1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved MyBettingDeals

Discussion in 'Virus & Other Malware Removal' started by Palustris, Jul 10, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. Palustris

    Palustris Thread Starter

    Joined:
    Apr 25, 2006
    Messages:
    66
    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz, Intel64 Family 6 Model 60 Stepping 3
    Processor Count: 4
    RAM: 8127 Mb
    Graphics Card: AMD Radeon HD 7800 Series, -2048 Mb
    Hard Drives: C: 111 GB (8 GB Free); E: 931 GB (37 GB Free);
    Motherboard: ASUSTeK COMPUTER INC., H81M-PLUS
    Antivirus: Microsoft Security Essentials, Enabled and Updated
    Keep getting a Pop up from MyBettingDeals despite it being Blocked in Firewfox. How do I stop it appearing?
    Now getting a Paypal pop-up too. Odd as we do not have a Paypal account.
     
    Last edited: Jul 10, 2019
  2. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,550
    First Name:
    James
    I've been seeing a few of these where Extensions or even in the Programs and Features where adware has been installed.

    CAn you get a screenshot of the ads?
     
  3. Palustris

    Palustris Thread Starter

    Joined:
    Apr 25, 2006
    Messages:
    66
    Will try. Not seen the advert for a while. Have run Malwarebytes and it found nothing.
     
  4. Palustris

    Palustris Thread Starter

    Joined:
    Apr 25, 2006
    Messages:
    66
    Sorry missed it!
     
  5. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,550
    First Name:
    James
    Check your Extensions for Firefox to see if you find any extensions with that name, or some funky name that you don't recognise.
     
  6. Palustris

    Palustris Thread Starter

    Joined:
    Apr 25, 2006
    Messages:
    66
    No odd names on either Extensions or Plug ins.
    Following advice on here from someone on how to remove Adware. I have downloaded and run the full Malwarebyres. HitmanPro and Zemana. None of them found anything amiss.
    Thanks for trying.
     
  7. Palustris

    Palustris Thread Starter

    Joined:
    Apr 25, 2006
    Messages:
    66
    Came up again, just. Too slow to get a screen shot though.
    Obviously running those clean up programs has not worked.
     
  8. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    33,550
    First Name:
    James
    soon as you see it , press prtscrn ... then open MSPAINT and do a paste of the screen you just did.
     
  9. Palustris

    Palustris Thread Starter

    Joined:
    Apr 25, 2006
    Messages:
    66
    Managed it.
    Bitcoin ad this morning screenshot.jpg
     
  10. Palustris

    Palustris Thread Starter

    Joined:
    Apr 25, 2006
    Messages:
    66
    Have Run lots of different ADware removal programs. Only Malwarebytes Adware Remover reported any threats and removed them. However the pop ups are still appearing.
     
  11. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    558
    Hi Palustris, Welcome to the Tech Support Guy malware removal forum.

    I am iMacg3 and will be helping you with your computer problems.

    Please keep the following information in mind before we begin:
    • Back up any important data before we continue.
      • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
    • Do not run any fixes or tools on your system unless I request that you do so.
      • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
    • Please read all instructions carefully, and complete them in the order listed.
      • Items that are especially important will be highlighted in bold or red.
    • If your computer seems to start working normally, please don't abandon the topic.
      • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
      • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
    • If you have questions at any time during the cleanup, feel free to ask.

    ---------------------------------------------------
    Farbar Recovery Scan Tool (FRST)

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Right-click FRST.exe/FRST64.exe then click "Run as administrator" (XP users: double-click on the file).
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    • Please copy and paste the logs in your next reply.

    ---------------------------------------------------

    In your next reply, please include:
    • FRST.txt
    • Addition.txt
     
  12. Palustris

    Palustris Thread Starter

    Joined:
    Apr 25, 2006
    Messages:
    66
    Done that!
    Hope this is correct way to do it.
     

    Attached Files:

  13. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    558
    Hi Palustris,

    It looks like there was an issue with running FRST. Please delete the FRST.txt and Addition.txt logs from C:\Users\User\Downloads.
    Run FRST and click Scan.
    When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
    Please copy and paste the logs into your reply.
     
  14. Palustris

    Palustris Thread Starter

    Joined:
    Apr 25, 2006
    Messages:
    66
    Sorry about that.
     

    Attached Files:

  15. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    558
    Hi Palustris,

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      CreateRestorePoint:
      EmptyTemp:
      CloseProcesses:
      HKU\S-1-5-21-3400867667-2578357932-3937927643-1000\...\MountPoints2: {c7f799cb-b77b-11e3-9891-806e6f6e6963} - D:\Bin\ASSETUP.exe
      HKU\S-1-5-21-3400867667-2578357932-3937927643-1000\...\MountPoints2: {c929c64b-b77d-11e3-b4a4-806e6f6e6963} - D:\Setup.exe
      HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] -> 
      GroupPolicy: Restriction ? <==== ATTENTION
      Task: {35DDBB39-8DB9-40B9-B2AC-41FD8CF84B33} - System32\Tasks\{C591B86F-6CB2-4449-8ED3-0F2E942FE8C3} => C:\Windows\system32\pcalua.exe -a J:\Solitairemaster\setup.EXE -d J:\Solitairemaster
      Task: {37BDDCF2-22DD-4214-B63B-6D7299769F42} - System32\Tasks\{49778EB6-8C53-4828-80CC-493A8DF4A1C3} => C:\Windows\system32\pcalua.exe -a "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N2LE1K2H\IGP6-Group19-dl.exe" -d C:\Users\User\Desktop
      
      Task: {A32B56E4-438D-432C-AB9D-608BCE2B374A} - System32\Tasks\{0C9AB1E9-423F-4838-87FF-EF6854C2ECE5} => C:\Windows\system32\pcalua.exe -a "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Q6GRDHX\IGP6-Group5-dl.exe" -d C:\Users\User\Desktop
      
      Task: {B552B5E3-4910-4FF2-85CF-B0D9A05B3719} - System32\Tasks\{D3BC4912-A4C1-47D8-966B-0D6084F5570F} => C:\Windows\system32\pcalua.exe -a "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8BUJMRGG\IGP6-Group1-dl.exe" -d C:\Users\User\Desktop
      
      Task: {D8702D29-321E-4457-8689-E7262556F351} - System32\Tasks\{1EE07962-E1A4-4F59-AF76-B84D4DE658E0} => C:\Windows\system32\pcalua.exe -a C:\Users\User\Documents\Solitairemaster\setup.EXE -d C:\Users\User\Documents\Solitairemaster
      
      Task: {FC8AC68D-9CBE-451E-91F0-EE5D8BEB69BA} - System32\Tasks\{C437C5BF-1DBF-4D58-A0C9-F24E29CAFA79} => C:\Windows\system32\pcalua.exe -a "C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N2LE1K2H\IGP6-Group2-dl.exe" -d C:\Users\User\Desktop
      
      FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
      FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
      S3 cpuz135; \??\C:\Users\User\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X] <==== ATTENTION
      FirewallRules: [{87079D81-27BD-4E64-9571-77480E0A54D9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe No File
      FirewallRules: [{8096EAE0-EB4A-4B4F-803E-B73D12117CE0}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe No File
      FirewallRules: [{FA7F738B-A686-4761-BE4F-AB9DE86C15E8}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe No File
      FirewallRules: [{A2A0CE5D-EB5E-45C5-8B20-A9D1A140D335}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe No File
      FirewallRules: [{06EACA0A-0F77-4021-A736-883B440BF23C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
      FirewallRules: [{1DEE1F8E-F1A2-4E31-86B6-5C5878F62596}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
      FirewallRules: [{80BB1AB0-B138-4847-A54F-1EDAC4012052}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe No File
      FirewallRules: [{9EB18C66-21CF-4943-8876-E2631E42B4FB}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe No File
      FirewallRules: [{0C469E4C-614F-4727-984B-B526ABE16064}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
      FirewallRules: [{0E358804-5311-4D2C-8B6A-61E472849B4C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe No File
      VirusTotal: D:\setup.EXE;D:\autorun.EXE;C:\Windows\SysWOW64\temp.0EF
      CMD: Bitsadmin /Reset /Allusers
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------
    • Open Firefox.
    • Click the Menu icon (upper right corner of the Firefox window) then click Options.
    • Click Privacy and Security > scroll down to Permissions.
    • Next to "Notifications", click Settings.
    • Select any unfamiliar websites and click Remove Website
    • Restart Firefox.

    ---------------------------------------------------

    In your next reply, please include:
    • Fixlog.txt
    • Let me know how the computer is doing.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1229792

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice