please help remove ADWARE.BHO.Gen

Discussion in 'Malware Help (A Specialist Will Reply)' started by veepee67, Aug 9, 2008.

  1. veepee67

    veepee67 Private E-2

    I was trying to watch an olympics video and a notice popped up saying " you have a security problem!" and the page for installing their program keeps popping up along with the same notice.
    I also see the warning ADWARE.BHO.Gen that is being blocked by Spybot.
    The notice that keeps popping up started from this and is now an annoying recurrence on my laptop whether or not I am using the internet.
    Please help!
     
    veepee67, Aug 9, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

    READ & RUN ME FIRST. Malware Removal Guide


    Note: If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

    Starting your computer in Safe mode
     
    TimW, Aug 9, 2008
    #2
  3. veepee67

    veepee67 Private E-2

    I followed the Read and Run Me First steps from the CCleaner to the SuperAnti-spyware, Spybot and Malware Bytes anti-malware installation and scanning and removal.
    I stopped before running Combofix since I was not very confident about messing with the system. Besides, while reading through the combofix installation and steps guide, I first noticed the logo you have there is different from the one I downloaded on my desktop. Second, when I drag and drop the windows xp sp2 icon over the combofix icon, what should happen according to the installation guide doesn't happen. I stopped here I'm afraid.
    However, the pop-up ad that says "you have a security risk!" has stopped and so have the webpage installation that accompanies it.
    Attached are the SASlog and the MBam log.
    PLease let me know what to do next.
    Thank you very much!:)
     

    Attached Files:

    veepee67, Aug 9, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I still need the MGlogs.zip.
     
    TimW, Aug 10, 2008
    #4
  5. veepee67

    veepee67 Private E-2

    Attached is the MGlogs.zip file. Sorry I forgot to attach this the first time. Again thanks for the help!:)
     

    Attached Files:

    veepee67, Aug 10, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs look clean.......and there are a few things to attend to:

    If you haven't already, please disable the Guest account in User accounts.

    Please use add/remove programs to uninstall:
    Java(TM) 6 Update 3
    Java(TM) 6 Update 4"
    Java(TM) 6 Update 5"
    Java(TM) 6 Update 7

    Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.

    If you use Firefox browser

    * Click Firefox at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    * Click Opera at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.

    Now download and install:
    Java Runtime 6

    Are you having any other issues?
     
    TimW, Aug 11, 2008
    #6
  7. veepee67

    veepee67 Private E-2

    No other issues so far. As always, thanks a million. I am glad I can count on you guys for up-to-date tech knowledge and assistance when problems like these come up. Thank you very much!
     
    veepee67, Aug 11, 2008
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome .....If you are not having any other malware problems, it is time to do our final steps:
     
    TimW, Aug 11, 2008
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds