Roll Around malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Vako, Mar 12, 2015.

  1. Vako

    Vako Private E-2

    Tried every AV they found the malware deleted them but still popping ads and tabs. now AV wont find the malware but it stiill there..

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/12/2015
    Scan Time: 2:21:49 AM
    Logfile: scan.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.03.12.02
    Rootkit Database: v2015.02.25.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: TxnerT

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 446336
    Time Elapsed: 17 min, 44 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 4
    PUP.Optional.BoostSaves.A, C:\Users\TxnerT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [564ccf75563466d0532d8a2d34cff60a],
    PUP.Optional.BoostSaves.A, C:\Users\TxnerT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, Delete-on-Reboot, [f7abdb69ef9b74c293ede2d53fc4a957],
    PUP.Optional.Boost.A, C:\Users\TxnerT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [e6bc60e4dab02b0b7ec65d74cc372bd5],
    PUP.Optional.Boost.A, C:\Users\TxnerT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Delete-on-Reboot, [acf671d390fabb7b91b3d3fedb281fe1],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     

    Attached Files:

    Vako, Mar 12, 2015
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Which browser are you having the problems with?
     
    TimW, Mar 12, 2015
    #2
  3. Vako

    Vako Private E-2

    Happens in Chrome
     
    Vako, Mar 12, 2015
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Mar 12, 2015
    #4
  5. Vako

    Vako Private E-2

    Got worse
     
    Vako, Mar 12, 2015
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun Hitman and delete all the cookies. Reboot and rescan with Hitman and attach the new log.
     
    TimW, Mar 12, 2015
    #6
  7. Vako

    Vako Private E-2

    Code:
    HitmanPro 3.7.9.212
www.hitmanpro.com

   Computer name . . . . : LEGEND
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Legend\TxnerT
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Paid (255 days left)

   Scan date . . . . . . : 2015-03-12 15:41:13
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 11m 46s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 2,453,706
   Files scanned . . . . : 35,662
   Remnants scanned  . . : 525,538 files / 1,892,506 keys

    Issue still persists. Says reboot no cuz i closed it then did a normal reboot.
     
    Vako, Mar 12, 2015
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please download ComboFix to your desktop. Turn off any AV software you have before you run it. Attach the log when finished. Do not do anything while it is running or it may stall the program.
     
    TimW, Mar 12, 2015
    #8
  9. Vako

    Vako Private E-2

    still same issue.
     

    Attached Files:

    Vako, Mar 12, 2015
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This is something we haven't seen before. Let me consult with my colleagues.
     
    TimW, Mar 12, 2015
    #10
  11. Vako

    Vako Private E-2

    Yes sir, Waiting.
     
    Vako, Mar 12, 2015
    #11
  12. Vako

    Vako Private E-2

    Vako, Mar 12, 2015
    #12
  13. Vako

    Vako Private E-2

    Nevermind, you can close topic. I deleted chrome and installed it again. Everything is fine.
     
    Vako, Mar 12, 2015
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Mar 13, 2015
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds