Avast WEBforum
Other => Viruses and worms => Topic started by: mompea on June 01, 2013, 10:51:34 PM
-
This plug in is a nuisance and it pops up every time I go to a new page, click on an italicized word, a blue link, everything! I found a site that initially tells you it is a free removal tool, but as you go along of course there's a $20.00 charge for the "free" tool. I don't know where it came from. Avast has never picked it up as a virus, which I understand it is. Can you help me? Also please understand I have very limited knowledge of this machine so please be patient with me.
-
run AdwCleaner.... click delete button....
then run a quick scan with Malwarebytes....click remove selected if anything is detected
you find them here. http://forum.avast.com/index.php?topic=53253.0
post logs here
is problem gone?
-
I ran the adw cleaner, clicked on delete and in getting here I had at least 5 pop ups from Shopping Sidekick, so I assume it isn't gone. It was in the list of the programs that the adw cleaner program found and was supposed to delete. Sorry to be so dense, but how do I attach the notepad list as you asked? I have not yet run the Malwarebytes Anti-Malware. My home page has totally changed, I can't get to the opening page that allows me to check my email. It's accessed through yahoo.com, but when I enter that on the search site nothing happens.
-
but how do I attach the notepad list as you asked?
below the txt box you write in here...click attachment and other options
if you still have problems after runnig AdwCleaner and Malwarebytes, then follow the instructions for OTL
attach that log and one of the removal experts will remove it for you when they arrive here tomorrow
-
Thank you for all your assistance. Here is the notebook of the AdwCleaner. I will do the Mal ware cleaner and send the results of that when it finishes.
-
Here are the results of the scans. My start page is gone/missing. Should I run the Rogue Killer program next?
-
malware removers are notified, wait fore advice
-
You will need to reset your start page manually
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
IE - HKLM\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm0037Kus&ptb=6303A287-0A70-4D95-83A3-550185E271F8&psa=&ind=2011031105&ptnrS=XNxdm0037Kus&si=&st=sb&n=77dde641&searchfor={searchTerms}
IE - HKU\S-1-5-21-3570802679-2674771948-3592112652-1000\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm0037Kus&ptb=6303A287-0A70-4D95-83A3-550185E271F8&psa=&ind=2011031105&ptnrS=XNxdm0037Kus&si=&st=sb&n=77dde641&searchfor={searchTerms}
[2013/05/06 21:14:46 | 000,000,000 | ---D | M] ("Shopping Sidekick Plugin") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ada919i2.default\extensions\extension21802@extension21802.com
[2013/05/06 21:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ada919i2.default\extensions\extension21802@extension21802.com\chrome
[2013/05/06 21:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ada919i2.default\extensions\extension21802@extension21802.com\defaults
[2013/05/06 21:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ada919i2.default\extensions\extension21802@extension21802.com\locale
[2013/05/06 21:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ada919i2.default\extensions\extension21802@extension21802.com\skin
[2013/05/06 21:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ada919i2.default\extensions\extension21802@extension21802.com\chrome\content\extensionCode
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [CouponXplorer Search Scope Monitor] C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe (MindSpark)
[2013/05/31 14:27:53 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/05/31 14:27:53 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/05/23 02:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponXplorer_5z
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
I tried to run OTL and got this message: .....OTL has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available......Of course I've never heard and I still have the bloody pop ups occurring. What now?
-
Could you retry the fix from safe mode please
-
I could not connect to the internet in the safe mode. I couldn't run the fix because I couldn't access this forum. Now what? Is there any other way I could have accessed the program you wanted me to run without being internet connected?
-
I could not connect to the internet in the safe mode.
did you try safemode with networking?
or copy the fix to notepad now....if able to, and save to desktop
then start in safemode, run OTL...copy the fix from the notpad you saved
-
I retried the OTL and this time I didn't have the Windows error come up. This is what I received
-
Is sidekick still showing ? And how is the computer behaving
-
Sidekick still shows at almost every site. Any time there is an italicized word or a link to an associated information source if I click on it for additional information about the article I'm reading sidekick pops up.
-
Sorry forgot the second part to the question- my computer seems to be running a little slower than before. I have also deleted over 100 temporary files and games I had downloaded hoping that would help the computer run little bit faster.
-
For the speed a defrag may well help
What browser is showing shopping sidekick ?
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
- Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
- please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- post the contents of JRT.txt into your next message.
-
Here is the JRT result:
-
I'm running disc defrag. I went to my library of tasks to run my disc defrag and received this" Task image is corrupt or has been tampered with. MaxPerformaSys". The library was a list of all the scheduled scans, checks, etc I had set up on my computer
-
Do you use maxperforma as your disc defragmenter ? Also has the sidekick now disappeared
-
I apologize for the prolonged delay in getting back to you. We have had horrendous storms and have been without power for almost a week. No more pop-ups!!! Hooray!! Thank you, thank you, thank you essexboy.
The computer is running a fair bit slower even after deleting all the extraneous files. I have defragmented multiple times, but no improvement. Any other suggestions?
-
Sorry forgot to answer the defrg question. I use the in computer disc defrag program. I am unfamiliar with the program you mentioned.
-
There is no problem on the delay. I will remove the tools and then look at the speed :)
Maxperforma is a disc defragmenter you appear to have installed
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Clear Restore Points
Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
(https://dl.dropbox.com/u/73555776/disc%20clean.JPG)
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/) and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755).
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport (http://www.trusteer.com/Products/Trusteer-Rapport-for-Online-Banking)
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)Keep safe :wave: