yontoo snap.do and network dns errors

Discussion in 'Malware Help (A Specialist Will Reply)' started by longlily, Jul 11, 2013.

  1. longlily

    longlily Private E-2

    Hello all

    i am using a Dell inspiron n5010. Last year i messed up by putting windows 8 preview on it, and had to get the disks from Dell to do factory install again of original windows 7.
    Anyhow, i have ended up downloading, conduit search, yontoo, and feed.snap.do, and thought i had removed them, but snap.do kept reappearing. My internet is awful, dns server errors daily, dhcp errors, and i am beginning to get paranoind, as i saw a file (cant remember it) and it said the owner was from Homegroup, and the name was a load of numbers.

    i am feeling like this laptop i am on, is not just mine. Yesterday, i downloaded avg security suite, on the properties,it said the file was blocked as it was from another computer. a lot of other files say the same.
    I am denied access to c:\\recycle bin, c:\\documents and settings, c:\\users\default user

    I have attached all the scan logs mentioned in the sticky, and would be grateful if someone could take a look please.

    thankyou so much in advance.
     

    Attached Files:

    longlily, Jul 11, 2013
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.


    Otherwise, I am not finding any malware in your logs. I suggest you post in the software forum for further assistance.

    Since you are not having any malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    2. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work thru the below link


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0
     
    TimW, Jul 11, 2013
    #2
  3. longlily

    longlily Private E-2

    hi, thankyou for your time.

    here is the log from jrt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.0.7 (07.11.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by jan on 11/07/2013 at 20:33:41.65
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{de9028d0-5ffa-4e69-94e3-89ee8741f468}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{03e2a1f3-4402-4121-8b35-733216d61217}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{9e3b11f6-4179-4603-a71b-a55f4bcb0bec}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{9c049ba6-ea47-4ac3-aed6-a66d8dc9e1d8}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{02478d38-c3f9-4efb-9b51-7695eca05670}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{f25af245-4a81-40dc-92f9-e9021f207706}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\snapdo_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\snapdo_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\wajamupdater_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ Chrome

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11/07/2013 at 20:39:11.46
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    longlily, Jul 11, 2013
    #3
  4. longlily

    longlily Private E-2

    hi

    roguekiller quarantined physicaldrive0_user dat file, should i allow rk to delete the file before i remove rk from system

    thankyou
     
    longlily, Jul 12, 2013
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please ATTACH the log so I can see what it is complaining about.
     
    TimW, Jul 12, 2013
    #5
  6. longlily

    longlily Private E-2

    i have attached the rk quarantine folder in a zip file, as the original log was attached in my first post. the instructions in the sticky said not to delete or remove anything until logs where looked at, but as you say all is ok, can i re run roguekiller and allow it to delete this.

    thankyou
     

    Attached Files:

    longlily, Jul 13, 2013
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This is normal. You can just finish the final cleanup. MGclean.bat should remove this folder.
     
    chaslang, Jul 13, 2013
    #7
  8. longlily

    longlily Private E-2

    many thanks
     
    longlily, Jul 13, 2013
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds