Author Topic: Roll Around ADS infection (Read 5112 times)

REDACTED · « **on:** March 10, 2015, 11:11:51 PM »

Bonjour,
Depuis quelques jours et un malencontreux téléchargement d'outil gratuit, je suis confrontée à des publicités intempestives et autres ouvertures de pages de navigation, provenant je pense de Roll Around ADS.
J'utilise Chrome comme navigateur, j'ai Avast (free) et j'ai téléchargé Malwarebytes (free) pour scanner mon PC.
J'ai sélectionner les Rookits et détection des malveillants. J'ai télécharger MBAM-Chameleon.

Rien n'y fait

Quelqu'un peut-il m'aider ?
Merci

jefferson sant · « **Reply #1 on:** March 11, 2015, 10:29:40 PM »

Bonsoir.

Je aviserai la suppression des logiciels malveillants expert
Si il vous plaît les procédures attendent.

essexboy · « **Reply #2 on:** March 11, 2015, 11:14:40 PM »

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

REDACTED · « **Reply #3 on:** March 12, 2015, 10:42:14 AM »

Dear Essexboy,
thanks for your help, I'm not at home until the week-end, so I'll send you the logs probably on Saturday

essexboy · « **Reply #4 on:** March 12, 2015, 03:47:44 PM »

No problem

REDACTED · « **Reply #5 on:** March 17, 2015, 10:06:39 PM »

Dear essexboy,
Please find attached the two logs generated by Farbar recovery Scan tool. But it seems that, currently, the malware Roll Around ADS doesn't open news windows. I'm not sure that i will be ok in the future....
Thanks in adavnce to confirm if I've managed to clean it.
Have a good day (or night

)

essexboy · « **Reply #6 on:** March 17, 2015, 11:07:29 PM »

A few bits left in IE, how is the computer ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
GroupPolicyUsers\S-1-5-21-287877325-2058081817-3300698545-1007\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-287877325-2058081817-3300698545-1002\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-287877325-2058081817-3300698545-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-287877325-2058081817-3300698545-1002 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dsites03_14_34_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtDtDyCzztBzzzzyCtCzztN0D0Tzu0SzyyCtAtN1L2XzutBtFtBtCtFtCzztFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0FtByDtB0F0AtAtGtD0A0DyEtGtAtAzyyCtG0EyB0BtCtGtAtBtCtD0B0B0BtCtCtCyDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0E0AyD0AyC0BtCtGtBzyyByBtGyC0CzzzytG0EyB0B0AtGtAyDyB0B0D0B0AyBtDtA0DtA2Q&cr=298421567&ir=
SearchScopes: HKU\S-1-5-21-287877325-2058081817-3300698545-1002 -> {9FC0A371-8478-4B06-9DE3-AE7749F3DBE2} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYFR&apn_uid=1F1AC8CC-8638-4BE5-B44D-A07FA6551D8D&apn_sauid=FB6058D1-B37C-4F01-B602-CE67B78B5A56
SearchScopes: HKU\S-1-5-21-287877325-2058081817-3300698545-1002 -> {B92A88CC-BE28-44E0-B0C4-414BEFA2EADF} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_tele_14_34_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztBtDtDyCzztBzzzzyCtCzztN0D0Tzu0SzyyCyDtN1L2XzutAtFtDtFtCtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0EtByEyCtAtCtGtC0CyD0AtGtAyDzy0DtGzz0E0BtDtGtCtCzyyCtB0CyD0FyDtA0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0E0AyD0AyC0BtCtGtBzyyByBtGyC0CzzzytG0EyB0B0AtGtAyDyB0B0D0B0AyBtDtA0DtA2Q&cr=1498915612&ir=
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
2015-03-10 23:24 - 2015-03-10 23:24 - 00003144 _____ () C:\windows\System32\Tasks\{C4A7CACE-A006-45FA-86D0-0117D961564C}
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

REDACTED · « **Reply #7 on:** March 18, 2015, 10:48:50 PM »

Dear essexboy,
here is the log that you requested.
I'm not an expert with computer and IT

so if yiou have some advices for optimizing my computer, I'm interesting

Thanks in advance

essexboy · « **Reply #8 on:** March 19, 2015, 04:24:56 PM »

How is the computer behaving now ?

This is the set up I have on my system and so far I have never had an unintentional infection

How to set up a reasonable and light security regime for your system. Apart from cryptoprevent all other elements are install and forget.

DOWNLOAD AND INSTALL ANTIVIRUS

Select Custom install
Remove the ticks from the first page for the following unless you want them :

Dropbox
Chrome
Chrome toolbar

Select Next
Deselect the following from the middle column as you will not need them :

SecureLine
Grimefighter

Select Continue and allow the programme to install

Be aware that the first reboot may take a few minutes as Avast builds the virtual machine

Avast will need to be registered as this helps them determine the server load, as updates are downloaded in small bursts every few minutes each is about 2Kb

How to register

https://www.youtube.com/watch?v=uyVsLF6OwM0

Once registered open Avast
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "

PROTECT AGAINST RANSOMEWARE

CryptoPrevent install this programme to lock down and prevent crypto ransome ware.
Manually update monthly

PROTECT AGAINST UNWANTED BUNDLED SOFTWARE

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish

Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

IF YOU USE USB DRIVES

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

Plug in the drive and McShield will start a scan

BACKUP AND IMAGING

It is always advisable to have a backup of your current windows set up on a seperate USB external drive
I recommend Macrium Reflect for this
I have a small tutorial here on how to use it http://www.geekstogo.com/forum/topic/345434-macrium-reflect-imaging-tool/
The restore from backup usually completes in about 20 minutes (depending on the size of your drive )

REDACTED · « **Reply #9 on:** March 19, 2015, 10:54:53 PM »

Thanks for all of that.
I have already installed avast on my computer (since several years) and I update it ....
I'll chek if your setting up is the same that I made

essexboy · « **Reply #10 on:** March 20, 2015, 02:16:17 PM »

Are you experiencing any problems now ?

Author Topic: Roll Around ADS infection (Read 5112 times)

REDACTED

Roll Around ADS infection

jefferson sant

Re: Roll Around ADS infection

essexboy

Re: Roll Around ADS infection

REDACTED

Re: Roll Around ADS infection

essexboy

Re: Roll Around ADS infection

REDACTED

Re: Roll Around ADS infection

essexboy

Re: Roll Around ADS infection

REDACTED

Re: Roll Around ADS infection

essexboy

Re: Roll Around ADS infection

REDACTED

Re: Roll Around ADS infection

essexboy

Re: Roll Around ADS infection