Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter · #1 ·
For past few days i am facing this problem. Automatically new sites open my browser when i am connected to internet.

This links opens: http://adplusplus.fr/adengine/getad.php?uid=66EM8Fyg4b&soft=EVP 1.3

and then take me to either of the following websites:

1)http://www.the-top-sport.com/cricket.php
2)http://www.biggest-sites.com/facebook.php
3)http://www.the-top-sport.net/field-hockey.php

I was using IE11 since i have installed Windows 8.1. I was so annoyed by the ads so i installed adblock(adplusplus) for it. I guess that adblock was malacious. I have already removed that adblocker but i still gets these automatic popup.

Now i have choosen chrome as my default browser so these popup sites open in chrome. I am also using popup blocker but they are still opening on their own.

Please help me to fix this problem. Reply only if you know an answer that can totally fix my problem. Don't act oversmart an waste my time in giving me stupid answer.

Thanks in advance
 

·
Registered
Joined
·
14,153 Posts
You have an Adware infection, Adblockplus is not a malicious program, but when your system is infected with Adware it does little to stop all the pop ups and redirects.

We will start with this scan below which should remove the vast majority (if not all) the Adware.

Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

NOTE: If for any reason the report does not appear, open Windows Explorer and click on the C: drive in the left pane, in the right pane you should find a new folder called Adwcleaner, double click on it and you will see the saved logs. Find the log that has a number in brackets starting with an S NOT R, similar to this: Adwcleaner[S1], double click on the one with the highest number and the log will open, Copy & Paste it into your reply.

 

·
Registered
Joined
·
14,153 Posts
You're welcome.

Please post the log as requested so we can see what it removed. Then run the program again in just the same way as you did before and post the new log. On occasion there are some items that return after the first deletion and may need further action to remove them.
 

·
Registered
Joined
·
4 Posts
Discussion Starter · #5 ·
OLD LOGS:

# AdwCleaner v3.212 - Report created 07/06/2014 at 23:46:10
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Hacker - ACER
# Running from : C:\Users\Hacker\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\Hacker\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Hacker\AppData\Local\PackageAware
Folder Deleted : C:\Users\Public\Documents\Goobzo
Folder Deleted : C:\Users\Public\Documents\ShopperPro
File Deleted : C:\Users\Hacker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Hacker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\Goobzo

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Hacker\AppData\Roaming\Mozilla\Firefox\Profiles\77e1wb47.default\prefs.js ]

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Hacker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : hxxp://websearch.helpmefindyour.info/?pid=377&r=2013/03/24&hid=700225954&lg=EN&cc=IN

*************************

AdwCleaner[R0].txt - [2798 octets] - [07/06/2014 23:40:39]
AdwCleaner[S0].txt - [2715 octets] - [07/06/2014 23:46:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2775 octets] ##########

NEW LOGS:

# AdwCleaner v3.212 - Report created 08/06/2014 at 19:27:43
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Hacker - ACER
# Running from : C:\Users\Hacker\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Hacker\AppData\Roaming\Mozilla\Firefox\Profiles\77e1wb47.default\prefs.js ]

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Hacker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : hxxp://websearch.helpmefindyour.info/?pid=377&r=2013/03/24&hid=700225954&lg=EN&cc=IN

*************************

AdwCleaner[R0].txt - [2798 octets] - [07/06/2014 23:40:39]
AdwCleaner[R1].txt - [1109 octets] - [08/06/2014 19:26:33]
AdwCleaner[S0].txt - [2867 octets] - [07/06/2014 23:46:10]
AdwCleaner[S1].txt - [1033 octets] - [08/06/2014 19:27:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1093 octets] ##########
 

·
Registered
Joined
·
14,153 Posts
We have one item that has returned.

Open Google and click on the three bars and select Settings.
Under On Startup click on Set pages.
Click on the Websearch entry then click on the X next to it so it is deleted.
Close Google, reboot the system and then run Adwcleaner again and post the new log.
 
  • Like
Reactions: Alwele

·
Registered
Joined
·
4 Posts
Discussion Starter · #7 ·
# AdwCleaner v3.212 - Report created 09/06/2014 at 12:36:17
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : Hacker - ACER
# Running from : C:\Users\Hacker\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Hacker\AppData\Roaming\Mozilla\Firefox\Profiles\77e1wb47.default\prefs.js ]

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Hacker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2798 octets] - [07/06/2014 23:40:39]
AdwCleaner[R1].txt - [1109 octets] - [08/06/2014 19:26:33]
AdwCleaner[R2].txt - [1120 octets] - [09/06/2014 12:34:08]
AdwCleaner[S0].txt - [2867 octets] - [07/06/2014 23:46:10]
AdwCleaner[S1].txt - [1173 octets] - [08/06/2014 19:27:43]
AdwCleaner[S2].txt - [1042 octets] - [09/06/2014 12:36:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1102 octets] ##########
 

·
Registered
Joined
·
14,153 Posts
That has done the trick and we now have a clean log.

If there are no other issues you need help with then we are done. I would recommend you keep Adwcleaner and run regular scans with it.
 
  • Like
Reactions: Alwele
1 - 8 of 8 Posts
Status
Not open for further replies.
Top