Author Topic: wizebar & pup infection (Read 2446 times)

violetclouds · « **on:** August 17, 2013, 01:36:23 PM »

Hi,
I was foolish to follow recommendation on facebook and install photofiltre software on my desktop computer running XP. I usually notice when asked about bundled toolbars etc, but either it didnt ask, or i missed avoiding it! I think I was a bit overoptimistic as I thought avast protected me?
Anyway, since then you will not be surprised to learn I have been plagued by popups, and have an astonishingly long time booting up windows, and some sites just arnt working properly

I have tried deleting the software, uninstalling the browser, using regclean, reinstalling browser rerunning regclean. Note - initially regclean was finding errors and fixing them, now it finds errors but if you try and fix them it just gets stuck.
I have followed your helpful information topic on what to do to remove it up to a point
adwcleaner found a couple of things to delete
malaware also ran - it has in fact just blocked a couple of attempts to access a potentially damaging website
It definitely wanted to remove 3 things plus one suspect thing, which I did, and there was one other but this was merely me keeping a note of the website address where I had downloaded the software from.

I still have the popup plague, but its now slightly more erratic and really long boot up time.

I have downloaded otl but not run it yet, it looked a bit scary and I was worried about doing the wrong thing with it.

please can you help?
thanks!

essexboy · « **Reply #1 on:** August 17, 2013, 01:44:48 PM »

OTL may be scary, but for the initial run all it does is look

You can set Avast to check for PUPs, screenshot at the bottom. This is off by default

If you could run an OTL scan I will have a look see for you

violetclouds · « **Reply #2 on:** August 17, 2013, 02:51:07 PM »

my version of avast just has a little graph and says its on, it doesnt seem to have the on off toggle thats in your screenshot, maybe I havnt downloaded the latest version.

Here are the logs from OTL scan

thanks essexboy

essexboy · « **Reply #3 on:** August 17, 2013, 03:00:08 PM »

The screenshot is under settings for webshield

We will now remove the remnants, once done could you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-1482476501-1303643608-1417001333-1003\..\SearchScopes\{BF886E75-F3C3-4B8E-8340-4D6919927DF4}: "URL" = http://search.softonic.com/MOY00407/tb_v1?SearchSource=4&mi=24280ae900000000000000184ddea50f&q={searchTerms}
IE - HKU\S-1-5-21-1482476501-1303643608-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\Documents and Settings\Admin\Local Settings\Application Data\Softonic.com\Softonic\1.0.5.1\proxy.pac
FF - prefs.js..extensions.enabledAddons: %7B4176DFF4-4698-11DE-BEEB-45DA55D89593%7D:0.8.37
O4 - HKU\S-1-5-21-1482476501-1303643608-1417001333-1003..\Run: [Softonic] C:\Documents and Settings\Admin\Local Settings\Application Data\Softonic.com\Softonic\1.0.5.1\Softonic.exe ()
[2013/08/13 20:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Softonic.com
[2013/08/13 20:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\SoftonicSearchDeskBar
[2013/08/14 10:28:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20130731102838.job

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

violetclouds · « **Reply #4 on:** August 17, 2013, 08:23:34 PM »

Hi Essexboy

ran the fix in OTL, and then the quickscan

its still slower booting than it should be, had a quick check on chrome and I'm still getting the popups and unreliable behaviour.

Found the avast setting and have now got that checked, thanks.

essexboy · « **Reply #5 on:** August 17, 2013, 08:39:05 PM »

Hmm that did not appear to take, when OTL reboots this time there should be a notepad file popup could you post that

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKCU\..\SearchScopes\{BF886E75-F3C3-4B8E-8340-4D6919927DF4}: "URL" = http://search.softonic.com/MOY00407/tb_v1?SearchSource=4&mi=24280ae900000000000000184ddea50f&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\Documents and Settings\Admin\Local Settings\Application Data\Softonic.com\Softonic\1.0.5.1\proxy.pac
FF - prefs.js..extensions.enabledAddons: %7B4176DFF4-4698-11DE-BEEB-45DA55D89593%7D:0.8.37
O4 - HKCU..\Run: [Softonic] C:\Documents and Settings\Admin\Local Settings\Application Data\Softonic.com\Softonic\1.0.5.1\Softonic.exe ()
[2013/08/13 20:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Softonic.com
[2013/08/13 20:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\SoftonicSearchDeskBar
[2013/08/16 00:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SoftonicSearchDeskBar

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

violetclouds · « **Reply #6 on:** August 17, 2013, 10:00:49 PM »

I think I left the first fix stuck on desktop image for couple of hours
for this fix I left it not quite as long (somewhere between 15mins and half hour) before rebooting

Its hard to tell whether it has actually finished or not, it doesnt seem to get to reboot by itself

should I run the last fix you gave me again, and just leave it hoping it reboots? Or can you give me a very rough idea of the runtime I should give it before I give up and manually reboot?

essexboy · « **Reply #7 on:** August 17, 2013, 11:07:21 PM »

Does OTL appear to freeze at stopping processes ? If so it is MBAM stopping and is the reason it is not working so I will alter the fix slightly so that MBAM does not get annoyed

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKCU\..\SearchScopes\{BF886E75-F3C3-4B8E-8340-4D6919927DF4}: "URL" = http://search.softonic.com/MOY00407/tb_v1?SearchSource=4&mi=24280ae900000000000000184ddea50f&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\Documents and Settings\Admin\Local Settings\Application Data\Softonic.com\Softonic\1.0.5.1\proxy.pac
FF - prefs.js..extensions.enabledAddons: %7B4176DFF4-4698-11DE-BEEB-45DA55D89593%7D:0.8.37
O4 - HKCU..\Run: [Softonic] C:\Documents and Settings\Admin\Local Settings\Application Data\Softonic.com\Softonic\1.0.5.1\Softonic.exe ()
[2013/08/13 20:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Softonic.com
[2013/08/13 20:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\SoftonicSearchDeskBar
[2013/08/16 00:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SoftonicSearchDeskBar

:Commands
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

violetclouds · « **Reply #8 on:** August 17, 2013, 11:51:07 PM »

Hi Essexboy

that worked much better, it ran through the fix pretty quickly
scan report attached.

I have just tried a couple of sites that were problematic before, and no pesky popups, also the erratic behaviours seem to have disappeared

thank you so much for your help - I was really stuck!!!

essexboy · « **Reply #9 on:** August 18, 2013, 11:29:32 AM »

Glad to help.. Run OTL and press the cleanup button to remove it and its associated folders

Author Topic: wizebar & pup infection (Read 2446 times)

violetclouds

wizebar & pup infection

essexboy

Re: wizebar & pup infection

violetclouds

Re: wizebar & pup infection

essexboy

Re: wizebar & pup infection

violetclouds

Re: wizebar & pup infection

essexboy

Re: wizebar & pup infection

violetclouds

Re: wizebar & pup infection

essexboy

Re: wizebar & pup infection

violetclouds

Re: wizebar & pup infection

essexboy

Re: wizebar & pup infection