Jump to content

Row

Members
  • Content count

    7
  • Joined

  • Last visited

About Row

  • Rank
    Newbie
  1. Hello, I am having lots of problems with ads popping up and slowing down my computer. They seem to originate in malware called Getprivate. I have tried various things to try to remove it but with no success: the Superantispyware removes the threats after a scan but they immediately reappear. I cannot identify the program in the Uninstall Programs option nor in the running processes in order to delete it. There seems to be much discussion recently on this malware on the web, but also with suspicious links, procedures and indications to scan computer with Spyhunter and then buy it. Help would be greatly appreciated! Quick scan log attached in case it is helpful. SUPERAntiSpyware Scan Log.pdf
  2. Thanks SAS Malware Research and Guilty Spark for your help. I did not find deal keeper and the rest of the plugins and applications instructed to be removed. However, after restarting the computer many of the threats are not being detected by SAS. Hopefully having been successfully removed! However, there are three that remain and do not successfully erase: Adware.Tracking Cookie .imrworldwide.com [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ANBAETMJ.DEFAULT-1410999420544\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ANBAETMJ.DEFAULT-1410999420544\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ANBAETMJ.DEFAULT-1410999420544\COOKIES.SQLITE ]
  3. I followed the instructions and instructed the computer to delete the files that appeared. However, I then ran SAS again, and the infections were detected stil. This a sticky set of malware! Below is the report of the AdwCleaner # AdwCleaner v3.310 - Reporte Creado 19/09/2014 en 18:09:28 # Actualizado 12/09/2014 por Xplode # Sistema Operativo : Windows 8.1 (64 bits) # Nombre de usuario : DELL - PC # Ejecutado desde : C:\Users\DELL\Downloads\AdwCleaner.exe # OpciĆ³n : Limpiar ***** [ Servicios ] ***** [#] Servicio Borrar : F06DEFF2-5B9C-490D-910F-35D3A91196222 [#] Servicio Borrar : Update Deal Keeper [#] Servicio Borrar : Util Deal Keeper Servicio Borrar : {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64 Servicio Borrar : {55dce8ba-9dec-4013-937e-adbf9317d990}w64 ***** [ Archivos / Carpetas ] ***** Carpeta Borrar : C:\ProgramData\ParetoLogic Carpeta Borrar : C:\ProgramData\systemk Carpeta Borrar : C:\Program Files (x86)\Settings Manager Carpeta Borrar : C:\Program Files (x86)\SiteLookup [!] Carpeta Borrar : C:\Program Files (x86)\Deal Keeper Carpeta Borrar : C:\Users\DELL\AppData\Local\Linkey Carpeta Borrar : C:\Users\DELL\AppData\LocalLow\DataMngr Carpeta Borrar : C:\Users\DELL\AppData\Roaming\DriverCure Carpeta Borrar : C:\Users\DELL\AppData\Roaming\ParetoLogic Carpeta Borrar : C:\Users\DELL\AppData\Roaming\Settings Manager Carpeta Borrar : C:\Users\DELL\AppData\Roaming\SimilarAddon Carpeta Borrar : C:\Users\DELL\AppData\Roaming\Systweak Carpeta Borrar : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\eencbeelgfacnhekfiklkobllfleohce Archivo Borrar : C:\Windows\System32\roboot64.exe Archivo Borrar : C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys Archivo Borrar : C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys Archivo Borrar : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml ***** [ Tareas ] ***** ***** [ Accesos directos ] ***** ***** [ Registro ] ***** Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32 Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32 Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe Valor Borrar : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Valor Borrar : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86] Clave Borrar : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Deal Keeper Clave Borrar : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Deal Keeper Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254} Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{ba0ab49b-34a1-4c36-bb3b-e6f458974507} Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254} Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254} Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254} Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} Clave Borrar : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} Clave Borrar : HKCU\Software\Deal Keeper Clave Borrar : HKCU\Software\InstallCore Clave Borrar : HKCU\Software\ParetoLogic Clave Borrar : HKCU\Software\SystemK Clave Borrar : HKCU\Software\systweak Clave Borrar : HKCU\Software\Tune Clave Borrar : HKLM\SOFTWARE\Deal Keeper Clave Borrar : HKLM\SOFTWARE\ParetoLogic Clave Borrar : HKLM\SOFTWARE\Solvusoft Clave Borrar : HKLM\SOFTWARE\SystemK Clave Borrar : HKLM\SOFTWARE\systweak Clave Borrar : HKLM\SOFTWARE\Tune Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe ***** [ Navegadores ] ***** -\\ Internet Explorer v11.0.9600.17278 -\\ Mozilla Firefox v32.0.2 (x86 en-US) [ Archivo : C:\Users\DELL\AppData\Roaming\Mozilla\Firefox\Profiles\anbaetmj.default-1410999420544\prefs.js ] -\\ Google Chrome v37.0.2062.120 [ Archivo : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\preferences ] Borrar [startup_urls] : hxxp://www.default-search.net?sid=492&aid=121&itype=a&ver=13337&tm=413&src=hmp Borrar [Homepage] : hxxp://www.default-search.net?sid=492&aid=121&itype=a&ver=13337&tm=413&src=hmp Borrar [Extension] : eencbeelgfacnhekfiklkobllfleohce ************************* AdwCleaner[R0].txt - [9185 octets] - [19/09/2014 18:05:57] AdwCleaner[s0].txt - [7606 octets] - [19/09/2014 18:09:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7666 octets] ##########
  4. Hi, Thanks for your response. Yes, now I did. I both went throught the Unwanted Programs check, and the Unwanted Programs deletion. However, the deletion does not effectively happen. It just gets recognized, after instruction to remove, the message is that it is deleted, after which a restart of the machine is required, but then when i scan again, the malware shows up again.
  5. Hi, I recently got malware that keeps mutating in terms of what is detected by SuperAntispyware (SAS) program. Particularly, first Deal keeper, then settings manager and now appbud. However, the SAS says the removal is complete, the computer is restarted by request, but if you run SAS again, they reapper (and the pops keep coming). Below is the review of the last detection (seems like deal keeper and settings manager is no longer being detected, if still infected. Though it has reappeared and i uninstalled it again through the Control Panel route). I tried to remove the programs using FixIt from microsoft. The programs would not appear, so I had to type in the 38 digit numbers. I did it one by one. But, I ran SAS again and it still detects the unwanted items, but does not effectively delete them. Help would be greatly appreciated!! Regards, Row Operating System Information Windows 8.1 64-bit (Build 6.03.9200) UAC On - Limited User Memory items scanned : 542 Memory threats detected : 0 Registry items scanned : 45860 Registry threats detected : 14 File items scanned : 33696 File threats detected : 2 PUP.AppBud (x86) HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} (x64) HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32 (x64) HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32#ThreadingModel (x64) HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\Programmable (x64) HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\TypeLib (x64) HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\Version (x64) HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} (x64) HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\ProxyStubClsid32 (x64) HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\TypeLib (x64) HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\TypeLib#Version (x64) HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} (x64) HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\ProxyStubClsid32 (x64) HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\TypeLib (x64) HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\TypeLib#Version Adware.Tracking Cookie .doubleclick.net [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ANBAETMJ.DEFAULT-1410999420544\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\DELL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ANBAETMJ.DEFAULT-1410999420544\COOKIES.SQLITE ]
×