Sign in to follow this  
DLance

Issue finding and removing Ads by FreezeThePrice

Recommended Posts

Been having issues with malware, primarily adware. I installed Ad-Aware which got rid of all of it, at least I thought. Now I get pop-ups for "Ads by FreezeThePrice" in all browsers, as well as additional links in google by the same adware. Ad-aware is not finding anything, I've also used adwcleaner and it removed some other files that were being difficult, but this FreezeThePrice is still here. Files from FRST is attached.

 

On a side note, I've seen it suggested to remove Java, but I use it for developmental purposes.

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

Hi DLance,

 

1. Ran by Sony at 2015-01-21 06:52:02

You have attached an old Addition.txt. Please, attach a new one.

 

2. CHR dev: Chrome dev build detected! <======= ATTENTION
Your Chrome is set to use test versions that are supposed to be used by developers. The test versions are less secure that the final versions. The only way to get back to the final versions is to uninstall Chrome, delete the folder C:\Users\Daniel\AppData\Local\Google\Chrome, restart the computer and install Chrome again.

 

 

3. Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

Share this post


Link to post
Share on other sites

C:\Users\Daniel\Documents\Vuze Downloads\Sony Vegas Pro 13.0 build 290 (64 bit) Multilingual [ChingLiu]\Patch KHG\vegas.pro.13.0.(64-bit)-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application
It can be dangerous to use cracked programs.


The following script will delete everything in the recycle bins and folders for temporary files. Please, check that you don't want to keep those files.

Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
Task: {8AE655D7-9E24-4EFA-BB49-DA8B8AD7812F} - \OctetIntern No Task File <==== ATTENTION
Task: {A0B0220C-491A-484A-8D69-1E9A43865442} - \BookBee No Task File <==== ATTENTION
Task: C:\Windows\Tasks\BookBee.job => c:\programdata\{3dd88c32-6e47-9582-3dd8-88c326e430c9}\6182965036950496787b.exe <==== ATTENTION
Task: C:\Windows\Tasks\OctetIntern.job => c:\programdata\{82b726fd-7a16-4b92-82b7-726fd7a19bf5}\4060050488941669966b.exe <==== ATTENTION
HKLM\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S2 Drab Woman; "C:\Program Files (x86)\Drab Woman\Drab Woman.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
2015-07-09 10:30 - 2015-07-21 04:33 - 00000356 _____ C:\Windows\Tasks\BookBee.job
C:\Program Files (x86)\Client for  Analytics
EmptyTemp:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

Share this post


Link to post
Share on other sites

Do you still get ads from FreezeThePrice or is it time to write the instruction for uninstalling FRST and AdwCleaner?

Share this post


Link to post
Share on other sites

Time for final clean-up.

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Uninstall button.

2. Download OTC http://oldtimer.geekstogo.com/OTC.exe
Close all programs.
Start OTC program.
Click the CleanUp! button.
Select Yes when asked "Begin cleanup process".
If you are asked to reboot, select Yes.
If any logs remain on the computer you can remove them.

 

3. Improve the security in the computer[/b]
It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this