Avast WEBforum

Other => Viruses and worms => Topic started by: jgret on March 17, 2013, 08:33:28 PM

Title: Popup Removal Help
Post by: jgret on March 17, 2013, 08:33:28 PM

Hello!  I'd greatly appreciate any help in removing a Chitka popup, and one other that I'm not sure how to identify. (It usually says "Please install flashplayer HD to continue.")

Here are the steps I have taken:

1. Ran AdwCleaner and selected Delete

2. Ran Malwarebytes' Anti-Malware

3. Ran OTL

4. Ran  aswMBR.exe

I will attach the logs in the next posts.  I'm not getting the popups as frequently, but they haven't been totally eliminated.

Thanks in advance!

Title: Re: Popup Removal Help
Post by: jgret on March 17, 2013, 08:36:04 PM

AdwCleaner

Title: Re: Popup Removal Help
Post by: jgret on March 17, 2013, 08:40:31 PM

Malwarebytes' Anti-Malware

(Is this what is needed?)

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.15.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Donna :: DONNA-PC [administrator]

3/17/2013 12:05:07 PM
mbam-log-2013-03-17 (12-05-07).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 567301
Time elapsed: 2 hour(s), 1 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Donna\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

Title: Re: Popup Removal Help
Post by: jgret on March 17, 2013, 08:41:41 PM

OTL.Txt and Extras.Txt.

Title: Re: Popup Removal Help
Post by: jgret on March 17, 2013, 08:42:42 PM

 aswMBR.exe

Title: Re: Popup Removal Help
Post by: Pondus on March 17, 2013, 08:44:41 PM

Quote

Is this what is needed?

yes....exept that you did not update malwarebytes  before you scanned
you dont have to post a new..... and quick scan is enough to find any active malware   ;)

malware removers are notified....should be here soon

Title: Re: Popup Removal Help
Post by: essexboy on March 17, 2013, 09:37:18 PM

Let me know if this cures it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  (https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
  
  

Code: [Select]

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Title: Re: Popup Removal Help
Post by: jgret on March 17, 2013, 10:11:15 PM

Thank you!

Here is the log from the Quick Scan.

Title: Re: Popup Removal Help
Post by: jgret on March 17, 2013, 10:35:44 PM

Yay, I think it worked!  Been clicking all around and haven't seen a single popup.  Thanks so much!

Title: Re: Popup Removal Help
Post by: essexboy on March 17, 2013, 10:36:22 PM

Run OTL and press the cleanup button to remove it and its associated files

Title: Re: Popup Removal Help
Post by: jgret on March 17, 2013, 11:42:44 PM

Done! Thanks again  :D