IMMUNE/IMPOSSIBLE WIN32:Adware-gen (ADW)

[REDACTED]

My problem will most likley be able to be solved by a genius cpu tech person.

Ok, here is the scenario. After reading about AVAST security I decided to download it
from CNET downloads.com and also Malwarebytes and Driver Booster and also the IOU Uninstaller (green icon). I ran everything and everything was perfect
My computer was actually faster. Here comes the problem #1: I decided to also download
a GIF to JPEG converter from cnet. Now during the installation I may have clicked (but I am not really sure that I did becasue
I read all of my prompts) I may have clicked to download YTDownloader. I saw the icon on
my desktop and wanted to uninstall it.


1. Tried control pannel uninstall, did not work
2. Tried the IO Powerful Uninstaller thing, did not work.
3. Tried ADWCleaner. did not work.
4. Tried Junkware Removal tool, did not work.
5. I tried to activate Huntermode from another program (forgot which one it was) which lets
you pin point the targeted icon (YTDownloader in my case). HERE IS WHERE IT GETS INSANE!

So I move the Huntermode "sniper reticle" over to the YTDownloader icon and click delete.
It seems to be uninstalling it. However for some reason, I ended up uninstalling my ADOBE!
Yes, it seems that it transfered the target to ADOBE instead itself or something.

I was like NO WAY! So I tried again, hunter mode, sclick on YTDownloader icon, and BOOM again
it selected another different program to be deleted.  ( which I didnt because I noticed it)

At this point I gave up. I could not go back even on my System Restore(because the earliestversion for some reason had it too
(my earlier version of my back up was for some reason exactly after i donwloaded YTDownloader)

So now I could NO LONGER GO ONLINE. Yes, I opened google, explorer, and get the messege about a
proxy server something. So I read up online (on my phone) about how to fix it (the proxy thing). I went into
Registry and managed to sucessfully remove the problem from Proxyand Internet WORKED AGAIN.
I also tried to delete the Registry that had YTDownloader folder and its sub components, and I rebooted several times.
BUT NOTHING CHANGED the icon was still on my desktop.

Then I downloaded HITMAN PRO. Hitman Pro did it's scan and I did everything and it found like 126 YTDownloader things,
I removed it and rebooted. Upon START uP YTDOWNLOADER was finally GONE! BUT HERE IS
THE PROBLEM:

AVAST KEEPS FINDING WIN32:Adware-gen (ADW) and placing it in the VISRUS CHEST.It finds 2 at a time.
And in 30 min there are like 8 of them in there. I chose to delete them but they keep re-appearing.
I CAN NOT GET RID OF it or find this WIN32:Adware-gen (ADW). Why is AVAST Continuing to find it when
no other program is finding it (I mean I believe Avast is right and it is there but why, is it linked
to YTDownloader?)
PLEASE TELL ME HOW TO GET RID OF THIS thing. I will POST the exact details where it is being found (like Username/apps/temp/ etc) later on.
My laptop is a HP Pavillion A6 I think. ANY HELP FROM A TRUE GENIOUS WOULD BE SO MUCH
APPRICIATED!

[REDACTED]

Yes that is the ICON I was referring to.

[Pondus]

we need the requested logs from the guide...
attach Malwarebytes and Farbar Recovery Scan Tool logs



IOBit info
http://www.malwarebytes.org/forums/index.php?showtopic=29681
http://www.malwarebytes.org/forums/index.php?showtopic=30989
http://www.malwarebytes.org/forums/index.php?showtopic=33217

[REDACTED]

Hi Mr.Online,

Thank you for warning me, I will delete it as soon as I get home 4;30 pm Eastern.
Mr. Online do you think I should uninstall IOUbit via the Control Panel uninstall, or another way?

Hi, Pondus could you please be a little more explainatory for me I am not really a high end tech guy, I mean I know certain things, but I don't know what you mean by logs,
Malawarebytes, Hitman Pro and all the others ( I scanned a lot) never found this WIN32Adware gen, ONLY AVAST keeps finding it and placing it into the chest. So can you please dumb it down for me what exactly you need and how I can get it for you. Thank you guys I really appriciate it.

[Pondus]

I mean I know certain things, but I don't know what you mean by logs,

read instructions in the guide i gave you .....

download Farbar Recovery Scan Tool, run it according to instructions and attach the two logs it produce

any malware (and leftover files from IOBit)   will then be removed by a certified Malware remover   

[REDACTED]

Ok, thanks. PLEASE CHECK BACK on this topic later on (I know you guys are busy) I will post the logs as soon as I get home.

[Pondus]

(I know you guys are busy)

when we are here, we are busy being here   

[REDACTED]

Ok GUYS, HERE ARE THE RESULTS:

I have attached the 2 Notepad Forms.

[REDACTED]

And the other one.

[REDACTED]

I HAVE UNINSTALLED    "IObit Uninstaller" via CCleaner sucessfully, rebooted, I ran a Malwarebytes Scan found nothing.

[REDACTED]

name:                       Origin Location:

sm.exe                      C:\Users\Eldar\AppData|Local\Temp\Inst...


THERE ARE LIKE 13 of these Listed from 45 minutes being logged on.

[REDACTED]

PLEASE LET ME KNOW IF I NEED TO GET RID OF ANY OF THESE PROGRAMS I HAVE RECENTLY INSTALLED:

Avast

MalawareBytes

Advanced System Care 7

Driver Booster

ADWcleaner

Revo Uninstaller

Hitman Pro

JRT

[REDACTED]

MAJOR UPDATE GUYS:

I HAVE LOCATED THE FOLDERS THAT ARE INFECTED! THEY ARE ALL EMPTY! Does this mean they are false positives? There is nothing in them. Should I delete them? They are like "Install 2382" Install 2483 etc

[mikaelrask]

hey advanced system care is also a product of iobit, so i suggest you uninstall that to, have you scanned with hitman pro?

I'm no expert but if i remember correct the malware expert advise users not to run with hitman pro, because it can make a computer unbootable. hope someone can add information on this matter 

other that this wait for a malware expert to help you later today when they come online.

[REDACTED]

Hi,



1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

Task: {0BF71B6A-6508-4CA5-93E3-EEA3C653E111} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {56EE1A55-833E-431D-9D8D-2A3039849D62} - System32\Tasks\4669 => Wscript.exe C:\Users\Eldar\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {A15BF891-9E3B-4D9B-A6D6-8908EBF07A94} - \YTDownloaderUpd No Task File <==== ATTENTION
Task: {C5DABC7C-A5AC-4B33-9A0F-1D89B2CCF158} - \b78a7d68-d9c3-4ffd-983b-fc8848234a16-11 No Task File <==== ATTENTION
Task: {C7948204-849C-406B-B795-A7F469A3E7F9} - System32\Tasks\Installer_sm => C:\Users\Eldar\AppData\Local\Installer\Installsm_27214\DC0_Offer_0.exe [2014-09-22] () <==== ATTENTION
Task: {EC3D784B-9C22-4CBD-BD1F-9C6F99691555} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2492485236-1088816934-3993335966-1001\...\MountPoints2: {e6aa93c4-8cd0-11e2-aad1-082e5f97929e} - I:\TL-Bootstrap.exe
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
C:\Users\Eldar\AppData\Local\Temp\Quarantine.exe
EmptyTemp:
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.