ExTS Admin Starbuck Posted October 7, 2012 ExTS Admin Posted October 7, 2012 Thanks for that link because I've now got Babylon on my computer which I'm struggling to delete. Please explain. What link are you referring to? Are you saying that the download for AdwCleaner installed Babylon??? ( which is not possible) or that you are using it to remove Babylon? The report doesn't show any sign of Snap.do or Babylon. Quote Member of:UNITE
Rosmon Posted October 8, 2012 Author Posted October 8, 2012 Snap.do to Babylon Hi Starbuck, Yes I am saying AdwCleaner installed Babylon onto my computer, or something in the link. I clicked the link and I saw three arrows shoot down to point to three downloads on the bottom left of my screen. I clicked on the first which came up as some kind of media player, which didn't sound right, but Windows Explorer opens photograph files, so I went with it wondering what its function was and discovered Babylon had been installed. The last time I got Babylon on my computer, I had so little experience with computers that I simply went back to factory setting and re-installed everything. If Babylon didn't come with the AdwCleaner and the media player download, it came with the second OTL run that I did mistakenly again just before that, from another link in this thread, (because I clicked on the wrong link in the thread: it's getting so long that I didn't notice that were onto a second page now), which I posted in a recent reply. I can't believe that Babylon came with AdwCleaner too, but what I have described is what happened; it appeared immediately after the download(s):confused:. I went to another forum to find out how to get rid of Babylon. It's not a unique problem and there was an archive thread that I followed that recommended running AdwCleaner. I trusted it from the other forum thread as I believed that the software is legit, and lightening would not strike in the same place twice. I ran it: it worked to a point (The first tab opened on Google is still Babylon, but the second is not. It is not on the Browser list in Google settings. It is not present on Firefox, and IE, and AdwCleaner removed the German Bing bar too from IE: which I have been trying to do for ages:)) . I posted the report on their forum: I then got a snotty message from someone for acting independently. They wanted a Hijack This report that I have done. I look forward to your reply. Rosmon Quote
ExTS Admin Starbuck Posted October 8, 2012 ExTS Admin Posted October 8, 2012 I clicked the link and I saw three arrows shoot down to point to three downloads on the bottom left of my screen. I clicked on the first which came up as some kind of media player, This i just don't understand. The link i gave for AdwCleaner was a direct download link. I've just used the link in my previous post and got this: http://img.photobucket.com/albums/v708/starbuck50/Capture1.png No arrows, nothing.... just the AdwCleaner download box. The download is hosted by Bleeping Computer ( which is a very trusted site and actually it was this site that trained me in Malware Removal) so all of their downloads will be free of any type of adware/malware etc. If Babylon didn't come with the AdwCleaner and the media player download, it came with the second OTL run There is no way that Babylon came with OTL either. Old Timer spends a lot of his time giving us tools to remove things like Babylon. He is one of the most respected guys in the Malware Removal community. If the OTL program was already on your system there is no way that it could have caused anything to be downloaded. ( it doesn't use the internet at all) Your download for AdwCleaner doesn't sound anything like the download it was meant to be. Look at my screenshot. Did you have any other tabs or windows open when trying to download the program? I posted the report on their forum: I then got a snotty message from someone for acting independently. They wanted a Hijack This report that I have done HijackThis is about as much use as a chocolate fire guard. It's very out of date and doesn't give very much information at all. Did you follow the instructions i gave for AdwCleaner? Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. You will be prompted to restart your computer. A text file will open after the restart. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[s1].txt as well. You never posted the report for me. Quote Member of:UNITE
Rosmon Posted October 8, 2012 Author Posted October 8, 2012 Snap.do to Babylon Hi Starbuck, Yes, I must have been online when I connected to the link for AdwCleaner but I can't remember what else, if anything, was open at the same time. I'm not a particularly adventurous surfer so it's highly unlikely that I had anything risky open in the background. I can clearly remember that three downloads came at the same time. And for sure you're right, I ran OTL from my computer. Now for an interesting list; Esetsmartin, AdwCleaner, Revo Uninstaller, and finally the Malware program that successfully found the malware: Malwarebytes. I ran all of the above but the only one that found the malware identified as 'WLC MediaPlayer (or VLC MediaPlayer) - PUP Bundelns' was malwarebytes. I'm not sure if all of the other programs are for malware removal so not a fully fair comparison. Even so, when I open up Google the first tab is still Babylon, the subsequent tabs are Google, but Babylon is not listed as a Browser in 'Manage Browsers' under settings. A full scan by Malwarebytes takes quite a while to complete so I was happy to hear the ping from the computer when it was finished and duly removed the malware. I checked in my programs and it was still listed in them so I deleted it from there too, just to make sure. Incidentally, that ping was the last sound that I have heard from my computer. Yes, isn't that just the best, my computer has no sound again. I'm right back to where I started when I first contacted freepchelp; remember, 'no sound on my computer' just less than one month ago. Whatever that malware was it took my computer's sound with it. I've checked back to KenB's postings about the sound problem, but found the link download not so useful. It downloaded onto my computer OK, but when I double clicked on the program and went into the selection boxes and clicked through there was no confirmation of what it was doing and what had been completed, and still no sound. Though I haven't had time to go through this again thoroughly yet. For what this is worth now, here is the report from AdwCleaner. I posted the other one but it again seemed to vanish in the ether. # AdwCleaner v2.003 - Logfile created 10/07/2012 at 16:36:26 # Updated 23/09/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : ****** - ****** # Boot Mode : Normal # Running from : C:\Users\******\Downloads\adwcleaner (2).exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Browser Manager ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\Browser Manager Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Users\Roland\AppData\Roaming\Babylon Folder Deleted : C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23765~1.24\{16cdf~1\browse~1.dll Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000} Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Tarma Installer Key Deleted : HKU\S-1-5-21-2723320869-2266038694-3479430049-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=114435&tt=071012_24_4012_5&babsrc=HP_ss&mntrId=9a0ba1e500000000000000fff16bee29 --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.babylon.com/?affID=114435&tt=071012_24_4012_5&babsrc=HP_ss&mntrId=9a0ba1e500000000000000fff16bee29 --> hxxp://www.google.com -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ry947akd.default\prefs.js C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ry947akd.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=114435&tt=071012_24_4012_5&b[...] Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.id", "9a0ba1e500000000000000fff16bee29"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15620"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.714:15:26"); Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=114435&tt=071012_24_4012_5&babsrc=KW_ss&m[...] -\\ Google Chrome v [unable to get version] File : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=114435&tt=071012_24_4012_5&babsrc=HP_ss&mntrId=9a0ba1e500000000000000fff16bee29" ] Deleted [l.1829] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=114435&tt=071012_24_4012_5&babsrc=HP_ss&mntrId=9a0ba1e500000000000000fff16bee29" ] ************************* AdwCleaner[s1].txt - [5650 octets] - [07/10/2012 16:36:26] ########## EOF - C:\AdwCleaner[s1].txt - [5710 octets] ########## Rosmon. Quote
Rosmon Posted October 8, 2012 Author Posted October 8, 2012 Snap.do to Babylon Hi Starbuck, I can't remember if I did the Esets scan. Would the report have been just a few lines long. Was it that that found the Yontoo? The good news about my sound problem is that I have an x next to the speaker, so this time it's probably a software problem and won't need a factory fix. I look forward to your reply Rosmon. Quote
ExTS Admin Starbuck Posted October 9, 2012 ExTS Admin Posted October 9, 2012 Hi Rosmon, Even so, when I open up Google the first tab is still Babylon, the subsequent tabs are Google, but Babylon is not listed as a Browser in 'Manage Browsers' under settings Take a look at this link and see if it helps with removing the last traces of Babylon. https://productforums.google.com/forum/?fromgroups=#!topic/chrome/vjpeIIc9HvQ[1-25] I'm not a particularly adventurous surfer so it's highly unlikely that I had anything risky open in the background. Believe it or not i picked up a stupid little piece of malware about 12 months ago, just by clicking on a picture in a google search. It's so easy to get infected these days.... even from a legit website. Now for an interesting list; Esetsmartin, AdwCleaner, Revo Uninstaller, and finally the Malware program that successfully found the malware: Malwarebytes. I ran all of the above but the only one that found the malware identified as 'WLC MediaPlayer (or VLC MediaPlayer) - PUP Bundelns' was malwarebytes. I'm not sure if all of the other programs are for malware removal so not a fully fair comparison Yes, those programs will or search for or perform different functions. Eset: Is a free and powerful online virus detection tool to remove malware using only your web browser without having to install antivirus software AdwCleaner: is designed to remove : Adwares Toolbars Hijackers Potentially Unwanted Programs ( PUPs ) Revo Uninstaller: helps you to uninstall software and remove unwanted programs installed on your computer. I can't remember if I did the Esets scan. Would the report have been just a few lines long. Was it that that found the Yontoo? Yes it was Eset that found a trace of Yontoo. But it found it in the OTL quarantine folder. ( so it had already been made safe) The good news about my sound problem is that I have an x next to the speaker First thought is..... have you or anything else inadvertently 'muted' the speakers? If the speakers are muted you will get a cross next to the icon. Quote Member of:UNITE
Rosmon Posted October 10, 2012 Author Posted October 10, 2012 Snap.do to Babylon Hi Starbuck, The malware problem has been solved:) The no sound problem hasn't. I have two new postings. The sound problem is under 'Hardware Issues', although I think it should be somewhere under software. The sound icon has now disappeared from the system tray so things have got worse. The second is also under 'Hardware Misc.' as I'm looking for a new computer. Rosmon. Quote
ExTS Admin Starbuck Posted October 11, 2012 ExTS Admin Posted October 11, 2012 Hi Rosmon Sorry for the late reply. The malware problem has been solved The no sound problem hasn't. Yes, we have sorted any malware problem.... but good to see you have posted separately about the sound problem. :) As we have finished with the malware investigation, we'll finish off the cleaning process. Step 1 Restart MBAM. Click on the Quarantine tab If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 Download OTC and save it your Desktop. Double click the OTC icon to run the program. Click the 'CleanUp' button. This utility will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed if it's installed. Step 3 Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools may not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Click Start >> Computer >> System Properties >> System Protection. Here you have a list of hard drives and partitions available in your computer - mostly just one. Select the drive that has "(System)" written after it and click Configure. select Turn off system protection under Restore Settings and click Delete button. Click Continue in confirmation window and click Close after the restore points have been deleted. Then click OK to close properties for the drive. Now reboot the system. Follow the above procedure again, only this time click Restore system settings and previous Versions of files. Then click OK. Your System restore will now be active again... starting with a new restore point. To find out how you may have been infected....read this topic: How did i get infected? Not all of the following information will be applicable to you, but it's still best to read it all. Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Use an AntiVirus Software Avira AntiVir ... see note* ....installation guide Here Avast free MS Security Essentials ... see note** ... installation guide Here Note*: Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation. Note**: Upon installation MS Security Essentials will check that your OS is a legal copy. Only install one AntiVirus program [*]Update your AntiVirus Software regularly [*]Use a 3rd party Firewall Online Armor Free ZoneAlarm ...Important note below NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option. Only install one software Firewall Some 3rd party Firewalls will turn off the windows firewall when they are installed. It's always best to check that the Windows Firewall is turned off: How to turn off Windows Firewall: Start ... Control Panel ...click on 'Classic View'. now select Windows Firewall. When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner: Installing another scanner that you can run once or twice a week is always beneficial. Something like: Malwarebytes Anti-Malware SUPERAntiSypware Remember to update these programs each time before running. You can install more than one of these if you only run them as stand alone programs. [*] Use an alternative browser: Some excellent alternatives to MS Internet Explorer are: Firefox For added security, add the NoScript extension to this browser: Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks also consider adding: WOT - Safe Browsing Tool Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web. Btw: you don't have to make a contribution. Opera They offer better security, more stability, and better speed. [*]Keep a backup of your registry Keeping a regular backup of your registry will help when something goes wrong. Use a program like: Erunt A full tutorial on how to set up and use Erunt can be found here: Erunt tutorial [*]Keep your system clean of temp files etc, using a 'Cleaner': Cleaners are programs that will help to clean out your: Windows temp files Current user temp files Cookies Temporary Internet flies Browser history Recycle bin Etc....... In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc. Programs like: TFC by OldTimer ATF Cleaner [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Glad I was able to help. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.