1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Ads in Chrome

Discussion in 'Virus & Other Malware Removal' started by Jai.W, Apr 23, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. Jai.W

    Jai.W Thread Starter

    Joined:
    Dec 2, 2017
    Messages:
    7
    I recently installed some strange software and obtained a virus on my computer. I ran my antivirus and it removed some malware that it had detected. However, after cleaning everything up, I noticed some ads on my google and youtube that don't appear on other devices when I search the same thing. I've tried running my anti-virus scan again and resetting my chrome but the ads still appear.

    Spec List:
    OS Version: Microsoft Windows 10 Pro, 64 bit
    Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, Intel64 Family 6 Model 58 Stepping 9
    Processor Count: 8
    RAM: 16344 Mb
    Graphics Card: NVIDIA GeForce GTX 1060 6GB, -1 Mb
    Hard Drives: C: 916 GB (357 GB Free); D: 1852 GB (831 GB Free);
    Motherboard: Dell Inc., 0NW73C
    Antivirus: Norton Security, Enabled and Updated
     

    Attached Files:

  2. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    507
    Welcome to the Tech Support Guy malware removal forum.
    I'm iMacg3 and will be helping you.

    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.
    • Please read all instructions carefully, and complete them in the order listed.
    • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • If you have questions about anything during the cleanup, please ask.


    --------------------


    Download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
    • If you receive a SmartScreen alert, click More Info, then Run Anyway.
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Attach it to your reply.
    • The tool will also produce another log (Addition.txt ). Please attach this, along with FRST.txt, to your reply.

    Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
     
  3. Jai.W

    Jai.W Thread Starter

    Joined:
    Dec 2, 2017
    Messages:
    7
    I ran the scan
     

    Attached Files:

  4. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    507
    Going over your logs I noticed that you have utorrent installed.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
    • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
    It is pretty much certain that if you continue to use P2P programs, you will get infected again.
    I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Settings icon > Apps.
    If you wish to keep it, please do not use it until your computer is cleaned.

    --------------------------

    Do you use this Chrome extension?

    Tabbe

    Did you intentionally install Bitcoin Core ?

    --------------------------

    Reenable Items With MSConfig
    • Press the Windows Key + R.
    • Type msconfig.exe into the text box and click OK.
    • Check Normal startup and click OK.
    • You will be prompted to restart your computer. Click Restart.

    --------------------------

    Uninstall a Chrome Extension

    Open Google Chrome. Type chrome://extensions in the address bar and press Enter.
    Click the trash can icon next to the following extension(s):

    Bazz Search
    Adaware Secure


    A confirmation dialog will appear. Click Remove.

    --------------------------

    Highlight the contents of the below code box and press Ctrl + C:
    Code:
    Start::
    
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    CHR NewTab: Default ->  Not-active:"chrome-extension://nladljmabboanhihfkjacnnkgjhnokhj/new-tab.html"
    CHR DefaultSearchURL: Default -> hxxps://feed.bazzsearch.com/?fext=true&publisherid=51206&publisher=defaultbazz&st=ed&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> hma
    CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
    S2 ZDRiYTgwNDdhZWI1Y2; C:\Program Files\ZDRiYTgwNDdhZWI1Y2\NTkzNWY4NW.exe [1019592 2019-04-22] (technologiejarbon.com -> )
    R1 ZmRmYThmMzA2ZDY1MWRk; C:\WINDOWS\system32\drivers\ZmRmYThmMzA2ZDY1MWRk [78208 2019-04-22] (technologiejarbon.com -> )
    2019-04-22 19:18 - 2019-04-22 19:18 - 000000012 _____ C:\WINDOWS\b85964768
    2019-04-22 19:17 - 2019-04-23 16:34 - 000000000 ___HD C:\Program Files (x86)\Pipe
    2019-04-22 19:17 - 2019-04-23 16:34 - 000000000 ____D C:\Program Files (x86)\thiessen
    2019-04-22 19:17 - 2019-04-23 16:34 - 000000000 ____D C:\Program Files (x86)\kirkman
    2019-04-22 19:17 - 2019-04-22 21:36 - 000000000 ___HD C:\Program Files (x86)\kph
    2019-04-22 19:17 - 2019-04-22 19:18 - 000000000 ____D C:\Program Files (x86)\Bellwethers
    2019-04-22 19:16 - 2019-04-22 19:16 - 000000000 ____D C:\Users\jaiwa\AppData\Roaming\Mozilla
    2019-04-22 19:14 - 2019-04-22 20:20 - 000722944 _____ C:\Users\jaiwa\AppData\Local\sha.db
    2019-04-22 19:14 - 2019-04-22 19:14 - 007906816 _____ C:\Users\jaiwa\AppData\Local\agent.dat
    2019-04-22 19:14 - 2019-04-22 19:14 - 002037630 _____ C:\Users\jaiwa\AppData\Local\ZumNix.tst
    2019-04-22 19:14 - 2019-04-22 19:14 - 000140800 _____ C:\Users\jaiwa\AppData\Local\installer.dat
    2019-04-22 19:14 - 2019-04-22 19:14 - 000126464 _____ C:\Users\jaiwa\AppData\Local\noah.dat
    2019-04-22 19:14 - 2019-04-22 19:14 - 000070992 _____ C:\Users\jaiwa\AppData\Local\Config.xml
    2019-04-22 19:14 - 2019-04-22 19:14 - 000005568 _____ C:\Users\jaiwa\AppData\Local\md.xml
    2019-04-22 19:14 - 2019-04-22 19:14 - 000000000 ____D C:\Users\jaiwa\AppData\Local\AdvinstAnalytics
    2019-04-22 19:13 - 2019-04-22 22:46 - 000000000 ____D C:\Program Files\ZDRiYTgwNDdhZWI1Y2
    2019-04-22 19:13 - 2019-04-22 19:13 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
    2019-04-22 09:23 - 2019-04-22 09:23 - 000098205 _____ C:\WINDOWS\uninstaller.dat
    2019-04-22 09:23 - 2019-04-22 09:23 - 000078208 _____ C:\WINDOWS\system32\Drivers\ZmRmYThmMzA2ZDY1MWRk
    2019-04-22 21:06 - 2019-03-05 20:00 - 000000000 ____D C:\Users\jaiwa\AppData\Roaming\Lavasoft
    2019-04-22 21:06 - 2019-03-05 20:00 - 000000000 ____D C:\Users\jaiwa\AppData\Local\Lavasoft
    2019-04-22 21:06 - 2019-03-05 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2019-04-22 21:06 - 2019-03-05 20:00 - 000000000 ____D C:\ProgramData\Lavasoft
    2019-04-22 21:06 - 2019-03-05 20:00 - 000000000 ____D C:\Program Files (x86)\Lavasoft
    2019-04-22 19:02 - 2019-04-22 19:02 - 000000009 _____ () C:\Users\jaiwa\AppData\Local\Temp\1555956171700.exe
    
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    AlternateDataStreams: C:\Users\jaiwa\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
    AlternateDataStreams: C:\Users\jaiwa\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
    AlternateDataStreams: C:\Users\Public\AppData:CSM [482]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [480]
    FirewallRules: [{C4736328-8B24-455F-90BB-4AF7571215AF}] => (Allow) ????????????????????????? No File
    FirewallRules: [{A9C3C41C-6C94-4000-BFFD-E68FA25C7833}] => (Allow) ???????????????????????? No File
    
    Hosts:
    C:\Program Files\ZDRiYTgwNDdhZWI1Y2
    
    End::
    Right-click on FRST/FRST64 and select Run as Administrator.
    Click on Fix.
    Note - there is no need to paste the contents of the code box anywhere.
    If your computer restarts, allow it to do so.
    When the fix is complete the tool will create a log (Fixlog.txt) in the same directory it was run from.
    Copy and paste the contents of Fixlog.txt into your next reply.
     
  5. Jai.W

    Jai.W Thread Starter

    Joined:
    Dec 2, 2017
    Messages:
    7
    I ran the fix
     

    Attached Files:

  6. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    507
    Hi,

    • Right-click FRST/FRST64 and select Run as Administrator.
    • Ensure Addition.txt is checked and click Scan.
    • Once the scan is complete, click OK to the "Scan Complete" message box and OK to the Addition.txt box.
    • Two reports will be open in Notepad.
    • Copy and paste their contents into your next reply. If the reports are too long to copy/paste please attach them.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1226172

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice