Sign in to follow this  

Recommended Posts

I have not been able to remove Meteroids from executing under IE. I have uninstalled, deleted file, searched the registry, and followed several suggestions found on the WEB. It still comes up and hi-jacks my brower.

 

Ad-aware did find the app and quarantined them ... I deleted them from the quarantine ... no luck.

 

I am running WIN 8. Can some help me please

Share this post


Link to post
Share on other sites

Hi wwmorton,

 

 

Please, download Farbar Recovery Scan Tool (FRST) and save it on the desktop:

For 64 bits Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe

For 32 bits Windows: http://download.bleepingcomputer.com/farbar/FRST.exe

 

Start the FRST program.

 

Read the disclaimer and click Yes to accept it.

Click Scan button.

When done, FRST will create two log files, called FRST.txt and Addition.txt, on the desktop.

 

Please, attach them to your reply (press "More Reply Options" button to see how to attach files).

Share this post


Link to post
Share on other sites

You're welcome, Bill :)

 

Do you know what you did that installed the adware and other malicious files?

I think Lavasoft would like to have that information to be able to improve Ad-Aware.

 

 

Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

 

Click on the Scan button.

Wait until the search has finished.

 

Click on the Report button.

A report will be displayed, copy its content and paste into your answer, please.

If the report isn't displayed, it exist as C:\AdwCleaner[R0].txt.

Share this post


Link to post
Share on other sites

Report is below (could not paste for some reason so it is attached). My wife (who is from China) was installing QQ a popular email client from China. It was either infect or otherwise (China go figure :P)

 

 

 

 

 

report.txt.txt

Share this post


Link to post
Share on other sites

1. If you have a link to the QQ installation file, please send it to me in a PM and I'll forward it to Lavasoft.

 

2. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Clean button.

Click on OK.
Click on OK on any message that pops up.
The computer should be restarted, but if it isn't please restart it yourself.

A report will be displayed, copy its content and paste into your answer (or attach).
If the report isn't displayed, it exist as C:\AdwCleaner[s1].txt

 

 

3. Start FRST.

Select Addition.txt, but don't touch anything else.

Click on Scan.

When done, please attach the new FRST.txt and Addition.txt to let us see what more needs to be removed.

 

 

4. Let Ad-Aware do a full scan of the computer.

 

 

5. To get a second opinion, please run an online scan with Eset http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

 

Select Enable detection of potentially unwanted applications.

Click Advanced Settings.

Deselect Remove found threats.

 

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

 

Click Start.

When the scan is finished, click on "List of found threats" and then "Export to text file". Copy the content of the text file and paste its content in your answer.

Share this post


Link to post
Share on other sites

Hi, attached is the log from eset.

 

Ran scan only found some adware cookies and they were deleted.

 

Still being hijacked although behavior as changed. The "Ad by Meteoroid" popup is not appearing all the time and when it does it is quick. However, IE is still opening nefarious maint advert tabs with a popup error forcing me to kill the IE process to get out.

eset.txt

Share this post


Link to post
Share on other sites

Hi, thanks for the links.

 

Good that it's better now.

 

Please, start Notepad.

Copy all text that is in the box:

Task: {44C2351D-78D1-435F-BB93-310FA9EB9BAE} - System32\Tasks\VZ => C:\Users\Rose Guo\AppData\Roaming\VZ.exe [2014-10-15] (Cinema PlusV15.10) <==== ATTENTION
C:\Users\Rose Guo\AppData\Roaming\VZ.exe 
Task: {B70589B3-151A-43DA-981B-DF66E6458594} - System32\Tasks\XVUVZN => C:\Users\Rose Guo\AppData\Roaming\XVUVZN.exe <==== ATTENTION
C:\Users\Rose Guo\AppData\Roaming\XVUVZN.exe
Task: C:\Windows\Tasks\VZ.job => C:\Users\Rose Guo\AppData\Roaming\VZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\XVUVZN.job => C:\Users\Rose Guo\AppData\Roaming\XVUVZN.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Rose Guo\Desktop\adwcleaner_4.000.exe:BDU
AlternateDataStreams: C:\Users\Rose Guo\Desktop\FRST64.exe:BDU
FF Plugin-x32: @qq.com/npqscall,version=1.0.0 -> %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll No File
R2 jNGwKweAq; C:\ProgramData\WBcfVfHXY\jNGwKweAq.exe [2321792 2014-10-15] (Acute Angle Solutions)
2014-10-15 09:28 - 2014-10-15 12:50 - 00000000 ____D () C:\Users\Rose Guo\Documents\Tencent Files
2014-10-15 09:25 - 2014-10-15 09:50 - 00018760 _____ () C:\Windows\SysWOW64\QQVistaHelper.dll
2014-10-15 09:25 - 2014-10-15 09:25 - 00000000 ____D () C:\ProgramData\WBcfVfHXY
C:\Users\Rose Guo\AppData\Roaming\VZ
C:\Users\Rose Guo\AppData\Roaming\XVUVZN
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

 

Which problems remain?

Share this post


Link to post
Share on other sites

Hi,

Very good and you're welcome :)

Time for final clean-up.

1. Removal of AdwCleaner
Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Uninstall button.

2. Removal of FRST
Please, download OTC http://oldtimer.geekstogo.com/OTC.exe
Close all programs.
Start OTC program.
Click the CleanUp! button.
If any logs remain on the computer you can remove them.

3. Improve the security in the computer
It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/ describes how to install and use the program.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this