Author Topic: Adf.ly Malware (Logs inside)  (Read 3946 times)

Offline jegues

  • Jr. Member
  • **
  • Posts: 23
    • Personal Message (Offline)
Adf.ly Malware (Logs inside)
« on: January 03, 2013, 01:27:39 AM »
Recently my girlfriend asked me if I could burn her some DVDs. Obliging, I googled around looking for some free software for burning DVDs, and found DVD Flick (http://www.dvdflick.net/). Somehow in attempt to download this, I must've clicked the wrong download and downloaded a file that installed a bunch of random software such as incredibar and this Adf.ly crap.

I've been able to remove most of it, but when I am browsing the net using Mozilla Firefox and I click on certain links or try to download something, the Adf.ly windows still pop up.

Attached is the desired logs according to the log thread stickies.

I still have the original executable that installed all this garbage on my computer in the first place. Perhaps someone can take a look at that in a safe sandbox and figure out what exactly it installed so I can remove it all.

Thank you very much for your time and all your help!

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21672
  • Gender: Male
    • Personal Message (Offline)
Re: Adf.ly Malware (Logs inside)
« Reply #1 on: January 03, 2013, 01:31:21 AM »
run AdwCleaner....click delete button....reboot...post log here

http://forum.avast.com/index.php?topic=53253.0
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21672
  • Gender: Male
    • Personal Message (Offline)
Re: Adf.ly Malware (Logs inside)
« Reply #2 on: January 03, 2013, 01:34:29 AM »
Quote
I still have the original executable that installed all this garbage on my computer in the first place.
upload it to www.virustotal.com and test with 40+ malware scanners (if scanned before, click rescan)
when you have the result, copy the URL and post it here for us to see   ;)


i have notified a malware expert that will check your OTL log....check back tomorrow for result   ;)

« Last Edit: January 03, 2013, 01:45:17 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline jegues

  • Jr. Member
  • **
  • Posts: 23
    • Personal Message (Offline)
Re: Adf.ly Malware (Logs inside)
« Reply #3 on: January 03, 2013, 03:11:51 AM »
Here is the URL for the scan on the executable from virustotal, https://www.virustotal.com/file/d67c1a6442552ea22c3cf911f859bf1c3e90c1d991ce6fcbe1db9d5e84168161/analysis/1357185665/.

Attached is the logs from AdwCleaner.

Still looking for help on this one!

Cheers!

EDIT: Also, whenever I try to click a link after preforming a google search, Mozilla always opens this in a new tab. I don't want this, I want it to simply navigate the current tab to the link I clicked. I went into options and unchecked the option, "Open new windows in a new tab instead" but now a new window simply opens each time I click a link.

How do I get it so when I click a link it simply navigates the current tab to the clicked link as opposed to opening a new tab or window?

Note: I have already tried "Reseting" my Mozilla firefox a few times in an attempt to fix this with no avail.

Thanks again!
« Last Edit: January 03, 2013, 03:24:19 AM by jegues »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21672
  • Gender: Male
    • Personal Message (Offline)
Re: Adf.ly Malware (Logs inside)
« Reply #4 on: January 03, 2013, 03:23:19 AM »
Quote
Anyone know how to fix this?
the removal expert will fix it when he is home from work.......  european time   ;)

anyway as you see from the VT scan avast detect it as PUP = not a virus but Possible Unwanted Program

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline jegues

  • Jr. Member
  • **
  • Posts: 23
    • Personal Message (Offline)
Re: Adf.ly Malware (Logs inside)
« Reply #5 on: January 03, 2013, 03:59:57 AM »
Just an update on the problem with Mozilla opening new links upon click links from a Google search, I have fixed this by simply changing the search settings on Google.

I'll be waiting to hear from the experts!

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28966
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Adf.ly Malware (Logs inside)
« Reply #6 on: January 03, 2013, 01:12:06 PM »
You look to have killed most of it, on completion of this run can you let me know of any remaining problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\x\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ai49fwnv)
IE - HKU\S-1-5-21-436374069-1292428093-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb196?a=6OyYSLDwos&i=26
IE - HKU\S-1-5-21-436374069-1292428093-725345543-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb196/?search={searchTerms}&loc=IB_DS&a=6OyYSLDwos&i=26
[2012/12/31 12:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/12/31 12:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer


:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline jegues

  • Jr. Member
  • **
  • Posts: 23
    • Personal Message (Offline)
Re: Adf.ly Malware (Logs inside)
« Reply #7 on: January 04, 2013, 02:03:34 PM »
You look to have killed most of it, on completion of this run can you let me know of any remaining problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\x\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ai49fwnv)
IE - HKU\S-1-5-21-436374069-1292428093-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb196?a=6OyYSLDwos&i=26
IE - HKU\S-1-5-21-436374069-1292428093-725345543-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb196/?search={searchTerms}&loc=IB_DS&a=6OyYSLDwos&i=26
[2012/12/31 12:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/12/31 12:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer


:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Hello essexboy,

When I ran your custom fix in OTL my taskbar disapeered and the computer did not reboot. I had to reboot it manually, it seemed to have froze.

This has happened in the past and you had given me another line of code within the fix to correct this issue. What is the code again?

After this I will rescan using OTL and post the log.

Thanks again!

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28966
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Adf.ly Malware (Logs inside)
« Reply #8 on: January 04, 2013, 02:19:06 PM »
OK that was probably MBAM again..  I will look at the fresh OTL log after the new fix

Quote
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\x\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ai49fwnv)
IE - HKU\S-1-5-21-436374069-1292428093-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb196?a=6OyYSLDwos&i=26
IE - HKU\S-1-5-21-436374069-1292428093-725345543-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb196/?search={searchTerms}&loc=IB_DS&a=6OyYSLDwos&i=26
[2012/12/31 12:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/12/31 12:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer


:Commands
[resethosts]
[CREATERESTOREPOINT]
[Reboot]

Offline jegues

  • Jr. Member
  • **
  • Posts: 23
    • Personal Message (Offline)
Re: Adf.ly Malware (Logs inside)
« Reply #9 on: January 07, 2013, 03:47:19 AM »
Here is the log after running the new fix.

Cheers,


Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28966
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Adf.ly Malware (Logs inside)
« Reply #10 on: January 07, 2013, 02:09:34 PM »
How is the computer behaving now ?

Offline jegues

  • Jr. Member
  • **
  • Posts: 23
    • Personal Message (Offline)
Re: Adf.ly Malware (Logs inside)
« Reply #11 on: January 09, 2013, 12:01:10 AM »
Seems to be fine.

Does it look clean?

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28966
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: Adf.ly Malware (Logs inside)
« Reply #12 on: January 09, 2013, 01:25:39 PM »
Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
     [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.
   Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

 Upgrading Java:
  • Go to this site  and click Do I have Java
  • It will check your current version and then offer to update to the latest version
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?Keep safe  :wave:

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now