Author Topic: New Malware Virus!!! > portaldosites  (Read 19554 times)

0 Members and 1 Guest are viewing this topic.

Valence321

  • Guest
New Malware Virus!!! > portaldosites
« on: April 16, 2013, 06:51:50 AM »
Hi All,
Ive been having trouble getting rid of this pesky virus that is apparently worse then I realised called "portaldosites" which apparently works as a re-directory among other things. And After reading various articles and I have tried do do a few different solutions but with no success, So any successful help would be appreciated!

Thank You.

Offline mikaelrask

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1556
Re: New Malware Virus!!! > portaldosites
« Reply #1 on: April 16, 2013, 07:34:01 AM »
hey and welcome to the forum.

plaese follow this guide and attach your logs.

a malware epert will help you from there.

http://forum.avast.com/index.php?topic=53253.0
Windows 8.1 amd a10-5700 64 bit
12 GB ram 1 tb hard drive. Avast 18, MBAM

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: New Malware Virus!!! > portaldosites
« Reply #2 on: April 16, 2013, 07:42:35 AM »
i guess you mean portaldosites.com search?

if so you have a browser hijacker, and the first program (AdwCleaner) in the guide Mikaelrask gave you should kill it
after you have run it, run the next program (Malwarebytes) also
post the logs here and tell us how it did go...


if still problems, continue with OTL and attach that log, then a removal expert will remove it for you later today



« Last Edit: April 16, 2013, 07:54:16 AM by Pondus »

Valence321

  • Guest
Re: New Malware Virus!!! > portaldosites
« Reply #3 on: April 16, 2013, 08:19:09 AM »
Hi guys,
A complete success, and yes I meant portaldosites..com
And I was so glad to read an easy solution.  :)

Thank you.
« Last Edit: April 16, 2013, 08:21:35 AM by Valence321 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: New Malware Virus!!! > portaldosites
« Reply #4 on: April 16, 2013, 08:33:28 AM »
Your welcome  ;)

you may post the logs here.....

techlike99

  • Guest
Re: New Malware Virus!!! > portaldosites
« Reply #5 on: April 17, 2013, 08:30:43 PM »
malavida.com is pushing this browser hijacker. Got a few PCs with this nuisance. Malavida is a rather popular download site. Some AVs (won't mention names) block this site which makes me think about different standards because they certainly do not block cnet which is clearly doing the same thing.

As for portaldosites, I noticed that the key point of complete removal failure is that people forget or do not know that hey also have to fix web browser's shortcut, see this: http://deletemalware.blogspot.com/2013/04/remove-portaldosites-removal.html

Thankfully, bleeping computer offers this small utility called Shortcut Cleaner http://www.bleepingcomputer.com/download/shortcut-cleaner/

Tested, works fine and saves time :) So, anyone who can't remove portaldosites after reseting web browser or removing it manually, use Shortcut Cleaner.

Cheers!

pmurari

  • Guest
Re: New Malware Virus!!! > portaldosites
« Reply #6 on: April 20, 2013, 10:58:35 PM »
I got the same problem and can't seem to fix it. Can anyone help me please?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: New Malware Virus!!! > portaldosites
« Reply #7 on: April 20, 2013, 11:15:09 PM »
Could you post the OTL log if this small programmes fails to fix it

Please download to your desktop Short cut cleaner
Then run.

When the Shortcut Cleaner has finished scanning your hard drive it will create a log file on your desktop called sc-cleaner.txt and then display it.
Please post that log

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: New Malware Virus!!! > portaldosites
« Reply #8 on: April 20, 2013, 11:16:56 PM »
Follow essexboy's instructions to the dot.
Also consider this additional info: http://deletemalware.blogspot.nl/2013/04/remove-portaldosites-removal.html (posted by Admin there)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

pmurari

  • Guest
Re: New Malware Virus!!! > portaldosites
« Reply #9 on: April 21, 2013, 06:56:36 AM »
The OTL file and the sc cleaner log attached. Really appreciate the help.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: New Malware Virus!!! > portaldosites
« Reply #10 on: April 21, 2013, 12:01:43 PM »
Try this and let me know the result

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE - HKU\S-1-5-21-1283327323-3804356362-3578856155-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
IE - HKU\S-1-5-21-1283327323-3804356362-3578856155-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985
FF - prefs.js..browser.search.order.1: "portaldosites"
FF - prefs.js..browser.search.selectedEngine: "portaldosites"
FF - prefs.js..browser.startup.homepage: "http://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=TOSHIBAXMK3265GSXN_Z0J3B1CMBXXZ0J3B1CMB&ts=1366487985"



:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

pmurari

  • Guest
Re: New Malware Virus!!! > portaldosites
« Reply #11 on: April 21, 2013, 02:51:31 PM »
Please find attached the log. There was an extra one this time (2 logs).

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: New Malware Virus!!! > portaldosites
« Reply #12 on: April 21, 2013, 03:33:54 PM »
Could you confirm it has now gone ?

pmurari

  • Guest
Re: New Malware Virus!!! > portaldosites
« Reply #13 on: April 21, 2013, 04:50:57 PM »
I reinstalled chrome, and internet explorer, so the home page is normal now. Is there any other way of checking if the virus is there or not?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: New Malware Virus!!! > portaldosites
« Reply #14 on: April 21, 2013, 06:45:18 PM »
The elements I removed should have been the last, but as you reinstalled then no there should be nothing left