Chrome Issues

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by TheTick, Apr 9, 2017.

  1. TheTick

    TheTick Corporal

    Hey guys

    I am trying to fix my dads laptop, whenever he does a search on Chrome it redirects to other sites and loads like 4 tabs up, one being a call Microsoft site because the computer is infected. I have tried to look for and malicious software and extensions but could not find anything..

    I think he must have clicked on a link through an email which has causes this problem..
    I have run the clean me procedure and got the logs needed..

    A few issues that I came across which I don't think affected the cleaning but just to be sure I thought I would tell you about:
    ADWcleaner I ran but in your instructions it didn't say whether I should clean the logs or just leave them, so I left them.
    For some reason MalwareBytes would not run as MB.exe so I had to download again as the proper title to the program and it worked after that..
    All the others ran fine but on MGtools I left hitman running by accident, it didn't seem to stop the program so I just let it carry on.

    So here are the logs I got including ADWcleaner

    Thanks Guys :)
     

    Attached Files:

    TheTick, Apr 9, 2017
    #1
  2. TheTick

    TheTick Corporal

    Hey guys.. any reason my post is not being answered? It is wrong in some way? Or in the wrong forum?

    I can move it

    Cheers

    Adam
     
    TheTick, Apr 12, 2017
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    There are only two of us doing malware removal so you need to have patience. In the mean time, have ADW remove all it found. Then rerun Hitman and have it fix these items:

    Potential Unwanted Programs _________________________________________________

    HKU\S-1-5-21-3424643149-3300347482-501655377-1001\Software\Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\ (UniDeals)
    HKU\S-1-5-21-3424643149-3300347482-501655377-1001_Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\ (UniDeals)

    Reboot and rescan with Hitman and also attach the log from running RogueKiller.

    Next:
    Reset Chrome to Defaults
     
    TimW, Apr 12, 2017
    #3
  4. TheTick

    TheTick Corporal

    My apologies for seeming impatient. I didn't mean to come across that way. I was a bit paranoid that i had run the scans wrong or had posted in the wrong forum.. it wasn't my intention to try and skip the queue, i do understand how busy you are and as volunteers respect what you do here.

    I did what you said and run adw has stopped working and been frozen for about 1hr.


    Please don't feel you need to respond to this straight away because of my mistake earlier, now i know i am in the right place i am good waiting

    Sorry again
     
    TheTick, Apr 12, 2017
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did you remove what I asked you to remove in Hitman? Did you run RogueKiller? Do you have the new logs to attach?

    Did you reset Chrome?
     
    TimW, Apr 12, 2017
    #5
  6. TheTick

    TheTick Corporal

    Hey, sorry for some reason adw froze and wouldn't let me restart my comp, once it rebooted I re ran adw and it said that it found no threats, so I assume it cleaned the threats and but froze on shut down

    I also ran Hitman and deleted those things you told me to

    Sorry I forgot to add the RK logs here it is

    and i reset chrome
     

    Attached Files:

    TheTick, Apr 12, 2017
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun RogueKiller and remove these items:

    ¤¤¤ Registry : 7 ¤¤¤
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3424643149-3300347482-501655377-1001\Software\WebApp -> Found
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3424643149-3300347482-501655377-1001\Software\WebApp -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} : "C:\ProgramData\cisBAEC.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} [x] -> Found

    Reboot and rescan with RogueKiller and attach the new log. Be sure to tell me how things are running.
     
    TimW, Apr 12, 2017
    #7
  8. TheTick

    TheTick Corporal

    Hi

    Apart from the computer struggling to start after a windows update, things seem to be running ok, i have just been on Chrome and it is has not redirected me.

    Here is the rogue killer log

    Thanks

    adam
     

    Attached Files:

    TheTick, Apr 13, 2017
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looks good.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. After doing the above, you should work thru the below link:
     
    TimW, Apr 13, 2017
    #9
  10. TheTick

    TheTick Corporal

    Hi

    I have completed all the final steps, the comp seems to be running well.

    Just one quick question, Rogue killer picked up 3 other programs running i take it they are not an issue?

    Thanks

    adam
     
    TheTick, Apr 13, 2017
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No, they are not an issue.
     
    TimW, Apr 13, 2017
    #11
  12. TheTick

    TheTick Corporal

    Ok thank you for all your help :) and apologies again for the early message..
     
    TheTick, Apr 13, 2017
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are welcome. Safe surfing.
     
    TimW, Apr 13, 2017
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds