Avast WEBforum

Other => Viruses and worms => Topic started by: REDACTED on May 05, 2015, 02:31:33 PM

Title: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 02:31:33 PM

Hi,
I have recently removed an abundance of malware,virues etc from a lenovo win7 64bit laptop.
However I still keep getting the pop up windows as soon as I connect to the internet.
I have run Malwarebytes,adwcleaner_4.203 and avast free virus.
After reading the forums about FRST64.exe I am hoping you guys/gals can help with the log files that were generated.
Many thanks in advance
Paul

Title: Re: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 02:38:24 PM

Here are the aswMBR scan log and adwcleaner.txt as well

P

Title: Re: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 03:26:43 PM

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

• Norton

Uninstallation procedure:

• Press the (https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/WindowsKey.png) + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  
• Search for each uninstalled entry, right-click it and select Uninstall.
  

This should be done until any other steps will be taken.


Download and run Norton Uninstaller
http://redirectingat.com/?id=1402X558040&url=http%3A%2F%2Fca.huji.ac.il%2Fbf%2Fmcafee%2FNoNav.exe&sref=http%3A%2F%2Fwww.tomshardware.co.uk%2Fforum%2F165553-37-symantec-here



Step 2



(https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) Fix with Farbar Recovery Scan Tool

(https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif) This fix was created for this user for use on that particular machine. (https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif)
(https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif) Running it on another one may cause damage and render the system unstable. (https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif)

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on (https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) icon and select (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg) Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.

Title: Re: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 04:35:37 PM

Hi Argus,
Thanks for your time and efforts. :)
Here's the fixlog.txt
When running the NoNav it did run into some errors.
I have attached two images. one is of a error message stating an error in installation there were a few of these.
Then the lenovo onekey recovery window popped up with a compatilbitly issue.

I'm unsure whether these had any effect to the process but thought i would mention them.

Regards
Paul

Title: Re: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 04:45:06 PM

Okay,


(https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on (https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) icon and select (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg) Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

Please include their content into your next reply.


Step 2.



(https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png) Scan with ZOEK

Please download ZOEK (http://hijackthis.nl/smeenk) by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here (http://www.bleepingcomputer.com/forums/topic114351.html).

• Right-click on (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png) icon and select (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg) Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Title: Re: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 07:04:08 PM

Zoek took quite a long time to complete.
Here are the logs
Regards
Paul

Title: Re: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 07:11:26 PM

Quote

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

Chrome installation is altered by malware. Reinstall is needed.

Close all Chrome windows and tabs.
Go to the Start menu > Control Panel.
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.


Download Chrome
https://www.google.com/intl/en/chrome/browser/desktop/

Title: Re: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 07:50:19 PM

I have unistalled chrome. I have now installed firefox.
Any thing I should do? Or should i just monitor?
Regards
Paul

Title: Re: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 07:54:02 PM

How is your PC now?

Title: Re: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 08:07:41 PM

Hi
PC is good. I have restarted a few times, disconnected from network and reconnected to network and avast has not reported any issues.
Thanks for your help.

Best Regards
Paul

Title: Re: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 08:10:37 PM

Download DelFix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix) by Xplode and save it to your desktop.

• Run the tool by right click on the (http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png) icon and Run as administrator option.
  
• Make sure that these ones are checked:
• Remove disinfection tools
• Purge system restore
• Reset system settings
• Push Run and wait until the tool completes his work.
  
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
  

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Title: Re: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 08:24:33 PM

Hi
All done thanks.
I appreciate you volunteer for free and am grateful for your assistance.
Donation just paid in to your paypal,  :)
BR
Paul

Title: Re: reduled.info, blackled.info and reddie.net viruses etc pop ups
Post by: REDACTED on May 05, 2015, 08:26:51 PM

Thanks Paul  :)