Author Topic: Hijacked Search Engine: Strongvault and Bloatware  (Read 5325 times)

0 Members and 1 Guest are viewing this topic.

Offline Jobber

  • Jr. Member
  • **
  • Posts: 88
Hijacked Search Engine: Strongvault and Bloatware
« on: January 23, 2013, 09:46:11 PM »
I tried to download a file back on 1/15/13 and instead of the file I got Strongvault which substituted itself as a Browser over my Google Chrome as well as a bunch of bloatware programs that came along with it.


I ran the Adware program and that got rid of the Strongvault Browser and most of the bloatware and after making some Tool adjustments with Google Chrome, I got Google Chrome back as my browser.



However, Strongvault is still on my computer and has a Start Menu Icon; essentially, Strongvault allows various pop-ups to appear (e.g., requests for Surveys from various websites I am visiting) and it frequently asks that Adobe Flash be updated.

I just close the box of the pop-ups and don't download anything from this Strongvault Box.


I did go to the actual Adobe website and downloaded an update from actual Adobe website for the Flash Player, but Strongvault still pops-up stating that an update for Adobe Flash Player is needed.


Of course, I just ignore all these messages from Strongvault and download nothing from it.



Is there any way to get rid of this??????




Malwarebytes Anti-Malware, Super Anti-Spyware, and Avast! Free Anti-Virus (non-Boot Scan) do not get rid of it.



In addition to Strongvault, 'Internet Turbo' and 'InfoAtoms' are other programs that were installed in on my computer.


'Internet Turbo' was a button on the Strongvault Browser (which I got rid of with the Adware program), but 'Internet Turbo' is still in my Control Panel's list of Programs and also 'InfoAtoms'. 



Now, if you try and uninstall Strongvault manually, you cannot and then Strongvault tries to install itself on the computer which I cancelled.

 
If you try and uninstall 'Internet Turbo', you get a short pause and nothing happens.

If rightclick on 'InfoAtoms' to uninstall, the word "Change" appears.



I followed the steps in this Thread from December:

http://forum.avast.com/index.php?topic=112038.msg879683#msg879683


After Adware, I downloaded OTL and  did a Run Scan following the instruction in the December Thread. 



Attached Scans and Info:
« Last Edit: January 23, 2013, 09:55:30 PM by Jobber »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Hijacked Search Engine: Strongvault and Bloatware
« Reply #1 on: January 23, 2013, 09:57:27 PM »
Let me know if this works

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
IE - HKU\S-1-5-21-404688496-49082429-2589388257-1002\..\SearchScopes\{E21ED935-DF52-40C9-9464-63B372160AC7}: "URL" = http://www.mysearchresults.com/search?&c=4001&t=10&q={searchTerms}
[2013/01/15 15:44:50 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\S-1-5-21-404688496-49082429-2589388257-1002..\Run: [Messenger] C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe (Stronghold LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
[2013/01/15 15:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InfoAtoms
[2013/01/15 15:44:32 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Strongvault Online Backup
[2013/01/15 15:44:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Stronghold_LLC
[2013/01/15 15:44:26 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/01/15 15:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/01/15 15:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup
[2013/01/15 15:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strongvault Online Backup
[2013/01/15 15:44:26 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\StrongVault
[2013/01/15 15:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2013/01/15 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Programs
[2013/01/15 15:44:26 | 000,001,268 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
[2013/01/15 15:44:26 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Shortcut to Strongvault.exe.lnk
[2013/01/15 15:44:26 | 000,001,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
[2013/01/15 15:44:26 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Shortcut to Strongvault.exe.lnk

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline Jobber

  • Jr. Member
  • **
  • Posts: 88
Re: Hijacked Search Engine: Strongvault and Bloatware
« Reply #2 on: January 24, 2013, 01:22:04 AM »
OK, I followed your instructions.



1) Strongvault is gone.  ;D 

So success with regard of ridding the computer of Strongvault.


2) However both 'InfoAtoms' and 'Internet Turbo' still appear in the list of Programs in my Control Panel.


I don't know exactly what they do; they were installed with the Strongvault; I'm certainly not receiving any pop-ups or messages from them.

They resist being uninstalled manually.



Logs and information attached:


The OTL File called 'Finale' are the results of the Quick Scan.

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: Hijacked Search Engine: Strongvault and Bloatware
« Reply #3 on: January 24, 2013, 07:28:09 AM »
Does clicking on yes in the box on your second pic not work ? ( would you like to remove the icon )

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Hijacked Search Engine: Strongvault and Bloatware
« Reply #4 on: January 24, 2013, 04:08:28 PM »
If clicking yes to removal does not work let me know .. Also any further problems ?

Offline Jobber

  • Jr. Member
  • **
  • Posts: 88
Re: Hijacked Search Engine: Strongvault and Bloatware
« Reply #5 on: January 27, 2013, 01:40:27 AM »
If clicking yes to removal does not work let me know .. Also any further problems ?


It does not work.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Hijacked Search Engine: Strongvault and Bloatware
« Reply #6 on: January 27, 2013, 11:33:58 AM »
OK lets ensure all permissions are reset to normal

Download  Windows Repair (all in one)  from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following  items and tick restart system when finished