Win32:BHO-ALX[Trj]

[rbrown88]

Avast automatically blocks it. In the virus chest under name is is called IEOptimizer64.dll with the location C:Program Files (x86)\SavingsBull.
After running a full scan another item was added to the chest. Name is 6273be.msi. The original location is C:/Windows/Installer

I noticed another area in which it is in, but not picked up by avast C:\Program Files\SavingsbullFilter. **have tried deleting it, but won't allow me to**
I keep getting popups of it being blocked by avast and having more copies added to the chest.
Another thing is when it is blocked firefox will close out.


Windows 7 64bit

[Pondus]

follow instructions  http://forum.avast.com/index.php?topic=53253.0

attach Malwarebytes and OTL logs

[TwinHeadedEagle]

Hi,


No need for logs, let's get started straight away:



Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[rbrown88]

Alright I'll begin running farbar.
I did just finish a malwarebytes scan and have the log attached just in case. This was just before the reply.

[rbrown88]

Here's the farbar logs.

[TwinHeadedEagle]

Farbar looks good, let's run one more scan:


Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
  
• Double click on zoek.exe to run the tool .
  Please wait for the tool to start...
  
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:

Code: [Select]

SavingsBull;u
SavingsbullFilter;u
C:\Windows\system32\SavingsBullFilterService.log;f
autoclean;
emptyclsid;
emptyalltemp;


• Click on button.
  Please wait until a logreport will open (this can be after reboot)
  
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"
  

[rbrown88]

Here you go. I will be back later tonight to check the post.

[TwinHeadedEagle]

How is the situation now, do you still get a warning?

[rbrown88]

Sorry about the late response, been busy with finals. So far so good, have not received any more popups.

[TwinHeadedEagle]

I can recommend you this software to avoid Adware in the future:

http://unchecky.com/

Read here how it works --> http://www.howtogeek.com/179758/how-to-avoid-junkware-offers-with-unchecky/



• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

[rbrown88]

Done and done. Thank you so much for the help, it was very much appreciated.

[cameltosis79]

I also had the same issue and would like to know if what Farbars finding mean. Please and thank you!!!!

[cameltosis79]

This is the report from Zoek.

[TwinHeadedEagle]

Did you still experience problem after running Zoek?