I'm tTrying to get rid of s.yimg.com on my desk top

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by greybuffalo, Mar 24, 2015.

  1. greybuffalo

    greybuffalo Staff Sergeant

    Firstly,although I turned off my McAfee firewall and real time scanning,MGTools failed to download into C or desktop:confused
    I am running windows 7 on firefox
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did you get error messages with Firefox? Try using I.E..
     
  3. greybuffalo

    greybuffalo Staff Sergeant

    I tried with I.E,but the download doesnt come up & takes me to a blank page
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Try download the latest version of MGtools and save it to your root folder.
     
  5. greybuffalo

    greybuffalo Staff Sergeant

    It failed again? in C and was blocked on desktop,even though I have disabled my anti virus software
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    So far, I am not seeing any malware. Where are you seeing the issue? Which browser?
     
  7. greybuffalo

    greybuffalo Staff Sergeant

    Its on firefox,and when i go to yahoo,i see this Chinese writing over the page,like a laser disco light and i see at the bottom of my screen "connecting to s yimg.com
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  9. greybuffalo

    greybuffalo Staff Sergeant

    i am doing it again,will come back
     
  10. greybuffalo

    greybuffalo Staff Sergeant

    The MGtools on firefox keeps getting blocked?even though I have my security turned off,see image
     

    Attached Files:

  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    New versions of Firefox will falsely tell you that MGtools.exe is a virus and it will not let you download it. It also does not let you override this false accusation. Do the below to fix this issue:

    In Firefox's Menu ( if you don't see the Menu bar then right click on the top area of the Firefox window and select the Menu Bar selection to enable it. Also something that should be enabled by default in my opinion )
    Now on the Menu Bar select Tools. Then select Options
    On the Options form select the Security tab.
    Now uncheck the below check box
    Block reported attack sites
    Now click OK to save the change
    Now see if you can download MGtools.exe
     
  12. greybuffalo

    greybuffalo Staff Sergeant

    Yes,
    that did it,its downloading now,I will post the log soon
     
  13. greybuffalo

    greybuffalo Staff Sergeant

    The MG logs
     

    Attached Files:

  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not finding any malware in those logs. Did you reset FireFox?
     
  15. greybuffalo

    greybuffalo Staff Sergeant

    Yes,I did,when you daid i should,before MG scan
     
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did that fix the problem?
     
  17. greybuffalo

    greybuffalo Staff Sergeant

    It seems,yahoo is working properly-thanks!
     
  18. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
  19. greybuffalo

    greybuffalo Staff Sergeant

    I still have s.yimg.com ,its affecting my photo uploads and chnese writing on yahoo mail:confused
     
  20. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Again, were is this showing up? Is it again in FireFox? How is it showing up in your mail?
     
  21. greybuffalo

    greybuffalo Staff Sergeant

    well,first when yahoo opens its mostly blacked out,then I have these Chinese charactors around,see image
     

    Attached Files:

  22. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Is the problem confined to your Yahoo mail account?
     
  23. greybuffalo

    greybuffalo Staff Sergeant

    No,not only yahoo,
    my computer appears slow loading,also uploading pictures
     
  24. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    First, rerun both RogueKiller and Hitman and attach the logs.

    Then run an online scan:

    eSet Online Scan.
     
  25. greybuffalo

    greybuffalo Staff Sergeant

    Attached
     

    Attached Files:

  26. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It;s not showing up in any logs. Let's try one last thing:

    Please download ComboFix to your desktop. Turn off any AV software you have before you run it. Attach the log when finished. Do not do anything while it is running or it may stall the program.
     
  27. greybuffalo

    greybuffalo Staff Sergeant

    Here is the combo fix file
     

    Attached Files:

  28. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Attach the logfile to your next next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
     
  29. greybuffalo

    greybuffalo Staff Sergeant

    Attached
     

    Attached Files:

  30. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Have ADW fix these two items, otherwise I am at a loss.

    Code:
    Folder Found : C:\Users\Leos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
    Key Found : HKLM\SOFTWARE\Solvusoft
    Is it still confined to FireFox? If so, do the following:

    We are going to be uninstalling your old version of FireFox and installing the new version. Except

    we will be using

    Revo Uninstaller
    . So do the below to save bookmarks:


    • Run FireFox and click Bookmarks.
    • Then select Organize Bootmarks.
    • Then on the next window click File and then select Export. Save the bookmarks.html

      file to your Desktop for later use in importing.
    Now download and save the installer for the current version of FireFox but DO NOT

    install it yet. Get it here:

    Mozilla FireFox



    You will need to exit FireFox now and use Internet Explorer to continue with the below

    until we reinstall FireFox.

    Start by uninstalling FireFox and then reboot. Do not skip the reboot.

    After reboot, delete the below folders:

    • C:\Program Files\Mozilla Firefox
    • C:\users\UserAccount\AppData\Roaming\Mozilla\Firefox

    where UserAccount is the actual user account name being used.

    Now reinstall FireFox from the file previously downloaded.
    Import your bookmarks file. (similar process to exporting).

    Any better?
     
  31. greybuffalo

    greybuffalo Staff Sergeant

    I am not seeing any chinese charactors now,perhapes,that did do the job.
    I will hang for a few days and see how she goes,if I have anymore problems ,I will continue,with your instructions and let you know.
    Thanx a ton!:-D
     
  32. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let me know. ;)
     
  33. greybuffalo

    greybuffalo Staff Sergeant

    The Chinese writing is back,it covers the tabs at the top,denying mea point to close my tabs,I will instal the new firefox and let you know,its a real bugger
     
  34. greybuffalo

    greybuffalo Staff Sergeant

    I think you should look into this Chinese bug,its back again ,see attached images.
    I use Firefox and do not enjoy I.E,would you recommend a alternative private browser?
    I had such a hard time capturing thes,as screeenhunter does not show them,only screen capture :confused
     

    Attached Files:

  35. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please download ComboFix to your desktop. Turn off any AV software you have before you run it. Attach the log when finished. Do not do anything while it is running or it may stall the program.
     
  36. greybuffalo

    greybuffalo Staff Sergeant

    Combo keeps failing on desktop?
     
  37. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am consulting with my colleagues about this.....hang in there.
     
  38. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Based on the previous MGlogs.zip file we have to get all of the below conflicting software uninstall first! This more than likely causing problems getting anything to run properly including ComboFix and will also hinder cleanup.

    Uninstall All of the below
    F-Secure PSC Prerequisites
    McAfee SiteAdvisor and any other software that you have from McAfee ( logs showed a lot ).
    Plusnet Protect

    Now uninstall Firefox and do not reinstall it yet! Use Internet Explorer for now.

    Now delete the below folders. If you have a problem finding or deleting, make sure you tell us.
    C:\Users\Leos\AppData\Roaming\Mozilla\Firefox
    C:\Program Files\Mozilla Firefox

    Also delete the below shortcut if it still exists:
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk

    Now empty your Recycle Bin

    Then reboot your PC. After reboot, see if you can now get ComboFix to run and produce a log. Whether you can run it or not, continue with the below.

    Please do the below so that we can boot to System Recovery Options to run a scan.

    For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    On the System Recovery Options menu you will get the following options:
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)
     
  39. greybuffalo

    greybuffalo Staff Sergeant

    F-Secure PSC Prerequisites,I cannot find it or where to uninstall it,as in Revo cleaner i cannot see it?
     
    Last edited: Apr 4, 2015
  40. greybuffalo

    greybuffalo Staff Sergeant

    Select US as the keyboard language settings,I am in the U.K?
    Select the operating system you want to repair,Firefox is now gone,what should I repair?
    attached Combofix log
     

    Attached Files:

    Last edited by a moderator: Apr 4, 2015
  41. greybuffalo

    greybuffalo Staff Sergeant

    I cannot do this:
    Enter System Recovery Options from the Advanced Boot Options:
    Restart the computer.
    As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    Use the arrow keys to select the Repair your computer menu item.
     
  42. greybuffalo

    greybuffalo Staff Sergeant

    I ws told to close this thread,and how do I do that.........
     
  43. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Nooooo no one has suggested this, continue with what TimW and Chaslang suggest to fix your issue, before going onto other software issues.
     
  44. greybuffalo

    greybuffalo Staff Sergeant

    Roger that:major
     
  45. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Select US anyway. We speak the same language.... basically. ;)

    You are selecting your Windows operating system which will appear in a list when you boot up into the system recovery environment. This has nothing to do with Firefox.

    Why not? You need to explain what problem you are having.


    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista, Win7, or Win8, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

    Now attach the below logs:
    • C:\MGlogs.zip
     
  46. greybuffalo

    greybuffalo Staff Sergeant

    When I press F8,nothing out of the ordinary happens,I cannot get those options?,so I cannot get into safemode to run that program
     
  47. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay then let's run it per the instructions below.


    Please download the latest version of FRST the below link.
    Farbar Recovery Scan Tool and save it to your Desktop.

    Note: Make sure you download the proper version ( 32 bit or 64 bit ) for your PC. Only one will run, the correct one. So it you make a mistake and download the wrong one, go back and get the other.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



    Now also run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • Fixlog.txt
    • Addition.txt
    • C:\MGlogs.zip
     
  48. greybuffalo

    greybuffalo Staff Sergeant

    Cannot download NGTools?into C or desktop?
    I have installed Opera and its fantastic fast?
    I dont know how to import my bookmarks from HTML into it?
    Cannot attach Combo fix again,see previous post.
     

    Attached Files:

  49. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Can you please be more specific on what problem you are having and what browser you are using when you have a problem? You should have no problem saving to the Desktop unless you are getting interference from protection software ( which should already be uninstalled per previous instructions ) or your browser is giving you a specific error message.


    This is a question for the Software Forum.

    I did not ask for a log from ComboFix.


    Per your FRST log I still see McAfee and F-Secure PSC Prerequisites. Did you forget to uninstall these?

    You did not attach the Addition.txt log from FRST.
     
    Last edited: Apr 6, 2015
  50. greybuffalo

    greybuffalo Staff Sergeant

    McTool log & FRST attached
     

    Attached Files:


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds