MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 01-05-13, 16:47
amateur09 amateur09 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Default No Internet Television Fanatic Malware

My daughter has Toshiba Satellite windows 7 64 bit that can't connect to the internet. Ran malware bytes a few nights ago which identified 283 issues many noting television fanatic and film fanatic. Quarantined items and ran CCleaner and was able to partly use internet for google and facebook but not all features. Next day again unable to connect to internet.

Following instructions from Chaslang, I uninstalled Spybot because I couldn't access it to disable, did Defogger, disabled UAC, temporarily disabled AVG antivirus, and got logs from the 5 recommended programs. Since computer has no internet, logs were transferred via flashdrive. I'm not sure that I ran the MG tools correctly or maybe I'm attaching wrong item. Also, when running Hitman, I didn't get a red warning box as shown in instructions and hit next but it then said it would start cleaning and I closed the program as the guidance said not to clean anything--hope I didn't do something wrong with that.

Apoligies in advance if I'm posting or attaching something wrong.
Attached Files
File Type: log HitmanPro_20130105_1220.log (18.3 KB, 7 views)
File Type: txt mbam-log-2013-01-05 (11-43-22).txt (1.8 KB, 4 views)
File Type: zip MGlogs.zip (44.1 KB, 4 views)
File Type: txt RKreport[1]_S_01052013_02d1115.txt (3.0 KB, 5 views)
File Type: txt TDSSKiller.2.8.15.0_05.01.2013_11.50.49_log.txt (134.6 KB, 3 views)
Reply With Quote
Sponsored links
  #2  
Old 01-05-13, 21:17
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,164
Thanks: 61
Thanked 7,581 Times in 4,079 Posts
Default Re: No Internet Television Fanatic Malware

Welcome to Major Geeks!

Your MGtools log is very incomplete. You have to make sure that you allow it to finish running. Also protection software should be disabled. Please try the below.


Run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
  • C:\MGlogs.zip
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #3  
Old 01-05-13, 22:04
amateur09 amateur09 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: No Internet Television Fanatic Malware

This run of MGtools seemed better as it took longer and seemed to look like the examples. Hopefully it is now complete. Sorry about that.
Attached Files
File Type: zip MGlogs.zip (315.3 KB, 4 views)
Reply With Quote
  #4  
Old 01-05-13, 22:32
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,164
Thanks: 61
Thanked 7,581 Times in 4,079 Posts
Default Re: No Internet Television Fanatic Malware

I'm reviewing your logs now,but a question pops up on the first thing I see. The last two times I have seen this in user's logs, the user knew nothing about it and it was a source of problems. Did you install the below?

C:\\Program Files (x86)\\Sendori\\SendoriTray.exe
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #5  
Old 01-05-13, 22:44
amateur09 amateur09 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: No Internet Television Fanatic Malware

From Control Panel, Programs, is shows Sendori as being installed 12.13.12. My guess is that it was not intentionally installed. It's my daughter's computer and I can't reach her until a week from now to confirm. If it is a source of problems, I would think she'd want it removed.
Reply With Quote
Sponsored links
  #6  
Old 01-05-13, 22:56
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,164
Thanks: 61
Thanked 7,581 Times in 4,079 Posts
Default Re: No Internet Television Fanatic Malware

Quote:
Originally Posted by amateur09 View Post
From Control Panel, Programs, is shows Sendori as being installed 12.13.12. My guess is that it was not intentionally installed. It's my daughter's computer and I can't reach her until a week from now to confirm. If it is a source of problems, I would think she'd want it removed.
Let's remove it. She can always reinstall it later if she really needs it. But follow the instructions below in the order given.

Based on your logs, the internet is working just fine. So let's cleanup what I see and go from there.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: CrossriderApp0003134 - {11111111-1111-1111-1111-110011311134} - C:\Program Files (x86)\Get It Free\Get It Free.dll (file missing)
O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (file missing)
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (file missing)
O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (file missing)
O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"

After clicking Fix, exit HJT.

Uninstall the below software:
Get It Free
IB Updater 2.0.0.542
IB Updater Service
Java(TM) 6 Update 14
Sendori
StartNow Toolbar
Yontoo 1.10.03
Now install the current version of Sun Java from: Sun Java Runtime Environment

Please download OTM by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select Run as administrator to run it.
  • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
    (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
    the code box
Code:
:Processes
explorer.exe

:Services
Sendori
Partner Service
Service Sendori
sndappv2
IB Updater
 
:Files
C:\Program Files (x86)\Sendori
C:\Program Files\IB Updater
C:\Program Files (x86)\Incredibar.com
C:\ProgramData\Partner
C:\Program Files (x86)\DealPly
C:\Program Files (x86)\Get It Free
C:\Program Files (x86)\StartNow Toolbar

:Reg
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"Sendori Tray"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}]
@="TelevisionFanatic"
"DisplayName"="My Web Search"
"URL"="http://search.mywebsearch.com/mywebs...r={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]
"URL"="http://mystart.incredibar.com/mb185/...PQNXAmYrD&i=26"
"DisplayName"=""
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
    ) and choose Paste.
  • Now click the large button.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.
Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
  • the C:\_OTM\MovedFiles log
  • C:\MGlogs.zip
Make sure you tell me how things are working now!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #7  
Old 01-06-13, 00:15
amateur09 amateur09 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: No Internet Television Fanatic Malware

Ran the latest instructions provided and attached the 2 logs. Things seem to be working fine as far as I can tell. Thanks so much!!
Attached Files
File Type: log 01062013_004059.log (7.5 KB, 3 views)
File Type: zip MGlogs.zip (312.5 KB, 2 views)
Reply With Quote
  #8  
Old 01-06-13, 16:13
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,164
Thanks: 61
Thanked 7,581 Times in 4,079 Posts
Default Re: No Internet Television Fanatic Malware

You're welcome. Your logs are clean.


If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
  2. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
  4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  5. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
  6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  7. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 6 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  8. After doing the above, you should work thru the below link:
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #9  
Old 01-07-13, 05:30
amateur09 amateur09 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: No Internet Television Fanatic Malware

I will be buying Malwarebytes today. Did the other clean up procedures recommended and also added spywareblaster as recommended.

The only possible problem I had was I reinstalled Spybot (as I had to uninstall because it was interfering with getting the recommended logs). I have SD Helper enabled, but not teatimer. When I did a scan, it came up with 6 issues: Coupon bar (11 entries), iCrossrider (4 entries), DealPly (6 entries), Incredibar (3 entries), Yontou.paperage (3 entries), and facebook.messenger (1). I selected fix problems and it cleared 24 initially and then the remainder on restart. Did another scan this morning and it said no threats. Would this be something to be concerned with or anything else I need to do?

Thanks again for your work and advice.
Reply With Quote
  #10  
Old 01-07-13, 21:38
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,164
Thanks: 61
Thanked 7,581 Times in 4,079 Posts
Default Re: No Internet Television Fanatic Malware

Quote:
Originally Posted by amateur09 View Post
Did another scan this morning and it said no threats. Would this be something to be concerned with or anything else I need to do?
No not really. We had already remove the main/active components of these. What Spybot found was just some left overs. There are always dozens of registry keys used by this kind of junkware and some residual items can be left behind. What really matters are the items that our scan find and remove.

Plus the Coupon stuff is something you installed and is not really a problem. You had installed >> Coupon Printer for Windows
It is considered legit. See http://www.bleepingcomputer.com/uninstall/2798/Coupon-Printer-for-Windows.html

You could just have uninstalled it. After running Spybot that choice may no longer be possible as it likely delete things you would need in order to uninstall it.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Sponsored links
  #11  
Old 01-08-13, 05:33
amateur09 amateur09 is offline
Private E-2
 
Join Date: Dec 2012
Posts: 6
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: No Internet Television Fanatic Malware

Glad to hear the spybot scan was just removing leftover junk. To me the computer is running fine now--it's actually working, loads quicker than before, running cooler temperature wise, and according to task manager CPU usage is down (single number % at idle compared to higher before). The final test will be when my daughter gets home this weekend, but I don't forsee any problems.

For protection, we'll continue to run AVG 2013 and spybot with SD helper. Additionally I added Spyware Blaster and activated Malwarebytes for real time protection.

If this sounds like a good plan, I don't think there's any need for you to respond. I really do appreciate what you (and others like you) do here for us. There's no way I could have gotten this cleaned by myself.
Reply With Quote
  #12  
Old 01-09-13, 00:30
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,164
Thanks: 61
Thanked 7,581 Times in 4,079 Posts
Default Re: No Internet Television Fanatic Malware

Quote:
Originally Posted by amateur09 View Post
To me the computer is running fine now--it's actually working, loads quicker than before, running cooler temperature wise, and according to task manager CPU usage is down (single number % at idle compared to higher before). The final test will be when my daughter gets home this weekend, but I don't forsee any problems.
Glad to hear it is working better. Hope your daughter is happy.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it time for me to get a new television? mjnc Software 7 02-21-11 00:48
3d Television's jbdeception Software 7 04-01-10 11:54
Television on your PC cfortin Software 2 07-20-07 14:49
Internet Television Blacktop Roland Hardware 2 07-15-07 19:32
Anyone remember Liquid Television? ICeMaN The Lounge 6 09-02-04 12:30


All times are GMT -5. The time now is 15:30.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger