« previous next »
Pages: [1]   Go Down

Author Topic: blackfight.info infection  (Read 2206 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
blackfight.info infection
« on: February 26, 2015, 01:25:51 AM »
Hello,

My computer recently has become infected with some type of Malware.  Anytime I restart my computer, and at various times during the day, I get a warning message from Avast.  Here is one example attached:

I have already done a full Antivirus scan with Avast, Malwarebytes, AdwCleaner, and HitmanPro.  Although, running these sweeps has caught a few other trojans/mal-ware/infected files, it has not removed this infection from blackfight.info.  Could someone please provide some assistance?  I can provide logs from the various scans.  Please just let me know exactly what to include.  Thanks! 

Jim B.
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: blackfight.info infection
« Reply #1 on: February 26, 2015, 01:57:54 AM »
Logged

REDACTED

  • Guest
Re: blackfight.info infection
« Reply #2 on: February 26, 2015, 03:02:40 AM »
I have attached the requested log files.  Thank you for your reply.

Jim B.
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: blackfight.info infection
« Reply #3 on: February 26, 2015, 04:25:39 PM »
Hi there,  the first thing you must do is uninstall Chrome, you can re-install once we have finished

Once Chrome is uninstalled :

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-20]
CHR Extension: (Google Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-20]
CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-20]
CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-20]
CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-20]
CHR Extension: (Google Sheets) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-20]
CHR Extension: (Avast Online Security) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-20]
CHR Extension: (Google Wallet) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-20]
CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-20]
2015-02-10 05:56 - 2015-02-10 05:56 - 00003112 _____ () C:\Windows\System32\Tasks\{5C6B7F27-E79A-4D36-87AA-B9C3E900E72D}
2015-01-27 03:49 - 2015-01-27 03:49 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieUserList
2015-01-27 03:49 - 2015-01-27 03:49 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieSiteList
2015-01-27 03:49 - 2015-01-27 03:49 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieBrowserModeList
Task: {45D5AD21-5A05-4AE5-B465-5E821D3297C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-20] (Google Inc.)
Task: {CF510D08-D733-4BEC-BFD2-BEAE1ADBAEF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-20] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\Jim\AppData\Local\Google\Chrome
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that
Logged

REDACTED

  • Guest
Re: blackfight.info infection
« Reply #4 on: February 27, 2015, 02:12:51 AM »
Thanks for the help!  I'll let you know if I have any problems.  ;)

Jim B.
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: blackfight.info infection
« Reply #5 on: February 27, 2015, 02:00:15 PM »
You may now re-install chrome
Logged
Pages: [1]   Go Up
« previous next »