Sign in to follow this  
Matiasow

Deal4real and Buzzwok

Recommended Posts

Hi Matiasow,

 

1. I can see that you have something called "Advanced SystemCare Browser Protection" from Iobit (maybe also called "Surfing Protection"), it's possible that it restores the settings that Ad-Aware is changing. Please, disable or remove it while I help you here.

 

2. If possible, please uninstall "deeal4real" and "WildWestCoupon" in the Control Panel's list of installed programs.

Is "Optimizer Pro v3.2" something you have installed by yourself or has it been installed by another program?

 

3. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

 

Click on the Scan button.

Wait until the search has finished.

 

Click on the Report button.

A report will be displayed, copy its content and paste into your answer.

If the report isn't displayed, it exist as C:\AdwCleaner[R0].txt.

Share this post


Link to post
Share on other sites

Hi,

1. Please try to uninstall "Optimizer Pro v3.2".

 

2. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Clean button.

Click on OK.
Click on OK on any message that pops up.
The computer should be restarted, if not done automatically do it yourself.

A report will be displayed, copy its content and paste into your answer.
If the report isn't displayed, it exist as C:\AdwCleaner[s0].txt

 

 

3. Please, download Farbar Recovery Scan Tool (FRST) and save it on the desktop: http://download.bleepingcomputer.com/farbar/FRST64.exe

Start the FRST program.

Read the disclaimer and click Yes to accept it.
Click Scan button.
When done, FRST will create two log files, called FRST.txt and Addition.txt, on the desktop.

Please, attach them to your reply.

 

 

4. Do a full scan with Ad-Aware, please.

 

 

5. To get a second opinion, please run an online scan with Eset http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

 

Select "Enable detection of potentially unwanted applications".

Click "Advanced Settings".

Un-check "Remove found threats".

 

Check:

"Scan Archives"

"Scan for potentially unsafe applications"
"Enable Anti-Stealth Technology"

Click "Start"

When the scan is finished, click on "List of found threats" and then "Export to text file". Copy the content of the text file and paste its content in your answer.

Share this post


Link to post
Share on other sites

Using cracks and cheats is dangerous:

C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application

C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application

C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe Win32/HackTool.Crack.BC potentially unsafe application

C:\Users\Matias\Documents\Torrents\Færdig downloadede filer\Advanced SystemCare Pro 7.1.0.389 Final+Crack\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application

C:\Users\Matias\Documents\Torrents\Færdig downloadede filer\IObit Advanced System Care 7 Pro__With Licence Key_[shilpa143]\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application

 

1. CHR Extension: (HTTP Headers) - C:\Users\Matias\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhbpoeinkhpajikalhfpjjafpfgjnmgk [2014-10-09]

Did the ads from Deal4real and Buzzwok start 3 days ago or when did they start?

 

Filezilla (installed 20 Sep.) wants to install adware.

C:\Users\Matias\Downloads\FileZilla_3.9.0.5_win32-setup.exe a variant of Win32/InstallCore.QH potentially unwanted application

 

 

2. Do you have the ads in all three browsers?

 

 

3. Have Allmyapps been installed a long time?

The reviews of it on https://www.mywot.com/en/scorecard/allmyapps.com indicate that it may be an unwanted program.

 

 

4. Save SystemLook on the desktop: http://jpshortstuff.247fixes.com/SystemLook_x64.exe

 

Double-click on SystemLook file to run it.

 

Copy all lines in the box

:dir
C:\ProgramData\fce14f55324644aa
c:\users\matias\appdata\roaming\allmyapps
:file
C:\Windows\svrfont.exe
and paste in the big text field in SýstemLook.

Click on the Look button to start the search.

When finished Notepad will pop-up with the log. Copy the log and paste into your answer. If Notepad doesn't pop-up you can find the log as SystemLook.txt on the Desktop.

 

 

5. Please, move FRST program from Downloads folder to the desktop.

 

Start Notepad.

Copy all text that is in the box:

Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Users\Matias\AppData\Roaming\Mozilla\Firefox\Profiles\jhea4twh.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
C:\Users\Matias\Local Settings\Application Data\Bundled software uninstaller
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Start FRST by double-clicking it on the desktop, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

Share this post


Link to post
Share on other sites

Using cracks and cheats is dangerous:

Yes, I know that now. :mellow:

Did the ads from Deal4real and Buzzwok start 3 days ago or when did they start?

That sounds about right.

Filezilla (installed 20 Sep.) wants to install adware.

FileZilla has now been uninstalled.

Do you have the ads in all three browsers?

The ads are shown in Google Chrome, Mozilla Firefix, but not IE.

Have Allmyapps been installed a long time?

I do not know this program, I can not find it, therefore I can not uninstall it.

 

 

Fixlog.txt

SystemLook.txt

Share this post


Link to post
Share on other sites

1. Start Notepad.

Copy all text that is in the box:

C:\Windows\svrfont.exe

Task: {20B7EE81-1241-475B-ACB5-5C7EDC30B3B2} - System32\Tasks\AllmyappsUpdateTask => c:\users\matias\appdata\roaming\allmyapps\allmyappsupdater.exe

c:\users\matias\appdata\roaming\allmyapps\

Task: {DE90B867-32E2-422E-ACE1-D878D698EFAB} - \AutoKMS No Task File <==== ATTENTION

CHR Extension: (HTTP Headers) - C:\Users\Matias\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhbpoeinkhpajikalhfpjjafpfgjnmgk [2014-10-09]

Reboot:

and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

 

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

The computer will be restarted.

 

RST creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

 

 

2. Check the status of the browsers.

 

3. Do you still see the ads?

If yes, start FRST, select "Addition.txt" and let it scan, please.

Attach the new FRST.txt and Addition.txt.

Share this post


Link to post
Share on other sites

Great, there in no more unwanted ads in my browsers.

 

Thank you for the support! Great work you are doing.

 

I'll be checking in later to see if you have more information for me. Thanks.

Fixlog.txt

Share this post


Link to post
Share on other sites

You're welcome :)

I'm glad it has been resolved.

 

If everything is fine, it's time for final clean-up.

 

1. Removal of tools

 

Please, turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

Click on the Uninstall button.

 

Download OTC http://oldtimer.geekstogo.com/OTC.exe

Close all programs.

Start OTC program.

Click the CleanUp! button.

Select Yes when asked "Begin cleanup process".

If you are asked to reboot, select Yes.

 

You can delete all log files.

 

2. Improve the security in the computer

It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/ describes how to install and use the program.

Share this post


Link to post
Share on other sites

Removal of tools

Done. Thanks!

 

Improve the security in the computer

Done, great program. I've been looking for a program like this for some time now.

 

 

Thanks again, great work!

Share this post


Link to post
Share on other sites

You're welcome :)

 

Nice that you like Secunia's program (Danish as you I guess).

  • Like 1

Share this post


Link to post
Share on other sites

Hey Cecilia, im back.

 

And so are my virus.............

 

Same type of adds now just called 'LizzardSales'

 

I have not installed any programs the last few days, so I really can't understand where it comes from. Ad-Aware real-time protection does not protest about any virus.

Share this post


Link to post
Share on other sites

Hi again Matiasow,

 

That's bad :(

Let us see new logs from FRST and AdwCleaner, please.

Share this post


Link to post
Share on other sites

Hi,

 

Good that you could remove the Chrome plugin and AdwCleaner removed something from Firefox.

 

It's possible that you have a freeware program that tries to install adware whenever you run it. If adware is installed again, please try to remember which programs you have started.

 

2014-10-13 15:17 - 2014-10-13 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices

2014-10-13 15:16 - 2014-10-13 15:16 - 00000000 ____D () C:\iBTWU

That program was installed after the installation of Secunia PSI.

Share this post


Link to post
Share on other sites

So now it's back again, as 'Ads by WildWestCoupon'. I dont remember opening any programs, but I have rebooted my computer. Frustrating!

And again, I could remove it from Chrome, as before with 'LizzardSales'

Share this post


Link to post
Share on other sites

Do you have synchronization in Chrome?

That can restore the previous settings and add-ons.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this