Luckysearch home page virus

[REDACTED]

In my laptop, I had Ad-aware antivirus (latest) and all of my browsers was infested by that Luckysearch home page. I ran the full scan of Ad-aware but nothing was found.

Can you tell me what to do?

[Pondus]

http://malwaretips.com/blogs/luckysearches-removal/

[REDACTED]

Also, I have another symptoms with having luckysearches virus such as high CPU and RAM usage and slow performance (even if I use Game Booster 3 made by IObit) and another symptom is slow downloading speed.

[REDACTED]

Luckily, the Luckysearches virus was removed because I used Adwcleaner and also it RESET my entire browsers (removing add-ons and Luckysearches). Sadly, my Chrome was unable to change it back right after the removal procedure was complete.

P.S. LOL, my CPU usage is very low after removal procedures and also does my RAM usage.

[REDACTED]

There are my logs:

[Pondus]

you need to attach FRST diagnostic logs

[REDACTED]

you need to attach FRST diagnostic logs

But I had the Luckysearches-related files deleted by AdwCleaner.

[Pondus]

I assume you created this topic because you wanted help ..... diagnostic logs will show leftover files / additional crap that need to be removed

[REDACTED]

I assume you created this topic because you wanted help ..... diagnostic logs will show leftover files / additional crap that need to be removed

Sure, I will notify you if the FRST log is done.

[REDACTED]

Suprisingly, my download speed after having the Luckysearches-related files being removed went up gradually as I got astonished how did that happen.

[magna86]

MatthewGo707, to make the story short, our help is free. Now, you do have a problem, and if you want valid malware check and our help, post these FRST logs.


Please download Farbar Recovery Scan Tool () by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[REDACTED]

Here's the results after I ran FRST:

[magna86]

Hello, first execute this script, then, you will need to reinstall Google Chrome browser. Upon uninstalling, select "Also delete your browsing data" option.

Then, just download and install fresh copy of Google Chrome , enter google account and all your bookmarks and staff will be synced.



1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Code: [Select]

Start
CreateRestorePoint:
REG: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f

CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {B82A5ADA-251F-45CC-8A9A-153D44B21912} - \9bd2e192-e5a9-4c78-bfc7-ac0c8a65c35d-5_user No Task File <==== ATTENTION
Task: {DD23718E-DC40-4D74-9834-959CAC511CBE} - \9bd2e192-e5a9-4c78-bfc7-ac0c8a65c35d-5 No Task File <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1901557742-2927913925-2201515314-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Hosts:
C:\ProgramData\DP45977C.lfl

RemoveProxy:
AlternateDataStreams: C:\Users\Claudine\Local Settings:xoHYyUYY8L2CKJ9GZpv
AlternateDataStreams: C:\Users\Claudine\AppData\Local:xoHYyUYY8L2CKJ9GZpv
AlternateDataStreams: C:\Users\Claudine\AppData\Local\Application Data:xoHYyUYY8L2CKJ9GZpv
AlternateDataStreams: C:\Users\Claudine\AppData\Local\Temp:3zkp7HIdg2GWZcrKNoEaiIUdEq

EmptyTemp:
End



2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

[REDACTED]

Here it is:

[magna86]

Nice. Now let's preform some additional scan to make shure there is no malware afoot.




Please download Zoek tool by Smeenk () from here and save it to your Desktop.
Unpack the archive...

• Close any open browsers and temporarily disable your AntiVirus program. (if it is necessary)
  If you are unsure how to do this please read this or this Instruction.
  
  
• Double click on zoek.exe to run the tool. Please wait while the tool does not start...
  
• Click on More Options and check box only for AutoClean
  
• Click on button.
  Please wait until a logreport will open (this can be after reboot)
  
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"