Author Topic: chitka pop ups  (Read 9607 times)

0 Members and 1 Guest are viewing this topic.

johnone

  • Guest
chitka pop ups
« on: March 20, 2013, 10:45:26 PM »
Pop up window bottom left ,can't close

Windows 7 X64 IE9

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: chitka pop ups
« Reply #1 on: March 21, 2013, 12:00:58 AM »
This should cure it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

johnone

  • Guest
Re: chitka pop ups
« Reply #2 on: March 21, 2013, 02:51:34 AM »
it appears fixed!!

Thank you

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: chitka pop ups
« Reply #3 on: March 21, 2013, 02:42:33 PM »
Run OTL and press the cleanup button to remove it and associated files

RilesHog

  • Guest
Re: chitka pop ups
« Reply #4 on: April 05, 2013, 07:39:46 PM »
I'm having constant chitka popups that my Malwarebytes didn't get rid of (see log below).  If other anti-malware programs are required, could you please direct me to a safe place where I can download them?  Thanks!

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
JLH :: JLH-PC [administrator]

4/1/2013 7:58:59 AM
mbam-log-2013-04-01 (07-58-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219835
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Detected: 1
C:\Users\JLH\AppData\Local\Temp\tmpb10c6c4f.exe (Trojan.Ransom.WL) -> 4740 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\JLH\AppData\Local\Temp\tmpb10c6c4f.exe (Trojan.Ransom.WL) -> Delete on reboot.
C:\Users\JLH\AppData\Local\Temp\tmpde56a819.exe (Trojan.Ransom.WL) -> Quarantined and deleted successfully.
C:\Users\JLH\4zqjwcji9mmr7.exe (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: chitka pop ups
« Reply #5 on: April 05, 2013, 07:42:27 PM »
I will need this initially

Download OTL  to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post  both logs

RilesHog

  • Guest
Re: chitka pop ups
« Reply #6 on: April 05, 2013, 11:03:25 PM »
Apparently, I did something wrong.  After the second scan (which took almost as long as the first), only the OTL.Txt window opened, and I didn't see any Extras.Txt, either as a notepad pop-up or in the place where the OTL was saved.  Also, when I attempted to post the log from the OTL.Txt notepad with this message, I was given the "exceeds 10,000 characters" error message.  I apologize for my incompetence and would be extremely grateful for any further direction and/or correction.  Thank you!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: chitka pop ups
« Reply #7 on: April 05, 2013, 11:45:07 PM »
Could you attach the main log please

RilesHog

  • Guest
Re: chitka pop ups
« Reply #8 on: April 06, 2013, 12:14:13 AM »
The log from the initial scan (the one before pasting your info into the Custom Scan box) contains in excess of 54,000 characters, so it's triggering the "in excess of 10,000" error message.  The log from the scan after pasting your info contains in excess of 100,000 characters.  Which log do you want and how should I circumvent the error message, if at all?  Thanks.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: chitka pop ups
« Reply #9 on: April 06, 2013, 09:28:36 AM »
The log from the initial scan (the one before pasting your info into the Custom Scan box) contains in excess of 54,000 characters, so it's triggering the "in excess of 10,000" error message.  The log from the scan after pasting your info contains in excess of 100,000 characters.  Which log do you want and how should I circumvent the error message, if at all?  Thanks.
you need to attach the OTL.txt log....not copy and paste

RilesHog

  • Guest
Re: chitka pop ups
« Reply #10 on: April 06, 2013, 03:00:24 PM »
Sorry about that.  The first attachment should be the log from the scan run after I pasted your info into the Custom Scan Box, and the second attachment should be the log from the initial scan.  Hope this is what you need.  Thank you very much.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: chitka pop ups
« Reply #11 on: April 06, 2013, 03:34:03 PM »
What antivirus are you using ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
SRV - [2013/04/01 16:34:36 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49barsvc.exe -- (UtilityChest_49Service)
IE - HKU\S-1-5-21-2456416701-3275544159-1560900735-1000\..\SearchScopes\{4A876217-4C52-4615-9E01-AAC708F793F4}: "URL" = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrcAs.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Utility Chest) - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Utility Chest Search Scope Monitor] C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [UtilityChest_49 Browser Plugin Loader] C:\Program Files (x86)\UtilityChest_49\bar\1.bin\49brmon.exe (VER_COMPANY_NAME)
O4 - HKU\S-1-5-21-2456416701-3275544159-1560900735-1000..\Run: [Best Buy pc app] C:\Users\JLH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms File not found
O4 - HKU\S-1-5-21-2456416701-3275544159-1560900735-1000..\Run: [mopeg.exe] C:\Users\JLH\AppData\Roaming\Rale\mopeg.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
[2013/04/01 16:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UtilityChest_49
[2013/03/08 17:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\pojrssyahbfpqff
[2013/03/08 17:21:28 | 000,108,320 | ---- | C] () -- C:\ProgramData\kkfijpgxziscxqv
[2012/08/09 07:26:49 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2012/08/09 07:15:07 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105

:Files
C:\Users\JLH\AppData\Roaming\Rale\mopeg.exe
C:\ProgramData\Best Buy pc app
C:\ProgramData\WeCareReminder
C:\Program Files (x86)\Yontoo

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

RilesHog

  • Guest
Re: chitka pop ups
« Reply #12 on: April 06, 2013, 04:25:56 PM »
Here they are.  If I missed anything, please let me know.  Thank you!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: chitka pop ups
« Reply #13 on: April 06, 2013, 04:29:27 PM »
Here they are.  If I missed anything, please let me know.  Thank you!
do you not use any antivirus?


RilesHog

  • Guest
Re: chitka pop ups
« Reply #14 on: April 06, 2013, 04:40:39 PM »
I had Norton, but I'm not seeing it now.