Win32:Mobogenie-O[Adw]

[essexboy]

Looks like most are gone now, once we have completed I will remove all the tools downloaded

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2663191845-3344070212-2114054786-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2663191845-3344070212-2114054786-1002 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKU\S-1-5-21-2663191845-3344070212-2114054786-1002 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
2014-11-23 21:20 - 2014-11-23 21:20 - 00003192 _____ () C:\Windows\System32\Tasks\{A358CB3C-3256-422B-B3DE-E28DC63DC2FE}
Task: {B5F2169B-5DB0-4CBD-A305-055F67927B80} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {F9439B13-BA50-4578-AA30-A2EDAD5EDB40} - System32\Tasks\4469 => Wscript.exe C:\Users\Jim\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
C:\Users\Jim\AppData\Roaming\Movdap
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.
  

[REDACTED]

# AdwCleaner v4.102 - Report created 30/11/2014 at 12:18:57
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 8  (64 bits)
# Username : Jim - EXECUTIVEPCH
# Running from : C:\Users\Jim\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148


*************************

AdwCleaner[R0].txt - [14112 octets] - [29/11/2014 15:13:31]
AdwCleaner[R1].txt - [802 octets] - [30/11/2014 12:11:14]
AdwCleaner[S0].txt - [12394 octets] - [29/11/2014 15:25:23]
AdwCleaner[S1].txt - [724 octets] - [30/11/2014 12:18:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [783 octets] ##########

[Michael (alan1998)]

Post fixlog too please.

[REDACTED]

OK

[essexboy]

How is the computer behaving at the moment, any problems at all ?

[REDACTED]

Seems normal, I suppose, but it wasn't really acting up to start with; I just discovered the virus when it interrupted the boot scan.  Not real familiar with this machine...got it for lady taking care of my mother last summer and just borrowed it because my pc is down and won't start windows (get to that in another post).

It's an HP2000 and I recall it isn't all that fast and the ATT internet service at the house was incredibly slow, plus she has it loaded down with all kinds of stuff (I'm sure she never bothered to uncheck the add-ons that came with any downloads), which I have been trying to hone down, point being I don't have a good benchmark for how fast it should be working.

Suppose I should try another boot scan and see what happens?

[Pondus]

  I just discovered the virus when it interrupted the boot scan. 

It was not a virus

[REDACTED]

I wouldn't know the difference...seems like virus, adware, etc. are often interchangeable when referenced by companies with virus and/or adware products, so they are all just "bugs" to me. Regardless of which it is, any reason not to try another boot scan?

[Pondus]

Virus or malware may be used as a common name for bugs. All virus are malware, but all malware is not virus   

PUP     https://www.virusbtn.com/resources/glossary/potentially_unwanted.xml
Adware  https://www.virusbtn.com/resources/glossary/adware.xml
Virus   https://www.virusbtn.com/resources/glossary/virus.xml


In case you want to study .....
https://www.virusbtn.com/resources/glossary/index

[Pondus]

  any reason not to try another boot scan?   

It is your computer.....

Just be aware that boot scan is not meant to be used as a regular scanner

 
 Important:
Please be advised, that the Boot-time scan is an advanced and purposeful feature designed to be used only when there’s something bad going on the system, and usually takes some time before it finishes. That's why it cannot be scheduled to run every time the computer starts, but as needed only.
 

http://www.avast.com/en-eu/faq.php?article=AVKB132#artTitle

[REDACTED]

That's the only place it showed up!     Besides the length of time, what is detrimental about it?

[essexboy]

There is a higher probability of a false positive in the boot scan so you will need to ultra careful as to what you place in the chest

All the stuff found was adware and should now be clear.  It usually shows up as slow or redirected browsing and ad popups

[REDACTED]

There is no way for me to be careful about what I put in the chest, since I generally have no idea what any of the things that it hits on even are. If I have to worry about false positives, or anything else that requires ME to decide if I should fix, repair, delete or ignore, then there is no point in me ever using boot scan.

Other than seeing it in boot scan, I had no indication it was on the machine, so looking again is the only way I know to see if it's gone...and you're telling me the machine may lie and say it's still there when it's not?  I give!   

Regardless, thanks everyone for the help!

[essexboy]

There is no way for me to be careful about what I put in the chest, since I generally have no idea what any of the things that it hits on even are. If I have to worry about false positives, or anything else that requires ME to decide if I should fix, repair, delete or ignore, then there is no point in me ever using boot scan.

Other than seeing it in boot scan, I had no indication it was on the machine, so looking again is the only way I know to see if it's gone...and you're telling me the machine may lie and say it's still there when it's not?  I give!   

Regardless, thanks everyone for the help!

No what I am saying is that if you use patched system files i.e. themes and the like it may mark them as infected.  If it is not there then it cannot report it

 

[REDACTED]

Well, I've got 111 of them on the new boot scan. I took pics of the first few, but after it passed 10 I hit ignore all, and they just scrolled down the screen. Many were related to the same basic bug, but a bunch of new ones, like relative to that recipe bar thing, showed up, too - 111 of them total - sooooooooo, what now?  Oh...and my computer rebooted itself before I could send this.