Trying to remove malware "Bocamonitor" but Spybot doesn't see it

Did not find Bocomonitor anywhere. Was that to be expected/hoped for?
Click to expand...
This was just a double check to make sure it was not hiding somewhere



Q: Under Manage Search Engines: Other Search Engines
I found lots. deleted most, but they included Netflix and Amazon, both of which I use regularly.
Should I delete them anyway? Result?
Click to expand...
Nope, if there something you use and know is legit than just leave them be, just remove anything suspicious that you never heard of



Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.





==========================================================




Please download DelFix and save the file to your Desktop.






  • Windows XP Double Click DelFix.exe to run the program.
  • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
  • Checkmark " Remove Disinfection Tools"
  • Click the Run button



This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually






==========================================================








How did I get infected in the first place ?








Safe Surfn
Ken
 
adwcleaner

I don't think I ever ran adwcleaner since I don't haave it on my desktop.
I couldn't figure out how to put it on my desktop, but here is the .txt file.


# AdwCleaner v5.004 - Logfile created 30/08/2015 at 11:26:47
# Updated 26/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Carolyn_2 - HP15R263DX
# Running from : C:\Users\Carolyn_2\Downloads\adwcleaner_5.004.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\7d6e32ca000074d2

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\749ab3df-18db-468f-dd67-5ce2cdf20a0a
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update

***** [ Web browsers ] *****

[-] [C:\Users\Carolyn_2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.google.com/","hxxp://www.trovi.com/?gd=&ctid=CT3333531&octid=EB_ORIGINAL_CTID&ISID=M77FE2731-FC8C-4292-8FA6-25536FEA05A4&SearchSource=55&CUI=&UM=8&UP=SP9105F43C-CB01-4E14-A86B-B770B39465B1&SSPV=

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1375 bytes] ##########
 
DelFix results

I can't figure out how to download these last two adwcleaner and delfix to my desktop.

Results:

# DelFix v1.011 - Logfile created 30/08/2015 at 11:44:22
# Updated 18/08/2015 by Xplode
# Username : Carolyn_2 - HP15R263DX
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...


########## - EOF - ##########
 
Your doing fine, my bad on AdwCleaner I had thought we ran it. Go ahead and run Junkware Removal and lets make sure its all gone. I was hesitant about running them as you stated you where in the middle of a project, adware cleaner ran fine



thisisujrt.gif
Please download Junkware Removal Tool TO YOUR DESKTOP

  • Download the one from Bleeping Computer
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Trying to run Junkware Removal Tool

Can't figure out how to shut down my protection software exc windows firewall I can turn off.
Have Windows Defender and Spybot.
 
Ran Junkware

Results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 10 Home x64
Ran by Carolyn_2 on Sun 08/30/2015 at 14:48:40.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9A40F75D9FDB245F0FF38A928F712476



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Carolyn_2\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic

[C:\Users\Carolyn_2\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Carolyn_2\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gpdjojdkbbmdfjfahjcgigfpmkopogic

[C:\Users\Carolyn_2\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Carolyn_2\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
gpdjojdkbbmdfjfahjcgigfpmkopogic
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/30/2015 at 22:50:39.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Great

Lets run Delfix again to remove Junkware Removal and you will be good to go



thisisujrt.gif
Please download Junkware Removal Tool TO YOUR DESKTOP

  • Download the one from Bleeping Computer
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Ran Delfix again

# DelFix v1.011 - Logfile created 31/08/2015 at 09:47:37
# Updated 18/08/2015 by Xplode
# Username : Carolyn_2 - HP15R263DX
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Users\Carolyn_2\Desktop\JRT (2) - Shortcut.lnk
Deleted : C:\Users\Carolyn_2\Desktop\JRT.txt
Deleted : C:\Users\Carolyn_2\Downloads\JRT (1).exe
Deleted : C:\Users\Carolyn_2\Downloads\JRT (2).exe
Deleted : C:\Users\Carolyn_2\Downloads\JRT (3).exe
Deleted : C:\Users\Carolyn_2\Downloads\JRT.exe

########## - EOF - ##########
 
Spybot settings for Malwarebytes

Yipes!!! don't go quite yet.

Last things I promise::

I think I remember you saying that if I were to get the advanced version of Malwarebytes
that I should turn off *something* in my home version with antivirus Spybot, But I can't find it in this thread.

Would you repeat?

And what exactly should I do about the Office? Can I download a new version myself? and if I download a new version will it delete my work?

I guess that's it for questions.
 
I dont know if you understand what Cracked/Keygen/Warez software is. Downloading a program that is cracked is downloaded illegally for free, Microsoft Office, a lot of the expensive Adobe products and a ton of others are prime targets for this. Normally you would have to use one of the torrents to download it but I see no trace of any torrents running on your system so I believe this was done by someone else

When we see this task running on a system it usually means that one of Microsoft's products are a cracked version and this task bypasses the activation key to let it run
Task: {A2167C38-B94D-4D14-8AEC-16069D00C8CF} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe

The thing to do is to get a hold of this guy that installed Office and demand that he makes it right, you can print this out and show him the task .



Spybot and the free version of Malwarebytes will work together but the teatimer in Spybot will interfere with the Pro Version of Malwarebytes so you decide to go Pro with Malwarebytes just disable the teatimer in Spybot

To disable TeaTimer and remove its startup entry:
Go into Spybot > Mode > Advanced Mode > Tools > Resident
Uncheck (if checked) the following:
Resident "TeaTimer" (Protection of over-all system settings) Active.


Hope this helps
 
sorry for delay

Sorry for the delay - my cursor just went b-a-n-a-n-a-s on me.

Can't get into Spybot using what you gave me.

I am running Spybot 2 and AV2.5, if that helps.

There is no "mode", just option to go into "advanced mode" and then no option for tools or resident

If I can learn how to turn off TeaTimer I will be happy...


Re: office
I was hoping to do it myself by downloading correct copy from Microsoft? So far, not returning my calls. I do know where he works ;)
 
I found under Settings
Live Protection - Mode
option to uncheck
Scan programs before they start (deactivate live protection)

Is that teatimer?


Also, yes I think I understand now exactly what happened with Office.
 
Yes, that will disable the teatimer

Keep me posted on Office, it would be interesting to hear what this guy says. I will leave the thread open for you for a few days so you can post back
 
Your welcome

Like I said I will leave this thread open for you for a few days so post back if you need anything else
 
You must log in or register to reply here.
Back
Top