Tool Bar 888 and Adrotator on my lap top!

[And 75]

Hi a newbie here, about a month ago down loaded a file from Lime Wire (never again) and woe behold my lap top starting going hay wire pop ups and all sorts.

Anyway used adaware se, xsoft spy 04, norton 07 and avg free, has got rid of most of the nasties but having trouble to get rid of tool bar888 and adrotator and a few data miners

Also help on fully removing norton 07. As was a waste of time and money

All help much appreciated


Many Thanks
Andrew

 

[kitty500cat]

If you got trouble removing Norton, you might try this thread: How to get rid of Symantec/Norton (for good!!.

In any case, check out the Viruses/spyware/malware preliminary removal instructions and follow the instructions exactly. Then post fresh HJT and AVG logs as attachments as per this thread. Then we can see how badly your system is infected.

Cheers and welcome to TechSpot!

This thread is for the use of and 75 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.

 

[And 75]

Ok thanks for the information, will try later and post the HJT and Avg log files
and see how we are doing


Andrew

 

[Rik]

If you have any problems with removing Norton, then here is a set of instructions which should help you.

Download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - https://www.techspot.com/vb/topic57112.html

Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.


This thread is for the use of and 75 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.

 

[And 75]

Sorry for the delay, have run AVG nothing found, as with avg spy ware and sb s&d and adaware personnel se have run the HJT log file, attached, can any tell me if system is clean

Tool Bar 888 pop up has stopped I think

Any advice would be much appreciated

Andrew



View attachment hijackthis.log

 

[howard_hopkinso]

Hello and welcome to Techspot.

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

This is the filepath you need to enter into Vundofix.

C:\WINDOWS\system32\br_rt.dll

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

Update.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: mycpmads.com Browser Optimizer - {582FDCF0-A82E-4fc1-A6F6-0D2F36881F63} - C:\WINDOWS\system32\br_rt.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [{3A2ACFCC-06C5-2057-0120-052002c}] "C:\Program Files\Common Files\{3A2ACFCC-06C5-2057-0120-052002c}\Update.exe" mc-110-12-0000137

O4 - HKLM\..\Run: [{3A2ACFCC-0320-2057-0120-052002c}] "C:\Program Files\Common Files\{3A2ACFCC-0320-2057-0120-052002c}\Update.exe" mc-110-12-0000137

O4 - HKLM\..\Run: [adstart] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\br_rt.dll" DllVerify

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Common Files\{3A2ACFCC-06C5-2057-0120-052002c}\Update.exe

C:\Program Files\Common Files\{3A2ACFCC-0320-2057-0120-052002c}\Update.exe

Reboot into normal mode and rehide your protected OS files.

Rename HijackThis.exe as per THESE instructions and post a fresh HJT log.

Regards Howard

This thread is for the use of And 75 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[And 75]

Hi many thanks for the help, have followed as per instructions and have attached an upto date HJT log, can you tell me if my system is now clean, is a bit slow, but only have 256mb of ram so intend to upgrade ram.

Also notice Yahoo tool bar that I did not put there, how do I get rid of this.

Plus have to fully remove Norton.

Hopefully no more pop ups or anything else
Thanks again
Andrew



View attachment 12615

 

[Rik]

Rename HijackThis.exe as per THESE instructions and post a fresh HJT log.

You have not followed this part of Howard's instructions, it is very important that you do so and then post a new HJT log.



This thread is for the use of And 75 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[And 75]

Ah sorry, here is the hopefully the correct format for the hjt log

Andrew



View attachment 12616

 

[Rik]

You have still not done it correctly.

Taken from your hijackthis log - C:\DOCUME~1\HPUSER~1\LOCALS~1\Temp\Temporary Directory 2 for Analyze.zip\HijackThis.exe

The instructions clearly state the following - "Rename the Hijackthis.exe file to Analyze.exe. This is because some malware can hide from HijackThis.exe."


This thread is for the use of And 75 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[And 75]

Think last attachment was incorrect

So here is the correct one hopefully

Andrew




View attachment 12645

 

[howard_hopkinso]

Your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of And 75 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[And 75]

Many thanks to you Howard, Rik and Kitty Kat, lap top running much better and ordered more ram yesterday so should be sweet.


Least have learnt to ditch Norton, shocking.

Thanks again

Andrew

 

[kitty500cat]

Excellent. Glad to hear your problem's solved.

Cheers