Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

'Hello, New user' browser redirect

In Progress 
1K views 6 replies 2 participants last post by  askey127 
#1 ·
Hello!
We have an infection of this very annoying malware which I suspect was introduced by my 11 year old downloading something, probably on a free game site. It pops up on Chrome and Firefox and triggers random ads etc. I would be grateful for help in getting rid of it
Thanks

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 8089 Mb
Graphics Card: AMD Radeon HD 6900 Series, -2048 Mb
Hard Drives: C: Total - 122101 MB, Free - 14297 MB; D: Total - 1773573 MB, Free - 550942 MB; G: Total - 1907725 MB, Free - 487263 MB; Z: Total - 84150 MB, Free - 34640 MB;
Motherboard: ASUSTeK Computer INC., Maximus IV GENE-Z
Antivirus: avast! Antivirus, Updated and Enabled
 
#2 ·
Hi saucer,
based on your machine I am giving you a lot to do at once.
That way we cam finish swiftly and cleanly.

We will fix Firefox so it will ask where to save every download, and change settings so you can see file extensions.
----------------------------------------------------------
IF You Don't Have Firefox, click on the Windows version here and install it : https://www.mozilla.org/en-US/firefox/new/
During the installation you can likely import settings from Internet Explorer if you wish.
----------------------------------------------------------
Set Firefox as Default and Always Ask Where to Save Downloads
Open Firefox, then hit the Alt key if necessary, so you can see the menu bar at the top.
In the top menu bar, click on Tools, and select Options.
In the new dialog window that pops up:
Click on the General icon in the top bar, and Click the button labeled Make Firefox My Default browser
Click the radiobutton labeled Always ask me where to save files
Click the checkbox labeled Always check to see if Firefox is the Default browser on startup.
Click OK.
-----------------------------------------------------------
Change Settings to View File Extensions and Hidden Files
Go to Start > Control Panel > Folder Options, and click on the View tab.
Under "Files and Folders",
  • Uncheck "Hide Extensions for known File Types"
  • Check "Show Hidden Files Folders and Drives"
Click Apply and OK.

----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!
Right click the TFC icon and choose Run as administrator.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
You can keep TFC on your desktop and run it every week or two to clean out excessive temporary files. It does usually require a restart.

-------------------------------------------------------------
AdwCleaner Download and Run
Download AdwCleaner and save it to your desktop or somewhere you can find it.
Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
NOTE:
If using Internet Explorer and you get an alert that stops the program downloading, click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click the AdwCleaner icon on your desktop.
  • Click on the Scan button, accept any prompts that appear, and allow it to run.
    It may take several minutes to complete.
  • When it is done, the Scan button will be dimmed down, and it will wait for you to make any exceptions to its suggested removals. Don't make any exceptions or uncheck anything
  • Click on the Clean button, accept any prompts that appear, and allow the system to Reboot.
  • You will then be presented with the report. Copy & Paste it into a reply here.
  • If you lose track of the log, it is saved in this folder C:\AdwCleaner\
    The filename will be adwcleaner[xx].txt, where [xx] will be S1, or S2, etc. whichever filename is newest.

-----------------------------------------------------------
Download and Run the Farbar Scan Tool
  • Download FRST64 and save to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST64 will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
If you lose track of them, they will be saved in the same location as FRST64.exe
Feel free to use separate replies if it's more convenient.

So we are looking for the log from AdwCleaner, and the two logs from FRST64.exe

askey127
 
#4 ·
saucer,
You have nine (9) Garmin applications on there.
Most people I know want to get rid of all of them. How about you?
-----------------------------------------------
It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like qTorrent, Bearshare, Bittorrent, BitComet, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
There are NO Safe ones.
Criminals have "planted" thousands upon thousands of infections in the shared torrent files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

qBittorrent 3.3.4
Software Updater

Take extra care in answering questions posed by any Uninstaller.
If Bitlord is still on the D: drive, get rid of it also. It will likely be in \Program Files (x86)\
-----------------------------------------------------------
REBOOT (RESTART) Your Machine

--------------------------------------------------------
Run A Fix With FRST
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

Let me know how it goes.
If you see the popups again, try to see what it says, or who it may be from.
askey127
 

Attachments

#5 ·
Many thanks Askey
I haven't properly checked if the popups are gone, but so far so good. Point taken on torrents. LOL re Garmin...the worst software ever but it is nice to be able to have alog of all those runs around different locations/countries. I will have to find an alternative to the Training Centre. :)
 

Attachments

Status
Not open for further replies.
You have insufficient privileges to reply here.
Top