Avast WEBforum
Other => Viruses and worms => Topic started by: Thundagia on July 13, 2013, 05:17:08 PM
-
(long story/explanation here, if you want to get to the point, read the last few sentences) A friend of mine was using my computer recently, (EDIT: Came from yahoo) and he managed to get ad yield manager, and a delta search toolbar virus inside my computer. I went through my program files, and regedit and tried to remove them since avast wasnt helping me find them, although they were never removed. So i ran old-timers temp file remover, and the adw cleaner (recommended from you guys) but it still didnt work. So i then ran tigzy`s rogue hunter. I still had the problem. (They arent rogue files obviously) I looked up for removal tools or manual removals and i was brought to spy hunter. I did some searches, some one that was an mvp on the microsoft forums said it was safe, and avast, too, so i trusted the download. I did a scan with it, and it found many things i thought i removed manually before, so i trusted it, and bought it. (not a very smart idea) I let it run a scan, but after today i was installing the program in another computer and McAfee said it was unsafe. Later i found articles saying it was fake, and hard to remove. I ran Microsoft`s fix it tool, to remove it, but im still wondering if its there. Also, i still have ad yield manager in my computer, too even though the fake anti virus said it was removed. How might you say i remove it? Also, is spy hunter a known fake anti virus? I can post some scan logs if you want, just tell me where from. Thanks for your help!
EDIT: Requested logs attached (will be adding more)
EDIT 2: Removing all attachments from the posts, so no one can access any goody information. ;)
-
Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR..!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
-
Okay, i have posted the requested logs above, any extras in this post. All logs of date besides aswMBR were made before i had removed spyhunter. I couldnt find/think i didnt receive any logs from MBAM, although i can tell you that the scan didnt find any threats.
-
Just two bits left
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:Commands
[CREATERESTOREPOINT]
:OTL
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
[2013/07/12 10:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
:Commands
[resethosts]
[emptytemp]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Alright. Heres the log created by otl. (The enigma software - spyhunter wasnt found because i manually exterminated it with fixit myself earlier today.)
Thanks so much for all of your help so far! :)
-
Any further problems ?
-
Yes, ad yield manager is still in my computer as from what i can find. Possibly other toolbar spyware/adverts.
I blocked the site url wXw.ad.yieldmanager.com (www. although you shouldnt visit the site if youre just passing by, or viewing the post for youre own issues as you may receive the virus also) with avast. Whenever i go onto yahoo answers I can see avast has blocked an ad in the corner directly from ad yield manager. So its still trying to create popups, meaning its still in affect somewhere.
-
Ad yield manager and Yahoo are in cahoots so they will always appear on its pages
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
- Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
- please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- post the contents of JRT.txt into your next message.
-
I couldnt find/think i didnt receive any logs from MBAM, although i can tell you that the scan didnt find any threats.
when you open Malwarebytes there is a log tab at top. ;)
-
Heres everything that directly came from the jrt.txt document.
(Removed So the public dosent get any goody information. ;) )
Thanks very much, also that must have been where it came from. (yahoo) Who knew yahoo was all in it for money. ;)
EDIT: Oh thanks pondus, i will re install Mbam and post the log in this reply when i receive it.
Heres the log from mbam:
(Also removed)
-
EDIT: Oh thanks pondus, i will re install Mbam and post the log in this reply when i receive it.
you should not remove it.....that is a program to keep alongside your AV ;)
also recomended if you use removable media. www.mcshield.net
-
Okay, the issue has been solved. :) Thanks for all of your help.
My last question would've been if i should keep all of these applications or if they conflict with avast, but now i know they are all to keep.
-
Run OTL and press the cleanup button, run AdwCleaner and press uninstall then delete JRT from the desktop. The tools should be downloaded on an as required basis
-
All done, thanks! Im glad avast has such great support in their forums.
EDIT: Spyhunter was not legitimate it seems, as from just everything done in this forum made me go from about 200 fps average to 400 fps on average in applications/games.
-
Haters gonna hate :) They are almost 10 years in business, A+ from BBB http://www.bbb.org/west-florida/business-reviews/computers-hardware-software-and-services/enigma-software-group-usa-in-clearwater-fl-90083408
I don't think it's a fake product. By the way, it's not an antivirus product.
-
True but I myself have never trusted Enigma as it shows lots of problems and will only repair if you pay
-
(^) Exactly my thought, and ive heard more negative things than positive. I know its not an anti-virus, its just the easiest way to put it. ;) Plus they got their money anyways, so who cares.
Its very odd that they dont want you to remove their software, it seems too malicious.
-
I'm not a fan either, but I wouldn't use such words as "fake", "scam", "not legitimate" when speaking about SpyHunter. It's just not fair. I would say, I don't recommend it but if you really want to try it, go ahead.
I agree, their model is unusual nowadays, scan/buy/remove. On the other hand, they will return your money if you are not happy with the results. Not a problem here.
-
I am posting out this message so it gets know on the web to everybody.
Spyhunter is the biggest scam on the web and I'll tell you why.
I bought Spyhunter after being infected. When I installed it, it discovered and fixed 212 threats.
Strange that AVG had seen none of those threats.
After that first scan, it reported threats everyday, some of them repetitively, while I wasn't downloading anything nor visiting suspected websites.
I had gotten suspicious already when paying (but neglected my internal warning signs out of panic about my infected laptop) because I paid by Paypal and got redirected from enigmasoftware.com to safecart.com, own by Revenuewire.
I was thinking: what company calls themselves Revenuewire???
Then in de order confirming email Spyhunter told me I was on automatic renewal but it would be easy to switch that off through the payment provider. I went to search for my Safecart account but I did not HAVE a Safecart account, although they had sent me an email. Now I got more suspicious. I went to my Paypal account and saw that Safecart had obtained permission for automatic payment every 6 months!
I googled and found that there is a special page for people who have been duped by Safecart on their Paypal account, some of them even get charged for stuff they never ordered but still have to pay for. On this page a Paypal employee gives you tips how to stop the automatic payments from within your Paypal account page.
I immediately uninstalled Spyhunter and bought Bitdefender Total Security. Bitdefender found no infections on my laptop at all and today I am still using it to great satisfaction.
Yesterday I went into my Spyhunter account to ask for a deletion of the account. But also, I had noticed that my password for that account is just my first name and last name together. Now how vicious can you be? This is THE ultimate proof for me that Spyhunter is malware, because what antimalware company would 1. send you the password by email 2. make a password that is the most unsafe ever 3. forbid you to change the password (when I asked for it, the answer was:
Response for your Enigma Software Group account information request:
Account Information:
===================
**USERNAME: firstname.lastname@gmail.com
**PASSWORD: firstnamelastname
Thank you for your contact!
enigmasoftwaregroup.com
And then I started looking back. When did I buy and install Spyhunter? I looked into Paypal history. Yes, October 30th. Strange, because my Skrill credit card was hacked on November 4th from London and charges were tempted till on the 11 th of November a real charge was made. I discovered that the next morning and Skrill booked it back and canceled the credit card.
Putting things together: Oct. 10 installed Spyhunter, from a UK based company, paid through a UK based company.
Nov. 4th first attempt to charge on my Skrill credit card (a UK based company) from a person in London, UK (ordered sports good and pizza's in London).
Spyhunter scam fake in reality vicious malware - donotinstall spyhunter - spyhunter deceptive
-
EDIT: Requested logs attached (will be adding more)
EDIT 2: Removing all attachments from the posts, so no one can access any goody information. ;)
The logs do not output any personal info other then the name of the accounts and the computer name. Nothing like IP's or Credit Card info (If you've used it on the PC) is released or even generated.