Avast WEBforum
Other => Viruses and worms => Topic started by: swingset88 on September 17, 2012, 08:18:02 PM
-
Keep getting threat detected messages everytime I use chrome. I've ran malware bytes and it didn't find anything.
-
Keep getting threat detected messages everytime I use chrome. I've ran malware bytes and it didn't find anything.
Hi swingset88 and welcome.
Please read this topic:
http://forum.avast.com/index.php?topic=53253.0
Run AdwCleaner, Malwarebytes , OTL and aswMBR. Attach here logreports. ;)
-
Thx for the quick reply magna, here are my logs.
-
Re-run OTL.exe.
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
IE - HKU\S-1-5-21-488846631-1388982542-3113804436-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
CHR - Extension: Vid-Saver = C:\Users\simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.46_0\crossrider
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c
:commands
[CREATERESTOREPOINT]
[emptytemp]
- Then click the Run Fix button at the top.
- Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
*******************
- Please download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) and save to the desktop.
- Close all windows and browsers
- Right-click the program and select 'Run as Administrator'
- Press the Scan button.
- A report opens on the desktop named - RKreport.txt
- Please post it in your next reply.
**********************
Re-run OTL.exe.
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe /S /MD5
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe /S /MD5
C:\Users\simon\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll /S /MD5
- Then click the Run Scan button at the top.
- Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
-
Hi magna, thanks for the tip
ui have exactly the same problem, do you think you can help me ?
Here are some of my logs
Regards
PS : it's only happening on chrome
-
Hi magna, thanks for the tip
ui have exactly the same problem, do you think you can help me ?
Here are some of my logs
Regards
PS : it's only happening on chrome
he can if you start your own topic ....as helping multiple users in the same topic will be chaotic
-
ok thanks i'll do it as soon as al my other reports will be done, thanks
-
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-488846631-1388982542-3113804436-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Users\simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.46_0\crossrider not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: simon
->Temp folder emptied: 231185854 bytes
->Temporary Internet Files folder emptied: 71114411 bytes
->Java cache emptied: 16244442 bytes
->Google Chrome cache emptied: 375831338 bytes
->Flash cache emptied: 11828 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 265516118 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36081925 bytes
RecycleBin emptied: 2077270804 bytes
Total Files Cleaned = 2,931.00 mb
OTL by OldTimer - Version 3.2.61.5 log created on 09172012_162600
Files\Folders moved on Reboot...
C:\Users\simon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : simon [Admin rights]
Mode : Scan -- Date : 09/17/2012 16:40:00
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT721010SLA360 ATA Device +++++
--- User ---
[MBR] 5c5aa35ae2939c126ce49c26d61d4c08
[BSP] 71a07554f7e8e2a2e59c9919941791a8 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
After i ran roguekiller should i have hit delete on the found things?
-
I hit delete after i ran roguekiller, hope thats ok.
-
After i ran roguekiller should i have hit delete on the found things?
- Yes, Re-run RogueKiller.
- Wait until Prescan has finished.
- Click on Scan.
- Click on the Delete button.
*****************
Re-run OTL.exe.
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
CHR - Extension: Vid-Saver = C:\Users\simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.46_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.46_0\
:files
C:\Users\simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
:commands
[emptytemp]
- Then click the Run Fix button at the top.
- Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
***************
> Re-run OTL, click on RunScan and attach here fresh OTL.txt log.
> How's your computer running now?
-
Computer is running fine, I am no longer getting threat detected messages.
Is my computer virus free?
-
Cool. OTL log looks good.
> Re-run OTL and click on CleanUp! button.
You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.
Look out for extension / add-ons for Firefox/Chrome. Bee free to disable on remove unused...
;)