Unable to Get Rid Program "Dynamic Targeting Fruttinet"

I got this malware last night, when I tried to play a music file. It changed my home page to "fruttisearch.com," I knew something was up, so I followed the procedure:

1. house cleaning
2. install and run CCleaner
3. enable viewing of hidden files, system folders, etc.
4. uninstall known malware (i tried to uninstall the program "Dynamic Targeting Fruttinet," but it asked for verification, so i stopped there...)
Then I Followed Vista Cleaning Procedures...
5. Download Super Anti Spyware
6. Download MalwareBytes (skipped downloading "combofix" and "rootrepeal" because i run on 64 bit)
7. Download MGtools
8. Disable UAC
9. Install and run programs (logs are attached) (note: i ran malwarebytes once, before i found this forum, then ran it again...so theres two logs)

After following the procedure, the program "Dynamic Targeting Fruttinet" is still viewable on the Program list. HELP! What additional steps do I need to get rid of this program.

Thanks for the help!!!

 

Welcome to Majorgeeks!

Besides the "Dynamic Targeting Fruttinet" entry are there any other problems still with the computer?

Also please update MBAM and run a new scan then attach the log.

Open Malwarebytes' Anti-Malware.

* Click the Update tab.
* Click Check for Updates
* If an update is found, it will download and install.
* Click the Scanner tab.
* Select Perform Quick Scan, then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

THanks for your help.

Other than the program still showing in my Programs list, there is no other issue with my computer.

Ok, so I followed the procedure...

1. Update MBAM
2. Perform quick scan
3. NO MALICIOUS ITEMS FOUND

note. my computer still has UAC disabled, and hidden files, etc. open

Attached is the log. What other steps can i do to get rid of it?

 

From the logs it looks like most of the Fruittysearch was removed and all that's left is remnants that we can manually remove and then update your Java so you have the latest secure version.

Download OTM by OldTimer to your desktop.

Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code:

:Processes
explorer.exe

:services

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ad3496df-ebcb-406e-c6b1-f6adeb48c5ed]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager]

:files
C:\Windows\system32\ad3496df-ebcb-406e-c6b1-f6adeb48c5ed.exe
C:\Windows\SysWOW64\ad3496df-ebcb-406e-c6b1-f6adeb48c5ed.exe
C:\ProgramData\Viewpoint

:Commands
[purity]
[emptytemp]
[start explorer]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and add it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.



Now update your Java. The current Sun Java versions is: Java(TM) 6 Update 16 and you have Java(TM) 6 Update 6.
See Updating Sun Java



Next post please add the OTM log.

 

Again, thanks for your assistance...

I followed your directions exactly as you stated.

Everything went smoothly, from what I could tell. And the program is no longer viewable in the programs list. Attached is the log from OTM....

 

Looks good.

You can remove OTM now.

1. Double click OTM to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTM will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. When finished exit out of OTM.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

I did everything you said, and I will continue to follow thru with the "How to Protect Yourself" process. I want to thank you, and everybody else who works soo hard to keep our computers safe. I really appreciate it, and I can't thank you enough.

 

Your welcome and safe surfing...