Author Topic: Ajuda com Ninja Loader  (Read 4926 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Ajuda com Ninja Loader
« on: August 20, 2015, 07:58:23 PM »
Em visita a Miami, pesquisando sobre passeios na internet, minha esposa, instalou, sem querer, o Ninja Loader e agora eu não consigo desinstalar o Ninja Loader do meu PC, quando seleciono desinstalar não acontece nada.
Ja passei o Avast e malwarebyte, que identificaram arquivos maliciosos, porém não consigo remover o Ninja Loader.
Alguem pode me ajudar

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Ajuda com Ninja Loader
« Reply #1 on: August 20, 2015, 11:03:24 PM »
Eu não falo português por isso, se há problema pedir Jefferson Santiago para traduzir

I do not speak Portuguese so if there are problem ask Jefferson Santiago to translate

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select  additions at the bottom
  • Press Scan button.

  • It will produce a log called FRST.txt in the same directory the tool is run from. 
  • Please attach both logs generated.

REDACTED

  • Guest
Re: Ajuda com Ninja Loader
« Reply #2 on: August 21, 2015, 01:30:13 PM »
Fiz o processo e gerei os relatórios, mas não consigo anexar os arquivos .txt, como faço isso?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Ajuda com Ninja Loader
« Reply #3 on: August 21, 2015, 02:31:03 PM »
Attach as per the screenshot

REDACTED

  • Guest
Re: Ajuda com Ninja Loader
« Reply #4 on: August 21, 2015, 02:56:08 PM »
OK.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Ajuda com Ninja Loader
« Reply #5 on: August 21, 2015, 03:44:47 PM »
CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Abra o bloco de notas e copiar/colar o texto no quotebox abaixo nele:
 
Quote
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKU\S-1-5-21-3232116556-672119108-2443747463-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKU\S-1-5-21-3232116556-672119108-2443747463-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKU\S-1-5-21-3232116556-672119108-2443747463-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKU\S-1-5-21-3232116556-672119108-2443747463-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
SearchScopes: HKLM -> DefaultScope value is missing
FF HKU\S-1-5-21-3232116556-672119108-2443747463-1000\...\Firefox\Extensions: [ninjaloader@mail.com] - C:\Program Files (x86)\Ninja Loader\FireFox
FF Extension: NinjaLoader - C:\Program Files (x86)\Ninja Loader\FireFox [2015-08-14]
FF HKU\S-1-5-21-3232116556-672119108-2443747463-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [ninjaloader@mail.com] - C:\Program Files (x86)\Ninja Loader\FireFox
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
R2 NetTcpHandler; C:\Users\Jovem\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] ()
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-07-09] (Ninja Soft Inc.)
2015-08-18 09:10 - 2015-08-18 09:40 - 00000000 ____D C:\ProgramData\qIhACqT
2015-08-14 08:57 - 2015-08-14 08:59 - 00000000 ____D C:\Users\Jovem\AppData\Local\Ninja Loader
2015-08-14 08:57 - 2015-08-14 08:58 - 00000000 ____D C:\Program Files (x86)\Ninja Loader
2015-08-14 08:57 - 2015-08-14 08:57 - 00000000 ____D C:\Users\Jovem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-08-21 07:49 - 2015-07-11 17:42 - 00000342 ____H C:\Windows\Tasks\YNFETQHEJITHMKWT.job
2015-08-20 11:48 - 2015-07-11 17:00 - 00000000 ____D C:\Users\Jovem\AppData\Roaming\RunDir
2015-08-18 14:35 - 2015-05-19 17:15 - 00003150 _____ C:\Windows\System32\Tasks\{628F4596-038E-4AA3-950F-E05683E479F3}
2015-08-18 14:35 - 2015-05-08 07:59 - 00002980 _____ C:\Windows\System32\Tasks\{02ED785B-A075-4A26-BBB5-594A8ECC7EA6}
2015-08-18 14:35 - 2015-05-08 07:58 - 00002980 _____ C:\Windows\System32\Tasks\{CB805551-342F-4F27-A4C8-246B09410ADC}
2015-08-18 14:35 - 2015-05-08 07:58 - 00002980 _____ C:\Windows\System32\Tasks\{793FBDA8-1D48-427D-A17D-ECB08A007D9C}
2015-08-18 10:59 - 2015-07-11 17:11 - 00000000 ____D C:\Users\Jovem\AppData\Roaming\4C4C4544-1436645488-5610-8054-C7C04F343432
2015-08-18 10:59 - 2015-07-11 17:01 - 00000000 ____D C:\Users\Jovem\AppData\Roaming\4C4C4544-1436644865-5610-8054-C7C04F343432
2015-08-18 10:50 - 2015-07-11 17:08 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-18 09:27 - 2015-07-11 17:42 - 00000000 ____D C:\ProgramData\Service8119
2015-04-19 09:20 - 2015-07-20 11:07 - 0000626 _____ () C:\Users\Jovem\AppData\Roaming\K5jArlWh4U7dQLUa8HokyxTUm
Task: {2A67190A-F302-48CC-96A0-2878F87C2BF7} - System32\Tasks\{02ED785B-A075-4A26-BBB5-594A8ECC7EA6} => C:\Users\Jovem\Downloads\interpolador Rinex\rinterpo.exe [1999-03-08] ()
Task: {84F7CE8E-D176-4C73-B75D-DF778EDEB91F} - System32\Tasks\YNFETQHEJITHMKWT => C:\ProgramData\Service8119\Service8119.exe <==== ATTENTION
Task: {8567324D-2E32-4247-A067-6A3771E7A442} - System32\Tasks\{CB805551-342F-4F27-A4C8-246B09410ADC} => C:\Users\Jovem\Downloads\interpolador Rinex\rinterpo.exe [1999-03-08] ()
Task: {8BDE9546-E393-4E5A-88DD-65A2B214FC45} - System32\Tasks\{628F4596-038E-4AA3-950F-E05683E479F3} => pcalua.exe -a "C:\Users\Jovem\Downloads\SPSO_3_50_Full (1).exe" -d C:\Users\Jovem\Downloads
Task: {9BA23F5A-2468-4BAD-ADAE-76B81318C481} - System32\Tasks\{793FBDA8-1D48-427D-A17D-ECB08A007D9C} => C:\Users\Jovem\Downloads\interpolador Rinex\rinterpo.exe [1999-03-08] ()
Task: {D2B6F651-331D-4813-AF44-0E5C31E99B63} - System32\Tasks\{CE72282F-634D-428B-A893-5DB99686608A} => pcalua.exe -a C:\ProgramData\BreakingNewsAlert\uninstall.exe -c /kb=y /ic=1
Task: C:\Windows\Tasks\YNFETQHEJITHMKWT.job => C:\ProgramData\Service8119\Service8119.exe <==== ATTENTION
C:\ProgramData\BreakingNewsAlert
C:\Users\Jovem\AppData\Local\Ninja Loader
C:\Users\Jovem\AppData\Roaming\NetService
C:\Program Files (x86)\Ninja Loader
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

REDACTED

  • Guest
Re: Ajuda com Ninja Loader
« Reply #6 on: August 21, 2015, 04:29:40 PM »
OK, it is done!
The Ninja loader gone, but still appears http://www.123rede.com/?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345 When I start my Chrome Browser

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Ajuda com Ninja Loader
« Reply #7 on: August 21, 2015, 05:00:28 PM »
Could you run a fresh FRST scan please as I did remove that... I need to see if it has returned

REDACTED

  • Guest
Re: Ajuda com Ninja Loader
« Reply #8 on: August 21, 2015, 07:27:45 PM »
ok

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Ajuda com Ninja Loader
« Reply #9 on: August 21, 2015, 07:36:00 PM »