Solved Infected by coolnewtabtheme + slow browsing

DonChoudhry

Thread Starter
Joined
Nov 30, 2003
Messages
115
Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Pro, 64 bit, Build 18363, Installed 20201113095051.000000+300
Processor: Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz, Intel64 Family 6 Model 158 Stepping 12, CPU Count: 8
Total Physical RAM: 16 GB
Graphics Card: NVIDIA GeForce RTX 2080 SUPER
Hard Drives: C: 237 GB (19 GB Free); D: 465 GB (23 GB Free); E: 1863 GB (30 GB Free); F: 3725 GB (15 GB Free); G: 3725 GB (69 GB Free); H: 3726 GB (402 GB Free); J: 3725 GB (37 GB Free);
Motherboard: Micro-Star International Co., Ltd. MPG Z390 GAMING EDGE AC (MS-7B17), ver 2.0, s/n J916405437
System: American Megatrends Inc., ver ALASKA - 1072009, s/n Default string
Antivirus: Windows Defender, Enabled and Updated
---------------------------------------

Please help me get rid of coolnewtabtheme and slow browsing that started right about when I discovered my PC is breached by coolnewtabtheme.

I ran Malewarebytes (Free Version) it qurantined a few threats but after starting my PC it detected some threats again. Guess Malwarebyte is unable to remove threats perminently. Logs attached

Also ran Windows 10 default antivirus, Defender, but it did not find any threats (Ran after Malwherebytes' scan)
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Hello DonChoudhry and welcome to TSG....

Continue with the following:

Open Malwarebytes, select > "settings" > "security tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:

  • Single click on the target sight above scanner window.
  • In the new window select Report
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:

    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Please use "Export to Txt" then attach the log to your reply...

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror

  • Right-click on AdwCleaner.exe and select
    Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"


  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Let me see those logs in your reply...

Thank you,

Kevin....
 

DonChoudhry

Thread Starter
Joined
Nov 30, 2003
Messages
115
# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-15-2020
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 4
# Failed: 0


***** [ Services ] *****

Deleted Updater

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted Asana - khnpeclbnipcdacdkhejifenadikeghk

***** [ Chromium URLs ] *****

Deleted http://mysearch.avg.com/?cid={D8D59065-6BC7-4940-84B8-BA6065EA8EB1}&mid=873fc6e4b90145b4a058575539102a0e-7a832269ac681d3bce892ce2f074e4a9ad5a8c40&lang=en&ds=gm011&pr=sa&d=2013-02-26 16:01:06&v=14.2.0.1&pid=safeguard&sg=1&sap=hp
Deleted http://mysearch.avg.com/?cid={D8D59065-6BC7-4940-84B8-BA6065EA8EB1}&mid=873fc6e4b90145b4a058575539102a0e-7a832269ac681d3bce892ce2f074e4a9ad5a8c40&lang=en&ds=gm011&pr=sa&d=2013-02-26 16:01:06&v=14.2.0.1&pid=safeguard&sg=1&sap=hp

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1939 octets] - [15/08/2020 07:39:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
I also need to see the primary log from FRST, "frst.txt" Logs are save to the following folder:

C:\FRST\Logs
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Continue as follows:

Please download Zemana AntiMalware and save it to your Desktop.

  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.

Open Zemana again then do the following to get the latest report

Open Reports > select the report in question to highlight > select "Ctrl - A" keys together to highlight full report message > then "Ctrl - C" keys to copy to clipboard > then open notepad and select paste to copy the report there, then attach to reply....

Next,

Download Kaspersky Virus Removal Tool (KVRT) from here: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-tool and save to your Desktop.

Select the Windows Key and R Key together, the "Run" box should open.



Drag and Drop KVRT.exe into the Run Box.



C:\Users\{your user name}\DESKTOP\KVRT.exe will now show in the run box.



add -dontcryptsupportinfo Note the space between KVRT.exe and -dontcryptsupportinfo

C:\Users\{your user name}\DESKTOP\KVRT.exe -dontcryptsupportinfo
should now show in the Run box.



That addendum to the run command is very important, when the scan does eventually complete the resultant report is normally encrypted, with the extra command it is saved as a readable file.

Reports are saved here C:\KVRT_data\Reports and look similar to this report_20200727_103821.klr Right click direct onto that report, select > open with > Notepad. Save that file and attach to your reply.


To start the scan select OK in the "Run" box.



The Windows Protected your PC window will open, select "More Info"



A new Window will open, select "Run anyway"



A EULA window will open, tick both confirmation boxes then select "Accept"



In the new window select "Change Parameters"



In the new window ensure all selection boxes are ticked, then select "OK" The scan should now start...



When complete if entries are found there will be options, if "Cure" is offered leave as is. For any other options change to "Delete" then select "Continue"



When complete, or if nothing was found select "Close"



Attach the report information as previously instructed....

Post those logs, let me know if any remaining issues or concerns...
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,440
Hiya DonChoudhry,

Thanks for the logs and information update, if no remaining issues we can clean up...

Fass Post Preview
Delete KVRT.exe from your Desktop, or the folder it was saved to, also delete this folder if still present: C:\KVRT_Data if still present....

Right click on FRST here: C:\Users\DonChoudhry\Downloads\Programs\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...
user posted image
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top