1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

babylon

Discussion in 'Virus & Other Malware Removal' started by bream53, Sep 28, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Not quite sure what you are trying to tell me, please explain.

    Also tell me what browser this problem is with, IE or Firefox.
     
  2. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    hi mark sorry i didnt explain properly / when i open my browser screen it used to be google [ google chrome] / if i bring up a site eg tech sup/ then try to go to another page [ mystart ]comes up /. no favourites bar /, saying i have won money . only first page is google / still getting underlined words / hope i have explained it , as not sure if these are what these are called [ browser - google] [ pages- tech sup] [ browser - my start] hopeful i am rigth thanks kevin
     
  3. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, that gives me a better understanding of the problem, but you haven't answered my second question:

    Please go Here and follow All the instructions to run a scan with DDS and post both the logs into your next reply.

    Please also run this:

    Please download Malwarebytes Anti-Malware [​IMG] and save it to your desktop.

    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
    • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
    • Malwarebytes will automatically check for updates as soon as it is launched.
    • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.


    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

    • Double click on the Malwarebytes icon on your desktop to launch the program
    • Under the Scanner tab, make sure the Perform Quick Scan option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
    • NOTE: If no detections are found a log will automatically open in Notepad, please copy and paste the log back here and close all windows, in this case you do not need to continue.
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.


    If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


    Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.


    NOTE: Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
     
  4. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    hi mark these are the results , will go and remove /my GRANDKIDS went to MAJORGEEKS site a while ago / got into my comp some how,downloaded a program and it must have had babylon with it .Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.01.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    kevin :: KEVIN-PC [administrator]

    Protection: Enabled

    2/10/2012 2:15:07 AM
    mbam-log-2012-10-02 (02-20-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 221118
    Time elapsed: 4 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKCR\CLSID\{9347A25D-C9C5-41B9-61FF-28BFA84F77EE} (PUP.DownloadnSave) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9347A25D-C9C5-41B9-61FF-28BFA84F77EE} (PUP.DownloadnSave) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9347A25D-C9C5-41B9-61FF-28BFA84F77EE} (PUP.DownloadnSave) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\ProgramData\ADDICT-THING\50583e1e6e34a.dll (PUP.DownloadnSave) -> No action taken.
    C:\Users\kevin\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> No action taken.

    (end)
     
  5. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    hi back again here are the results Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.01.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    kevin :: KEVIN-PC [administrator]

    Protection: Enabled

    2/10/2012 2:31:57 AM
    mbam-log-2012-10-02 (02-31-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220648
    Time elapsed: 5 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    could you tell me what programs to get rid off , unsure of what kids downloaded thanks kevin
     
  6. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You have still not answered my question:

     
  7. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    me again in my profile it should be IDIOT letting grandkids use my comp ,said it was to play games / yer right / thanks kevin
     
  8. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    i did select all / will do again ok
     
  9. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    did it again Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.01.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    kevin :: KEVIN-PC [administrator]

    Protection: Enabled

    2/10/2012 2:47:17 AM
    mbam-log-2012-10-02 (02-47-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 221064
    Time elapsed: 2 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    will run again?????
     
  10. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    i think its IE
     
  11. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    dont think i have downloaded Firefox
     
  12. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    No need to run Malwarebytes again.

    Our posts keep crossing over, please wait for a reply before making additional posts after you have sent one.

    You do have Firefox on your system, but as you are not aware of it then it is clear the problem is in IE.

    Please provide the DDS logs I asked for in Post 18.
     
  13. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    the page that 18 took me to said if i have a 64 not to download / i thought i had a 64
     
  14. bream53

    bream53 Thread Starter

    Joined:
    Dec 14, 2011
    Messages:
    45
    hi mark its 3.33am here so i will have to get some sleep / will check in asap thanks kevin
     
  15. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    That only applies to GMER, all I am asking you to use is DDS Number 2 in the list of instructions. Make sure you copy and paste both logs into your next reply, DDS.txt and Attach.txt.

    No problem, thanks for letting me know.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1070679