Browsers Hijacked

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Louis Cooper, Feb 10, 2017.

  1. Louis Cooper

    Louis Cooper Private E-2

    Hello.
    My browsers seem to have been hijacked by something called "RAVEL" - adds are playing in the background and I can't find the source of it. I did download a tool from the net that may have been the cause of it. The adds will play even if I don't have a browser open. At times it sounds like 3 or 4 adds open and play at the same time.

    Attached is the log file from adaware. After running it I now find that my browsers shortcuts will no longer work.

    Prior to this when my browsers did open (firefox) the landing page was a directory of some sort - also attached. The only browser that isn't affected is AOL which I am now using to contact you.

    When I tried to run malwarebytes a number of pup up boxes with "ravel" in the title bar open and the comuter goes to 100% cpu usage and moves at a crawl.

    When I tried to do a system restore it also fails saying that a program may be blocked by my anti virus software.

    My computer specs are also attached. Please help me with this. My normal email is -
    *Moderator edit: removed e-mail address to prevent spamming
    Many thanks in advance
     

    Attached Files:

    Last edited by a moderator: Feb 10, 2017
    Louis Cooper, Feb 10, 2017
    #1
  2. Louis Cooper

    Louis Cooper Private E-2

    Hello, this is the RougeKiller log. I did an adaware scan and clean BEFORE I saw the instructions on your readme page. The scans take quite a long time because the "ravel" keeps trying to open windows
     

    Attached Files:

    Louis Cooper, Feb 10, 2017
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We really need you to full run our Read & Run ME First instructions, but let's see if we can make a dent in your problems first before doing the Read & Run Me.

    Uninstall any of the below programs if you find them installed:
    MyWebShield
    REOptimizer


    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of the code box
    • Make sure that you scroll all the way to the bottom of the code box to get the whole fix!
    Code:
    :Processes
explorer.exe

 
:Files
C:\Program Files (x86)\Lan\ravel.exe
C:\Program Files (x86)\Lan
C:\Program Files (x86)\disfigured\letourneau.exe
C:\Program Files (x86)\disfigured
C:\Program Files (x86)\OneSystemCare
C:\Users\test\AppData\Local\uninstallro.exe
C:\Program Files (x86)\Internet Explorer\iexplore.bat
C:\Program Files (x86)\Google\Chrome\Application\chrome.bat
C:\Program Files (x86)\Mozilla Firefox\firefox.bat
C:\Users\test\AppData\Local\voxdff.dll
C:\Users\test\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
C:\Users\test\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe
C:\Users\test\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe
C:\Users\test\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
C:\Users\test\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe


:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1}]
[-HKEY_USERS\S-1-5-21-2046385470-826580156-416075595-1004\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\mweshield]
[-HKEY_USERS\S-1-5-21-2046385470-826580156-416075595-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"voxdff"=-
"haves"=-

:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now rerun a scan with RogueKiller and save a new log.

    Now attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the RogueKiller log
    Any change to your status?
     
    chaslang, Feb 12, 2017
    #3
  4. Louis Cooper

    Louis Cooper Private E-2

    Thank you so much for your reply - It seems that I can't run any programs because I keep getting a pop up box asking for the admin username and password - I was the admin for my own computer but it seems that I've lost or never had a password - this may have happened after the adaware scan and clean. How do i get around this?
     
    Louis Cooper, Feb 12, 2017
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Try to run without running as the Administrator. Also note that being the Administrator and running as a member of the administrator user group are two different things. You are likely the latter. The default Administrator password may just be a blank. Also if you are a member of the Administrator user group, you should be able to reset the password.
     
    chaslang, Feb 12, 2017
    #5
  6. Louis Cooper

    Louis Cooper Private E-2

    Finally got with the tech support guys with the firm i purchased computer from. They were quite good. Solved the issue with admin access and seemed to fix the virus/bug that was giving me fits.
    They did everything by remote access and moved so fast that I can't tell you how they solved things. But I now have another issue that i described in a new post in this forum. will copy and paste here.

    The tech guys at Falcon are researching solutions and I guess I will hear from them shortly but after an hour of trying several things they didn't find a cause or solution.

    Thanks in advance for your help.

    ############################################################################################################################

    ERROR MESSAGE 0x80004002

    This error message has been giving me fits. I'm running windows 10 (which has been a constant pain in the ass since my computer upgraded to it.)

    I usually save YouTube links or web page links by dragging them into a folder and then clicking on them when I need to access the site.

    After after having a virus issue resolved by the support guys where I got my computer from I noticed that when I click on any of the links in my folders they no longer work and I get this -- >> "error 0x80004002 No such interface supported" --

    Have searched extensively for a solution online but am often directed to buy a piece of software that "guarantees" to fix the problem.

    Having been burned by one such hustler in the past I no longer trust any of those options.

    Any suggestions welcome
     
    Louis Cooper, Feb 28, 2017
    #6
  7. Louis Cooper

    Louis Cooper Private E-2

    Hello, I want to thank the moderator for correcting me on making a double post of the same issue. My apologies to the forum. I have followed everything the the 'read me, run me" and have attached the logs here.
    Thanks in advance for your response.
     

    Attached Files:

    Louis Cooper, Feb 28, 2017
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You still need to complete my previous fix from message #3 so that we can continue.
     
    chaslang, Mar 5, 2017
    #8
  9. Louis Cooper

    Louis Cooper Private E-2

    Hello and thanks for your response,

    Went back to post 3 and completed the required tasks. Could not initially get OTM to run. Thought that version I had was outdated searched for a newer ver. and found something called OTL which seem to be part of the OTM family. Ran that scan also and included those.

    Thanks in advance for your help.
     

    Attached Files:

    Louis Cooper, Mar 7, 2017
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please only follow the instructions we give and nothing more. I only wanted you to run the OTM fix with the version I gave you in the link and then RogueKiller. If you have problems running any of the tools then just come back and report the problems and we will figure out how to address them.

    Are you currently having any malware issues?
     
    chaslang, Mar 8, 2017
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds