1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Help with "update.jf3" trojan?

Discussion in 'Virus & Other Malware Removal' started by SquanchyGuy, May 22, 2017.

Advertisement
  1. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    4
    Hi everybody! First of all, I just signed up for this community since it's been very helpful and by a friend's recommendation. Thanks, and I hope to learn and to help as much as I can. But for now, I must ask for your assistance. A few days later, I updated Driver Booster 3. Since all this Ransomware paranoid started, DB3 suggested a "repair". DB always worked just fine so I say "yeah why not" and did it. The problem started there, I'm sure, cause right before that this "update.jf3" showed up, asking permission to run. Obviously, always clicked the NO button. And in Chrome it began to start in motious.com start page, and installed some "search tool" I didn't asked. It removed AdBlock, and if I try to install it again, next time I start Chrome it deletes it again, and undone everything I did to return Chrome to normal. So, I found out that's a trojan, a pretty annoying and harmful one, and I don't know what to do because, honestly, I don't trust any more in those "professional" blogs, they seem to me more like sites to make you download more unwanted software and malware. So there's how I ended here. Please tell me what to do, and if I need some specific software.

    Now my PC SysInfo:
    OS Version: Microsoft Windows 8.1 Pro, 64 bit
    Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz, Intel64 Family 6 Model 58 Stepping 9
    Processor Count: 4
    RAM: 8082 Mb
    Graphics Card: Intel(R) HD Graphics 4000, -1984 Mb
    Hard Drives: C: 465 GB (11 GB Free);
    Motherboard: ADVANTEC SA, B14
    Antivirus: ESET NOD32 Antivirus 9.0.386.1, Enabled and Updated

    Plus, I use ESET NOD32 Antivirus, recently updated to version 9.0.386.1
    English is not my native language, please be patient with me!
     
  2. Sponsor

  3. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    30,446
    Hiya and welcome to Tech Support Guy

    Sorry for the lateness in a reply, these forums can be very busy. Are you still having this problem? If so, can you do the following and we'll go from there:

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

    Thanks

    eddie
     
  4. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    4
    Thank's pal. Yes I keep having trouble. I was already thinking in making a backup and format the whole thing. I upload you both logs so you tell me what you see, and we go from there as you said. Thanks again.
     

    Attached Files:

  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    30,446
    Thanks for the logs.

    Firstly, you mentioned that you're using Driver Booster. Its not recommended to use any boosting, registry or cleanup tools, as these can sometimes cause more harm than good. Plus, we tend to avoid IObit, who is the developer of Driver Booster.

    I can see a few things on there, so lets run some automated tools, see what they remove, and then we'll look at some fresh logs from Farbar (ones you just attached).


    =============

    Download Malwarebytes version 3 from the following link:

    https://www.malwarebytes.com/mwb-download/thankyou/

    Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

    When the install completes and is updated do the following:

    Open Malwarebytes, select > "settings" > "protection tab"

    Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

    Go back to "DashBoard" select the Blue "Scan Now" tab......

    When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)". Name that log and save, copy and paste the log into your reply

    ==================

    Go here, to download and save AdwCleaner.exe to your desktop.

    [​IMG]

    Just click on the Download Now @bleepingcomputer

    Note: It looks like a gray bug with 6 black legs.

    Close all open windows first, then double-click AdwCleaner.exe to load its main window.

    Click the Scan button, then click "OK".

    Allow the scan process to finish.

    If it appears to freeze, be patient for a few minutes.

    When it's finished, click on the LogFile button.

    Return here to your thread, then copy-and-paste the ENTIRE log here

    -------
    Thanks

    eddie
     
  6. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    4
    Eddie, I used both tools. I upload both logs so you can see. As you'll see, it's all in Spanish. I have to apologize for that. Is my native language and it's default on my pc. I noticed it too late. If you want to, I'll do it again but setting it all in English. Do I have to clean up everithing the tools says? It seems to me that some of the threats they find aren't actually really threats. I mean, I play cracked games, and some times cracked files show up as a menace but they aren't. For example, Malwarebytes it's filling me up with pop ups about threats that aren't, like "svhost" or "chrome". Please, tell me, so I know what to do.
    Thanks, here are the logs.
     

    Attached Files:

  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    30,446
    Its okay about the Spanish, as the actual entries I can see are in English, mainly ;)

    The chrome entry its pointing to is an extension, which is explained here:

    https://www.bleepingcomputer.com/virus-removal/remove-search-manager-chrome-extension

    Basically, it contains ads, which can in turn have some malicious ads in there now and then. You don't need to use the above removal procedure that is in the link, as removing the extension etc may be enough.

    If you feel you still need this extension, we can remove things manually, if need be.

    Let me know, and I'll create a fix based on that, and ignore the chrome extension. However, some of the entries that will be removed in MBAM/FRST are maybe linked to the Search Manager extension, so it may end up not working properly.

    You can always re-download and install it again after we've cleaned it all up.

    The crack it found, was actually in the recycle bin, unless I'm missing something.

    eddie
     
  8. SquanchyGuy

    SquanchyGuy Thread Starter

    Joined:
    May 22, 2017
    Messages:
    4
    Eddie, I must thank you a lot. The "update.jf3" showed no more, and Chrome started to work fine again. I still have doubts because I can't totally get rid of this "motious" homepage. But, it seems that everything it's returning to normal. I'm reinstalling AdBlock and I'll tell you if this works because this malware wouldn't let AdBlock work. In fact, I'm being bombarded with adds! Do you recommend some specific antivirus? A firewall? I'm uninstalling Driver Booster for good, that's done.
    Thanks again pal! And I hope I won't need to bother you again! And perhaps I start learning about all this security stuff, that I would love to know.
    See you!
     
  9. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    30,446
    That's good to hear :)

    We can run a fix with FRST, to sort out the motious thing. Also, when its finished, can you post a fresh FRST log (exactly as you did from my original reply at the top of this thread), so we can see whats left. Then, we'll clear any remains by doing a quick scan, and then it should be nearly done ;)

    ---------

    Download attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Thanks

    eddie
     

    Attached Files:

  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1190364