbae_beta/
Give it a shot and let me know what you think
Read this
https://forums.malwarebytes.org/index.php?showtopic=136424
Last edited:
I installed and am running Malwarebytes Anti Exploit.
is seems like a easy enough and cool tool, which is hopefully going to prevent future attacks.
but its not capable of changing anything about shopdrop right'?
one different and easy enough step to get rid of shopdrop would be to reboot my system, right?
is seems like a easy enough and cool tool, which is hopefully going to prevent future attacks.
but its not capable of changing anything about shopdrop right'?
one different and easy enough step to get rid of shopdrop would be to reboot my system, right?
Hi!
Well, with rebooting i actually ment 'format c:'.
that beast is still there and doesnt wanne go. even though it doesnt seem to do anything right now, i have to admit that i dont really feel safe that way.
so i figure, its going to be best if i put up the system completely new in the upcoming month. even though its going to be a hussle to save data and such, but still seems to be easier than dealing with it.
i haven't done that in the last 6 years yet, so maybe it was even overdue...
but i'm really thankfull for your help! sorry i'm givin up on u like that
Lutz
Well, with rebooting i actually ment 'format c:'.
that beast is still there and doesnt wanne go. even though it doesnt seem to do anything right now, i have to admit that i dont really feel safe that way.
so i figure, its going to be best if i put up the system completely new in the upcoming month. even though its going to be a hussle to save data and such, but still seems to be easier than dealing with it.
i haven't done that in the last 6 years yet, so maybe it was even overdue...
but i'm really thankfull for your help! sorry i'm givin up on u like that
Lutz
ken545
Emeritus-Security Expert
Sometimes a reformat of the drive and a new install of windows is a good thing, but I really dont think its needed here, but that up to you
Why dont you just try uninstalling Chome, use Revo Uninstaller so that you get all the files folders and registry entries, then reboot when its done and try installing a fresh new copy of Chrome
http://www.revouninstaller.com/revo_uninstaller_free_download.html
https://www.google.com/intl/en/chrome/browser/
Let me know how it went
Why dont you just try uninstalling Chome, use Revo Uninstaller so that you get all the files folders and registry entries, then reboot when its done and try installing a fresh new copy of Chrome
http://www.revouninstaller.com/revo_uninstaller_free_download.html
https://www.google.com/intl/en/chrome/browser/
Let me know how it went
- Status