claro malware

[essexboy]

Sie müssen manuell zurücksetzen, die Chrom-homepage

You will need to reset the Chrome homepage manually

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
FF - prefs.js..browser.startup.homepage: "http://www.claro-search.com/?affID=114506&tt=5112_4&babsrc=HP_clro&mntrId=4007f783000000000000bc05430e5d1c"
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\251005~1.80\{c16c1~1\browse~1.dll) - File not found

:Files
c:\dokume~1\alluse~1\anwend~1\browse~1

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[daggel19]

Hi essex, After run the PC hangs itself Fixed, after new start lied provided. claro is there still.
Chrome is reset

[essexboy]

Still in firefox ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

FF - prefs.js..browser.startup.homepage: "http://www.claro-search.com/?affID=114506&tt=5112_4&babsrc=HP_clro&mntrId=4007f783000000000000bc05430e5d1c"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

:Files
C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSERPROTECT

:Commands
[resethosts]
[emptyjava]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[daggel19]

Yes,in Firefox. Chrome is clean.

[essexboy]

OK let me know if the OTL run clears it, I have removed the empty temp command so it should run properly now

[daggel19]

I believe the system now is clean. Now I have installed avast Internet Security version 7.0.1474. Will Avast Malware block?

[daggel19]

nevertheless, claro is still on my PC 

[essexboy]

Now this is being stubborn

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[daggel19]

hi, claro is pest. claro now points button (cleanup your pc) ! ?
screenshot is too big for attachments

[essexboy]

Combofix has now revealed the hidden files for me

1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
 
3. Open notepad and copy/paste the text in the quotebox below into it:
 

Firefox::
FF - ProfilePath - c:\dokumente und einstellungen\Desktop\Anwendungsdaten\Mozilla\Firefox\Profiles\orytotb2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.claro-search.com/?affID=114506&tt=5112_4&babsrc=HP_clro&mntrId=4007f783000000000000bc05430e5d1c
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - 4007f783000000000000bc05430e5d1c
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15697
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1023:12
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false

 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
 
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[daggel19]

here the combo log

daggel19

[essexboy]

Has it now disappeared

[daggel19]

claro is there still

[essexboy]

Do you have firefox set to synch when started

[daggel19]

I do not understand. What do I have to do?