« previous next »
Pages: [1]   Go Down

Author Topic: VisualBee and SavingsVault adware?  (Read 3820 times)

0 Members and 1 Guest are viewing this topic.

erikc4l

  • Guest
VisualBee and SavingsVault adware?
« on: February 20, 2013, 12:11:13 PM »
hi my dad was using my laptop and was doing some surveys, he ended up downloading but didn't install a program called VisualBee. he opened the installer though, but didn't install. after a couple minutes my browser (Chrome) closed out by itself and when I tried to reopen it, it has a new home page.. he also installed something called SavingsVault and when I try to uninstall it using CCleaner, the uninstaller just freezes up.. also for VisualBee it somehow took over my chrome browser and by this I mean that everytime I open it, it shows a VisualBee search engine as the home page and even when I open a new tab. I've tried changing the home page and removing the extension in the settings of Chrome but after I reopen a new one, it just goes back to being VisualBee. as for SavingsVault i'm not sure what actions it is performing right now as I don't see a change regarding that.

i am running on windows 7 home premium 64 bit and posting all this info from a second computer while using a usb to transfer files/logs back and forth.

here is the MBAM log and the rest are attached as requested in the sticky thread. i appreciate anyone's help in helping me fix this so thanks in advance.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-HP [administrator]

2/20/2013 2:34:03 AM
mbam-log-2013-02-20 (02-34-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200002
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\User\AppData\Local\Temp\CSM2DAA.tmp (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\CSM7B8B.tmp (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\CSM81D2.tmp (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

(end)
« Last Edit: February 20, 2013, 12:30:13 PM by erikc4l »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: VisualBee and SavingsVault adware?
« Reply #1 on: February 20, 2013, 01:34:36 PM »
Is it still there after running adwcleaner and malwarebytes

Removers will check your logs later today
Logged

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: VisualBee and SavingsVault adware?
« Reply #2 on: February 20, 2013, 02:03:12 PM »
Step1

Re-run OTL.exe.

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Code: [Select]

:Files
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\hqi888z7.default\extensions\extension23986@extension23986.com
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\hqi888z7.default\extensions\toolbar@ask.com
C:\Users\User\AppData\Roaming\Babylon
C:\Users\User\AppData\Local\Savings Vault

ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

:Otl
CHR - homepage: http://visualbee.claro-search.com/?affID=120125&babsrc=HP_ss&mntrId=2256d4790000000000004ceb4228e2dc
CHR - homepage: http://visualbee.claro-search.com/?affID=120125&babsrc=HP_ss&mntrId=2256d4790000000000004ceb4228e2dc
CHR - Extension: VisualBee Toolbar = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfldpfnhfpiclgobehefdjjjhdnhlfnj\1.0_0\
O3 - HKU\S-1-5-21-1275422926-1184598271-3716548337-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

:commands
[CREATERESTOREPOINT]
[emptytemp]


  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
*************************
Step2



Please download zoek.exe and save it to your desktop.

  • Close any open browsers.
  •   Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.



  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...


  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]

autoclean;
filesrcm;
startupall;
installedprogs;
firefoxlook;
chromelook;
emptyclsid;
  • Click on Run script button
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log

    Note: It will also create a log in the C:\ directory named "zoek-results.log"


**************************
Step3

Re-run OTL, just click on RunScan and attach here fresh OTL.txt log
Logged

erikc4l

  • Guest
Re: VisualBee and SavingsVault adware?
« Reply #3 on: February 20, 2013, 10:11:10 PM »
hi thank you for the replies. i just woke up so sorry for the late reply and started doing what you said. i'll attach the logs as requested.

EDIT: after doing all the fixes, VisualBee seems to have disappeared from my browser, but could you please make sure? as for Savings/Strong Vault, i'm not sure because it is still in the programs list of CCleaner.
« Last Edit: February 20, 2013, 10:34:50 PM by erikc4l »
Logged

erikc4l

  • Guest
Re: VisualBee and SavingsVault adware?
« Reply #4 on: February 21, 2013, 12:41:52 AM »
actually, I believe the VisualBee is still on my computer? I was checking to see if Savings/Strong Vault was still in the programs list and Visual Bee was in there also.
Logged

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: VisualBee and SavingsVault adware?
« Reply #5 on: February 21, 2013, 06:44:16 PM »
Hi,

Quote
I was checking to see if Savings/Strong Vault was still in the programs list and Visual Bee was in there also.
It doesn't matter, it is important to we remove all related file.  ;)





Re-run zoek.exe as before...

  • Close any open browsers.
  •   Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.



  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...


  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
Savings Vault;z
Strong Vault;z
VisualBee;z
VisualBee Toolbar;z
Savings Vault;s
Strong Vault;s
VisualBee;s
VisualBee Toolbar;s
emptytemp;
    Check the options below:

Standard Search
System Restore Point


  • Click on Run script button
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log

    Note: It will also create a log in the C:\ directory named "zoek-results.log"


Logged
Pages: [1]   Go Up
« previous next »