End Stage Malware Cleanup?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by DanielBurke, Jun 23, 2013.

  1. DanielBurke

    DanielBurke Private E-2

    A few days ago I was hit by malware slowly getting worse. I was experiencing...

    1. Occasionally being directed to adf.ly at random when browsing.
    2. Having popups tell me that I can back up my computer for free.
    2. Having add windows in places like Youtube be filled with extremely sketchy advertising (flashing warnings about needing to scan my computer etc.).

    I was already using malwarebytes and AVG, but this didnt seem to catch them all, so I tried SuperSpyware, and a few other tips and tricks from forums, to catch a few trogans and mostly clean things. However, I was still getting sent to ad.fly sometimes, and some advertisements still look a bit suspicious. Somewhere it seemed like the viruses still had a back door to sneak back in again and increase.

    So, I followed the excellent guide here at http://forums.majorgeeks.com/showthread.php?t=139681,

    and am now at stage 4. Mostly things have cleared up and are looking good. I think I have a lid on it. However, I still have some malware residue it seems, even if it is not, as I suspect, malignant.

    Basically, every now and then, perhaps once ever 50-60 clicks, I am still redirectled to adf.ly. HOWEVER, now it fails to actually send me there, and I get a white page. Safe enough I guess, but it interrupts my browsing and is annoying. I am also feeling like I want to make sure I really have nailed all this on the head.

    I've attached the five logs as instructed. If there is anything else you need to know please let me know. I am running Windows 7.
     

    Attached Files:

    DanielBurke, Jun 23, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Uninstall the below software:
    DefaultTab
    Java(TM) 6 Update 30


    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe

:Files
C:\Users\Daniel\Downloads\flvplayer4free_setup.exe
C:\Program Files\AVAST Software
C:\Program Files\Trend Micro
C:\Program Files (x86)\OApps
C:\Users\Daniel\AppData\Roaming\DefaultTab
C:\Windows\TEMP\*.*
C:\Users\Daniel\AppData\Local\Temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}"=-
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXTlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jun 23, 2013
    #2
  3. DanielBurke

    DanielBurke Private E-2

    Thank you very much for your reply and assistance.

    Since I posted the first post I noticed that some of the previous symptoms had made a full blown come-back. Specifically, being redirected to adf.ly, and having ad windows in places like youtube filled with suspicious advertisements. Running scans with superspyware would keep picking up bunches of fresh cookie trackers every few hours, although no trogans.

    Here are the logs of the two scans you requested. OTM crashed the first time around, but after a reboot and another go it worked fine.

    I'm not sure if this is relevant, but my computer is asking for permissions upon each reboot to run something called bdupdate, which so far I have been denying.

    Thanks again.
     

    Attached Files:

    DanielBurke, Jun 24, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I requested three. You forgot the new MGlogs.zip which I need in order to continue.

    With which browser do you still have problems with adf.ly

    Cookies are not problems. Everyone who surfs has cookies. It is mostly a waste of time to scan for cookies.
     
    chaslang, Jun 24, 2013
    #4
  5. DanielBurke

    DanielBurke Private E-2

    Oh sorry. Here is MGlogs.zip.

    Adf.ly problems are popping up with Chrome. I don't use IE. However I haven't spotted them since the last round of cleaning.

    I am still catching trogans appearing however.
     

    Attached Files:

    DanielBurke, Jun 25, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If they occur in Chrome again, uninstall Chrome and reboot. After reboot, delete the Chrome folders. Then redownload and reinstall.

    What exactly are you referring to? There were no trojans in any of your logs.
     
    chaslang, Jun 25, 2013
    #6
  7. DanielBurke

    DanielBurke Private E-2

    Sorry, I removed them prior with SuperSpyWare, which I had reinstalled and then turned off during scans with those logs. I think they are creeping back in somehow...
     
    DanielBurke, Jun 26, 2013
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Show me what you are referring to exactly. Provide a current log that shows what is coming back. SUPERAntiSpyware has false detection issues just like many other programs. Also if you are running unrequested scans on your system now before we finish final instruction, you could just be detecting things we have already removed/quarantined or things in system restore. This is one of the reasons the READ & RUN ME instructions stated not to do anything that we do not request.
     
    chaslang, Jun 26, 2013
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds