Malwarebytes scare

Solved
By circusboy01
Nov 8, 2013
  1. I ran Malwarebytes last night, and it found 950 things. the majority were pup.options.ac..s.., and came from Smartbar.
    Smartbar ended up on my computer after I downloaded VLC. I always download custom, instead of express, and I uncheck, or click decline on everything I don't want. I remember on Smartbar I clicked decline.. But I got it anyway. I never even used it. I clicked on the icon it put onmy desktop, to see what it was. Immediately deleted it, and uninstalled it using programs and features. But, it still put 950 pups. on my computer. Whih really pisses me off
    I fixed all 950 problems, ran Malwarebytes again, and it came out clean.
    Just how serious a problem are pups. and smartbar?
  2. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    I'd call them annoyances but if you wish we can run some extra scans.
    Since you've been to this forum before you know what to do.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    I don't think I need a scan. Malwaerebytes seems to have gotten rid of all the pups.
    But you can do me a favor, if you will. I noticed, today, that a couple of other things sneaked onto my computer along with Smartbar. Snapdo and searchnu. I got rid of Snapdo using Programs and features, but I can't get rid of Searchnu. It's not in Programs and Features, Revo, Program files or Program files 86. I looked up Searchnu uninstalls. There was a bunch of them.Each one more complicated than the other..
    I was hoping you might have an easier way to get rid of it, or maybe you could tell what uninstall program to use.
    Oh yeah. Almost forgot. It's Google that Searchnu showed up on Thanks.
  4. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
  5. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    # AdwCleaner v3.012 - Report created 12/11/2013 at 01:39:17
    # Updated 11/11/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Raymond - COMPZILLA
    # Running from : C:\Users\Raymond\Downloads\adwcleaner(1).exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Raymond\AppData\Local\Temp\Smartbar
    Folder Deleted : C:\Users\Raymond\AppData\Roaming\UpdaterEX
    Folder Deleted : C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\pz41uprn.default\GamingWonderland
    File Deleted : C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\pz41uprn.default\searchplugins\ask-web-search.xml
    File Deleted : C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\pz41uprn.default\user.js
    File Deleted : C:\windows\System32\Tasks\Desk 365 RunAsStdUser
    File Deleted : C:\windows\Tasks\UpdaterEX.job
    File Deleted : C:\windows\System32\Tasks\UpdaterEX

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_desktop-calendar-reminder_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_desktop-calendar-reminder_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_desktop-calendar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_desktop-calendar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_rainlendar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_rainlendar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\Desksvc
    Key Deleted : HKLM\Software\hdcode
    Key Deleted : HKLM\Software\Tarma Installer
    Key Deleted : HKLM\Software\V9
    Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16720


    -\\ Mozilla Firefox v25.0 (en-US)

    [ File : C:\Users\Raymond\AppData\Roaming\Mozilla\Firefox\Profiles\pz41uprn.default\prefs.js ]

    Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.keywordEnabled", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.options.tabEnabled", true);
    Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "gamingwonderland@mindspark.com");
    Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=05F86F4E-9BB2-474B-AD6B-7EC22D990941&n=77fda2e9&ind=2013111017&p2=^Z7^xdm298^YYA^us&si=solitaireshark-2-1&searchfor=")[...]

    *************************

    AdwCleaner[R0].txt - [4419 octets] - [12/11/2013 01:27:41]
    AdwCleaner[R1].txt - [4482 octets] - [12/11/2013 01:38:38]
    AdwCleaner[S0].txt - [4447 octets] - [12/11/2013 01:39:17]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4507 octets] ##########
  6. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    As far as JRT goes. I don't know how to shut down any of my protection except Avast..
  7. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Avast is the only thing you need to shut down.
  8. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    I don't know how to read the adwCleaner log, but nothing terrible stood out to me. So I'm guessing it came out okay. Right?
    I don't remember the name of the search engine, toolbar, or what ever it was that took over my GC, but I know it's gone. Thanks Broni
    Should I run adwCleaner and JRT every so often as a preventative measurement?
  9. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    Hey Broni; Me again. That thing that I couldn't remember the name of, isn't gone after all. It's Searchnu. I am just going to uninstall GC. Hopefully that will be the end of Searchnu.. I really don't need GC anyway. I can do a Google search from FF if I want. Also Yahoo,Bing and 2 or 3 others..
    Thanks again for help given.
  10. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    You're very welcome [​IMG]


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.