BuyNSave, SuperOptimizer, & registrodewindows

Discussion in 'Malware Help (A Specialist Will Reply)' started by crazy_lazy_bear, Sep 4, 2015.

  1. crazy_lazy_bear

    crazy_lazy_bear Private E-2

    My Windows 7 Home Premium 64-Bit PC with 3 GB of RAM got hit with something that goes by several names: BuyNSave, SuperOptimizer, and registrodewindows.com. They took over Internet Explorer and Google Chrome. (They didn't touch Firefox.) The current tab would switch from the current website to another hawking crapware. I thought I got rid of everything by deleting related files and folder in AppData, Program Data, etc. I also went through the registry and deleted all keys with the above names. But something is still hanging around. When I try to validate my Norton Security 2015 purchase, the Norton window says that it cannot connect the Norton server - an unknown browser exception has occurred. It then displays a javascript box with "registrodewindows.com" in the title bar. The ony way to get rid of it is to end the task in Task Manager. I have used the Norton Removal Tool and attempted a reinstall after a reboot with the same results. That brought me to Major Geeks. Thank you for this service. Attached are the log files. (The TDSSKiller file was too big to attach, so I split it in two parts.) I believe I followed the instructions to the letter. I'm a stay at home dad for a three year old, so I might have missed something if she had my attention. Sorry if I goofed up. Again, thank you for this service.

    Jay
     

    Attached Files:

    crazy_lazy_bear, Sep 4, 2015
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I need the requested log from Hitman Pro.


    Also please run the below.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
     
    chaslang, Sep 4, 2015
    #2
  3. crazy_lazy_bear

    crazy_lazy_bear Private E-2

    Hello,

    Thank you for such a quick response! Attached are the requested logs. HitmanPro found three registry entries I would like to delete: PCOptimizerPro, UniDeals, and BrowseGuard. I will await your response before I take any action. Thank you!

    Jay
     

    Attached Files:

    crazy_lazy_bear, Sep 5, 2015
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Run a scan with Hitman Pro again and this time activate the 30 day free trial license. The allow it to remove all the Potential Unwanted Programs it finds. Then immediately reboot your PC. After reboot, run a new scan with Hitman Pro and attach the new log.


    Also tell me whether you are still having problems.
     
    chaslang, Sep 5, 2015
    #4
  5. crazy_lazy_bear

    crazy_lazy_bear Private E-2

    Hey,

    Holy shit you guys are awesome!! Listen, I am flat broke (stay at home dad) but I sent $20 anyway. I wish I could give you more. I wouldn't have been able to get rid of this without you. I am not having any more problems. Thank you!

    Jay
     

    Attached Files:

    crazy_lazy_bear, Sep 5, 2015
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Thank you. :)


    Since you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • For Windows 8 and 8.1 system restore see this link: Win 8 System Restore - How to enable/disable
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Sep 5, 2015
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds