Computer Hope
Software => Computer viruses and spyware => Topic started by: ExaBast on September 20, 2020, 09:02:52 AM
-
Hello and thanks for your help,
I have recently got some ads in chrome when searching something. I use Ublock Origin but it doesn't seem to care.
Here's a screenshot : https://imgur.com/a/vXxa44a
And here are the logs:
# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-20-2020
# Duration: 00:00:04
# OS: Windows 10 Home
# Cleaned: 2
# Failed: 2
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Tencent
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Not Deleted C:\Users\exxab\AppData\Local\Tencent
Not Deleted C:\Users\exxab\AppData\Roaming\Tencent
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
- Delete Tracing Keys
- Reset Winsock
*************************
AdwCleaner[S00].txt - [5746 octets] - [20/09/2020 15:15:39]
AdwCleaner[C00].txt - [3925 octets] - [20/09/2020 15:19:38]
AdwCleaner[S01].txt - [3295 octets] - [20/09/2020 16:40:09]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 9/20/20
Scan Time: 4:47 PM
Log File: 2b0572ca-fb50-11ea-a8ac-54e1ad3dac52.json
-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1045
Update Package Version: 1.0.30139
License: Trial
-System Information-
OS: Windows 10 (Build 18362.1082)
CPU: x64
File System: NTFS
User: LAPTOP-LGVVI57O\Bastien
-Scan Summary-
Scan Type: Quick Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 3699
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 0 min, 7 sec
-Scan Options-
Memory: Enabled
Startup: Disabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Disabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
Avast Antivirus
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java 8 Update 231
Java 8 Update 241
Java version 32-bit out of Date!
Google Chrome (85.0.4183.102)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Intel Intel(R) Online Connect Access IntelTechnologyAccessService.exe
Intel Intel(R) Online Connect Access LegacyCsLoaderService.exe
Intel Intel(R) Online Connect ioc.exe
Common Files Oracle Java javapath\AvastSvc.exe -?-
AVAST Software Avast aswEngSrv.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````[/u]
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
I can't see the picture that you posted. Try to post the picture again. The scan shows you are running more than one AV on your computer: Avast and Windows Defender. WD is the resident AV that comes with Windows 10. One Av should be disabled.
-
Here's the screenshot again: https://imgur.com/a/epX1x0x
I actually managed to find the name of the malware, it's "findsearchresults.info"
Also uninstalled Avast
-
You will need to go to Control Panel, Programs and Features and look for any suspicious program that was installed just prior to this event happening on your computer. If you can find one, please uninstall it and run MBAM and Adwcleaner again.
-
I checked the programs and there isn't any i don't know.
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 9/22/20
Scan Time: 4:56 PM
Log File: c569b526-fce3-11ea-81ac-54e1ad3dac52.json
-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1045
Update Package Version: 1.0.30250
License: Trial
-System Information-
OS: Windows 10 (Build 18362.1082)
CPU: x64
File System: NTFS
User: LAPTOP-LGVVI57O\Bastien
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 344487
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 57 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-22-2020
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 16
# Failed: 2
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Tencent
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Not Deleted C:\Users\exxab\AppData\Local\Tencent
Not Deleted C:\Users\exxab\AppData\Roaming\Tencent
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Users\exxab\AppData\Local\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Deleted Preinstalled.LenovoServiceBridge Folder C:\Users\exxab\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Deleted Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Deleted Preinstalled.LenovoUpdate Folder C:\Program Files (x86)\LENOVO\SYSTEM UPDATE
Deleted Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08}
Deleted Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1
Deleted Preinstalled.LenovoUtility Folder C:\Program Files\LENOVO\LENOVOUTILITY
Deleted Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|LenovoUtility
Deleted Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|LenovoUtility
Deleted Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1
*************************
- Delete Tracing Keys
- Reset Winsock
*************************
AdwCleaner[S00].txt - [5746 octets] - [20/09/2020 15:15:39]
AdwCleaner[C00].txt - [3925 octets] - [20/09/2020 15:19:38]
AdwCleaner[S01].txt - [3295 octets] - [20/09/2020 16:40:09]
AdwCleaner[C01].txt - [1911 octets] - [20/09/2020 16:41:12]
AdwCleaner[S02].txt - [3417 octets] - [22/09/2020 17:00:10]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
-
Please re-set Google Chrome to its defaults. If you can't do that uninstall Chrome and re-install it.
-
I was hoping I didn't have to, but oh well.
Symptoms are gone, thanks a lot!
-
Nevermind they're back...
The only thing I downloaded was the media creation tool for windows 10 : https://support.microsoft.com/de-ch/help/15088/windows-10-create-installation-media
-
This is a browser hijacker. You can find more information here. (https://malwaretips.com/blogs/remove-findsearchresults-info/) Usually resetting your browser to its defaults cures the problem.
-
I know, I did my own research on it.
It's still there though :/
-
Did you try any of the methods suggested? Does it do it on other browsers?
-
Sorry for the delayed response.
I tried what I could find, including the browser reset. I checked if the problem occurs on MS Edge and it doesn't.
-
The problem is with Google Chrome. Uninstall Chrome and re-install a fresh copy to see if that helps.