Avast WEBforum

Other => Viruses and worms => Topic started by: krypton on August 29, 2016, 02:57:50 PM

Title: help me to remove this virus
Post by: krypton on August 29, 2016, 02:57:50 PM

hello

i am using avast premier and my avast did not found this virus. it automatically opens the homepage whenever i open any browser in my laptop.

please help me to remove this virus.i tried mbam free and also tried adware but none of them captured this virus.i searched on google and it reviews says that safesurfs.net is virus which comes in browsers and automatically opens page.

please help.

Title: Re: help me to remove this virus
Post by: Eddy on August 29, 2016, 03:54:41 PM

1] Break the link so people can not click on it.

2] Follow the instructions > https://forum.avast.com/index.php?topic=53253.0

Title: Re: help me to remove this virus
Post by: krypton on August 29, 2016, 06:57:08 PM

I broken link as u told.

Title: Re: help me to remove this virus
Post by: krypton on August 29, 2016, 07:42:16 PM

Quote from: Eddy on August 29, 2016, 03:54:41 PM

2] Follow the instructions > https://forum.avast.com/index.php?topic=53253.0

please check files which u need.please help me.

Title: Re: help me to remove this virus
Post by: dbrisendine on August 29, 2016, 11:26:43 PM

(https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) Fix with Farbar Recovery Scan Tool

(https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif) This fix was created for this user for use on that particular machine. (https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif)
(https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif) Running it on another one may cause damage and render the system unstable. (https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif)

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on (https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif) icon and select (https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg) Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Also, please tell me how your system is now.  Thanks.

Title: Re: help me to remove this virus
Post by: krypton on August 30, 2016, 05:45:04 AM

hello

i done as u said.and this is that log file. i tried to restart browsers and that safesurf is not opening. safesurf is gone from browsers.i think the procedure u said it worked in it.thank u very much for help.

will my laptop affect any side effects after the procedure as u said?will it delete any important registry etc?

what do i need to do now?

thank you.

Title: Re: help me to remove this virus
Post by: dbrisendine on August 30, 2016, 06:39:27 AM

We will not delete any important files and any changes we make to your system (viewing hidden files, etc.) we will correct when the removal process is finished.



AdwCleaner by Xplode

Download AdwCleaner from here (http://www.bleepingcomputer.com/download/adwcleaner/) or from here (https://toolslib.net/downloads/viewdownload/1-adwcleaner/). Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
  (http://i1351.photobucket.com/albums/p785/dbreeze2/Scanners%20screens/AdwCleaner_v5016_zpsf8ln0fea.png)
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this

(http://1.bp.blogspot.com/-vitKqfMQS4o/UEDylIQ7HJI/AAAAAAAABLc/Hx-IwqKoaxg/s1600/adwcleaner_delete_restart.jpg)

• On reboot a log will be produced; please attach that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt
  
  Optional:
  
  NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.

Title: Re: help me to remove this virus
Post by: krypton on August 30, 2016, 07:27:04 AM

i have done as u said.

this is adwcleaner log file.

Title: Re: help me to remove this virus
Post by: dbrisendine on August 31, 2016, 03:51:35 AM

Your logs are looking clean and we need to remove our tools, reset your system and get you on your way ...

Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

• Download Delfix from here (https://toolslib.net/downloads/finish/2/) to your desktop and double click it to start the program
  
• Ensure Remove disinfection tools is ticked
  Also tick:
  
• Activate UAC
• Create registry backup
• Purge system restore
• Reset system settings

(http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png)

• Click Run
  
• The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system.  Please attach the log in your next reply.
  

You can delete any log files left on your desktop as these are no longer needed.

Title: Re: help me to remove this virus
Post by: krypton on August 31, 2016, 05:21:37 AM

i done as u said. it did not asked me for reboot so i did not rebooted.

this is that log file.

i scanned my laptop today 5 minutes ago with mbam and found 1 threat.what i do now?should i clean it with mbam?

Title: Re: help me to remove this virus
Post by: dbrisendine on August 31, 2016, 09:42:22 AM

Yes, clean with MalwareBytes.  That is a registry setting leftover from past infections; no active files were found. 

How is your system now?

Title: Re: help me to remove this virus
Post by: krypton on August 31, 2016, 02:09:12 PM

i done as u said.i delete that malware from mbam.

system looks good now.but when i restart laptop it takes about 1 minute to load my desktop page. i have about 90 icons and shortcuts  and folders together at my desktop.

is it taking time to load due to having about 90 icons folders and shortcut on desktop?

Title: Re: help me to remove this virus
Post by: dbrisendine on September 01, 2016, 08:43:48 AM

As long as the scanners (Avast and MBAM) show clean, you should be good to go right now.  As to the long loading time, give it a few days for the changes to 'settle' in and see if the time improves.

Title: Re: help me to remove this virus
Post by: krypton on September 01, 2016, 08:52:18 AM

thank u very much for cleaning my system.i was really so much worried about it because i dont have windows 8.1 license cd and so i cant format it if i get any problem in pc.

when i bought my laptop.it got windows 8.1 license inbuilt. i dont have cd of it.

i dont know how to copy windows 8.1 with license which came inbuilt in my laptop.can u please tell me how to do that?

i want to copy my windows 8.1 with license i am using now.so i can keep with me and i can format laptop if something went wrong with my laptop. please suggest me how can i do that.

Title: Re: help me to remove this virus
Post by: Pondus on September 01, 2016, 09:01:32 AM

Quote

when i bought my laptop.it got windows 8.1 license inbuilt. i dont have cd of it.

Most computers today have a factory recovery partition

If needed your licens number should be on the Microsoft sticker under your computer
https://www.google.no/search?q=microsoft+license+sticker&rlz=1C1GGGE_noNO672NO672&source=lnms&tbm=isch&sa=X&ved=0ahUKEwjV9MPay-3OAhWMDiwKHUckCUIQ_AUICCgB&biw=1920&bih=955

Title: Re: help me to remove this virus
Post by: krypton on September 01, 2016, 10:37:47 AM

Quote from: Pondus on September 01, 2016, 09:01:32 AM

Quote

when i bought my laptop.it got windows 8.1 license inbuilt. i dont have cd of it.

Most computers today have a factory recovery partition

If needed your licens number should be on the Microsoft sticker under your computer
https://www.google.no/search?q=microsoft+license+sticker&rlz=1C1GGGE_noNO672NO672&source=lnms&tbm=isch&sa=X&ved=0ahUKEwjV9MPay-3OAhWMDiwKHUckCUIQ_AUICCgB&biw=1920&bih=955

hello

i found 1 command from 1 site

wmic path softwarelicensingservice get OA3xOriginalProductKey




i tried that command in cmd and got something 25 digits number. is that product key that we need to enter while installing os on laptop?

Title: Re: help me to remove this virus
Post by: Pondus on September 01, 2016, 10:55:17 AM

IF you are going to factory resett from the partition in your comp, the there is no need for license

How to do it > google how to factory reset (computer name / number)

If you do it from a cd the you may need to enter the license number found on the microsoft sticker under your comp

Title: Re: help me to remove this virus
Post by: krypton on September 01, 2016, 11:07:44 AM

the license number which u said is product key? rite?

if yes then i got that product key from cmd and powershell command.

how to copy that windows 8.1 os   which came inbuilt in my laptop when i buyed laptop.i want to copy windows 8.1 os  as a bootable blank cd or dvd so that fresh installation gets start automatically from dvd or cd when i restart my laptop.


what is the size of windows 8.1 ?



i have 4.7 gb blank dvd.i will buy another if it is more than 4.7gb.

Title: Re: help me to remove this virus
Post by: Pondus on September 01, 2016, 11:48:33 AM

http://lmgtfy.com/?q=how+to+factory+reset+my+computer

http://lmgtfy.com/?q=clone+recovery+partition