1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Wajam? malware Removal Help

Discussion in 'Virus & Other Malware Removal' started by carstorm, Mar 6, 2018.

Thread Status:
Not open for further replies.
Advertisement
  1. carstorm

    carstorm Thread Starter

    Joined:
    Apr 30, 2015
    Messages:
    13
    I have tried running Adwcleaner (multiple times), Malwarebytes anti-malware, and JRT but none have successfully removed the malware. The malware redirects all Google searches to Yahoo. All the logs are attached below.

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz, Intel64 Family 6 Model 60 Stepping 3
    Processor Count: 8
    RAM: 16272 Mb
    Graphics Card: NVIDIA GeForce GTX 770M, -1024 Mb
    Hard Drives: C: 930 GB (614 GB Free); D: 931 GB (505 GB Free);
    Motherboard: , MS-1763
    Antivirus: Avast Antivirus, Enabled and Updated

    Edit: It is definitely a extension because I don't have the issue in incognito mode however the extension is not showing up in the installed extensions list.
     

    Attached Files:

    Last edited: Mar 6, 2018
  2. carstorm

    carstorm Thread Starter

    Joined:
    Apr 30, 2015
    Messages:
    13
    Still waiting for help on this issue.
     
  3. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,673
    Hi carstorm,
    You may have some redirect malware on there.
    Wajam itself is just a drawing/graphics program, and not usually a problem.
    Maybe Wajam was downloaded from a questionable site?
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  4. carstorm

    carstorm Thread Starter

    Joined:
    Apr 30, 2015
    Messages:
    13
    I assumed it had something to do with Wajam because the title of the tab would be ~"yahoo - Wajam - {search}". I am not having the issue now and am on a different network which makes me wonder if it is actually a virus on the router itself somehow or if Windows default security had an update and took care of it. Regardless attached are the two files you request.
     

    Attached Files:

  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,673
    Carstorm,
    It is quite likely the adware came from one of the free downloaded programs, or from a contaminated torrent..
    ------------------------------------------------
    Remove Installed Programs
    Use Start > Settings > System > Apps and Features >
    Highlight each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    qBittorrent 4.0.4
    Smart Defrag 5

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     

    Attached Files:

  6. carstorm

    carstorm Thread Starter

    Joined:
    Apr 30, 2015
    Messages:
    13
    Deleted two programs as requested. Understand why you wanted qBittorent removed, I personally use it to download Linux Distros. What is the issue with Smart Defrag? I have used it for years and find its much better than Windows built in defragger.

    As an aside I should be able to test the fix properly worked on my home network tonight.
     

    Attached Files:

  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,673
    I would suggest avoiding Iobit programs.
    Iobit's programs spawn hundreds of Registry entries and scheduled tasks, which don't go away when the programs are Uninstalled.
    Some of your leftovers came from "Advanced System Care".
    Your machine will still carry a lot of them, hopefully harmless now.
    See an older story about Iobit's ethics:
    https://forums.malwarebytes.com/topic/29681-iobit-steals-malwarebytes-intellectual-property/

    FRST was not able to remove the following extensions.
    The exact "serial # " of these indicates they are bogus and/or malware, in spite of the legit sounding names.
    You need to remove them from the Chrome extensions.
    If you reload, be SURE to get them directly from the original author only.
    CHR Extension: (Honey)
    CHR Extension: (Pushbullet)
    CHR Extension: (uBlock Origin)
    CHR Extension: (EditThisCookie)
    CHR Extension: (Attachment Icons for Gmailâ„¢)
    CHR Extension: (Google Hangouts)
    CHR Extension: (RSS Subscription Extension (by Google))

    See here: http://stopreclame.com/#!/malware?lang=en
     
    Last edited: Mar 14, 2018
  8. carstorm

    carstorm Thread Starter

    Joined:
    Apr 30, 2015
    Messages:
    13
    I know this is slightly off topic but do you have a a recommended free defragger (in my experience windows built in defragger is terrible). I have seen that story already, but kept with Iobit due to their quality in my experience.
    Back on topic, are you sure at least some of those extensions aren't false positives, Google Hangouts for example is the official extension by Google.
     
  9. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,673
    That extension is actually called Quick Searcher, of course calling itself Google Hangouts so you won't get suspicious. The whole area of extensions is an ethics minefield.
    People tend to choose extensions by name, so malware gives them the names they want.

    In Win10, I wouldn't do any defrag at all. The Windows version is too slow to run all at once.
    It's really designed to defrag gradually during slow times on the machine.
    At worst, you can run it overnight once every 3-4 months or so
    The best Defrag ever was MyDefrag, but it wasn't designed for (Win8-10). You could choose sorting/speed tradeoffs in addition to pure defrags.
    Defraggler, now owned by Avast, has had occasional quirks, (just like CCleaner).
    I can promise you will see adware/ hijacks or worse if you try to find FREE programs to do that.
     
    Last edited: Mar 14, 2018
  10. carstorm

    carstorm Thread Starter

    Joined:
    Apr 30, 2015
    Messages:
    13
    That's the one I have installed, it says by google? Am I missing something? Should I uninstall then reinstall, maybe the extension(s) themselves were compromised locally?

    upload_2018-3-14_19-53-46.png
     
  11. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,673
    That's odd. I guess it's possible it's a false positive .
    If you uninstall, check for misdirects so you have a baseline experience before you re-install.
    You don't have to be in a hurry about that one.
    How is the machine behaving?
     
  12. carstorm

    carstorm Thread Starter

    Joined:
    Apr 30, 2015
    Messages:
    13
    Sorry for the delayed response, I wasn't home for a few days so had a lot of catching up to do when I got home. I can confirm that the redirects don't happen on my home network. At this point, all the issues seem resolved. Don't know if this would effect anything, but in case you for whatever reason didn't realize the browser is a chromium derivative called Vivaldi so that could potentially be why some things are reporting false positives since its chrome extensions not in chrome?
     
  13. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,673
    Thanks for the info.
    Hope all is well for you going forward.
    Good luck.
     
  14. carstorm

    carstorm Thread Starter

    Joined:
    Apr 30, 2015
    Messages:
    13
    Thank you for all the help.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1206203

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice