"Powered by info" Malware....Nightmare!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by magicmat, Feb 28, 2015.

  1. magicmat

    magicmat Private E-2

    Windows 7 Machine. Chrome browser infected with "Powered by Info" malware....lots of pop ups. Tried lots of removal methods but need some more advanced help now! IE unaffected currently.


    Thanks!!

    (Unable to save HitmanPro log, button can't be selected after running process)
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator). Make sure it runs until it tells you it is finished.

    Rerun RogueKiller and have it fix this item:
    Code:
    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] At1.job -- C:\Users\MATTHE~1\AppData\Local\Temp\tcas.exe -> Found
    
    Reboot and rescan with RogueKiller and attach the new log along with the new C:\MGLogs.zip
     
  3. magicmat

    magicmat Private E-2

    As requested. Thank you!
     

    Attached Files:

  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please do this:
    Reset Chrome to Defaults

    Now use windows to find and delete:
    C:\Windows\tasks\At1.job

    Tell me how things are running.
     
  5. magicmat

    magicmat Private E-2

    C:\Windows\tasks\At1.job

    This didn't exist on my machine, BUT Chrome appears to have been cleaned! Great stuff! I will update in 1 week if I have any issues (I am going away this week)

    Thanks!!!
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You have a ton of pics in temp folder. Do you want to clean that up?
     
  7. magicmat

    magicmat Private E-2

    It might be from a loads of photos I just deleted from my phone via my PC. But sure, if you have a suggestion. Many thanks!
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download OTM by Old Timer and save it to your Desktop.


    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Paste the following code under the [​IMG] area. Do not include the word Code.


    Code:
    :Processes
    explorer.exe
    
    :files'
    C:\Windows\tasks\At1.job
    C:\Windows\TEMP\*.*
    C:\Users\Matthew Stokes\AppData\Local\Temp\*.*
    
    :Commands
    [purity]
    [ResetHosts]
    [emptytemp]
    [start explorer]
    [Reboot]

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.
     
  9. magicmat

    magicmat Private E-2

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    Error: Unable to interpret <:files'> in the current context!
    Error: Unable to interpret <C:\Windows\tasks\At1.job> in the current context!
    Error: Unable to interpret <C:\Windows\TEMP\*.*> in the current context!
    Error: Unable to interpret <C:\Users\Matthew Stokes\AppData\Local\Temp\*.*> in the current context!
    ========== COMMANDS ==========
    File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
     

    Attached Files:

  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Crap.....how did I get an apostrophe in there. Let's do it again.


    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Paste the following code under the [​IMG] area. Do not include the word Code.


    Code:
    :Processes
    explorer.exe
    
    :files
    C:\Windows\tasks\At1.job
    C:\Windows\TEMP\*.*
    C:\Users\Matthew Stokes\AppData\Local\Temp\*.*
    
    :Commands
    [purity]
    [ResetHosts]
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large [​IMG] button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds