Avast WEBforum
Other => Viruses and worms => Topic started by: jgret on March 17, 2013, 08:33:28 PM
-
Hello! I'd greatly appreciate any help in removing a Chitka popup, and one other that I'm not sure how to identify. (It usually says "Please install flashplayer HD to continue.")
Here are the steps I have taken:
1. Ran AdwCleaner and selected Delete
2. Ran Malwarebytes' Anti-Malware
3. Ran OTL
4. Ran aswMBR.exe
I will attach the logs in the next posts. I'm not getting the popups as frequently, but they haven't been totally eliminated.
Thanks in advance!
-
AdwCleaner
-
Malwarebytes' Anti-Malware
(Is this what is needed?)
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.15.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Donna :: DONNA-PC [administrator]
3/17/2013 12:05:07 PM
mbam-log-2013-03-17 (12-05-07).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 567301
Time elapsed: 2 hour(s), 1 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Donna\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
(end)
-
OTL.Txt and Extras.Txt.
-
aswMBR.exe
-
Is this what is needed?
yes....exept that you did not update malwarebytes before you scanned
you dont have to post a new..... and quick scan is enough to find any active malware ;)
malware removers are notified....should be here soon
-
Let me know if this cures it
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Thank you!
Here is the log from the Quick Scan.
-
Yay, I think it worked! Been clicking all around and haven't seen a single popup. Thanks so much!
-
Run OTL and press the cleanup button to remove it and its associated files
-
Done! Thanks again :D