Johnboy63 Posted June 17, 2015 Posted June 17, 2015 Hi Can you advise how to remove the Dregol search virus? Think was installed when I did a adobe update that looked suspect, kind regards John Have ran Norton but no good Quote
seedy21 Posted June 17, 2015 Posted June 17, 2015 To help us to be able to assist you in quick and efficient way, we need to ask that you run the following programs as a minimum and post the reports as asked for. If you have problems posting the reports ( if they are too big) feel free to add them as attachments. The reports will give us a good starting point in recognizing any malware/problems with your system. Also don't forget to inform us of anything you have already tried to remove the malware/problem. Step 1 Scan your computer with Malwarebytes Anti Malware Download Malwarebytes Anti-Malware Free and save it to your desktop Double click the desktop icon, click Run, then OK Click Next Select I accept the agreement then continue to click Next then finally click Install A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program Click Finish If you are notified the Database is out of date click Update Now http://img.photobucket.com/albums/v708/starbuck50/mbamnew_zpsdc989cc1.png Click Scan Now >> A Threat Scan will begin. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes. . (Copy to clipboard for pasting into forum replies) After the restart once you are back at your desktop, open MBAM once more. Click on the History tab >> Application Logs. http://img.photobucket.com/albums/v708/starbuck50/mbamapplog_zps222887ef.png Double click on the scan log which shows the Date and time of the scan just performed. Click 'Copy to Clipboard' http://img.photobucket.com/albums/v708/starbuck50/mbamhis_zps7bfe6503.png Paste the contents of the clipboard into your reply. Step 2 Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste this to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste this to your reply also. When FRST is run it will make a backup of your registry before compiling the report. Is your system the target of Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers If so, please add this additional step. Please download AdwCleaner by Xplode onto your desktop. Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator. Click on the Scan button. AdwCleaner will begin to scan your computer. After the scan has finished... Click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. . To summarize: In your post, please supply: MBAM scan report FRST.Txt and Addition.Txt. Plus the ADWCleaner report if applicable. If you have any problems running any of the above requests, please inform the helper that replies to you. Whilst we are helping you, please don't run other programs/scans without our knowledge .... it only confuses things. Thanks. Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Johnboy63 Posted June 18, 2015 Author Posted June 18, 2015 Dregol Virus To help us to be able to assist you in quick and efficient way, we need to ask that you run the following programs as a minimum and post the reports as asked for. If you have problems posting the reports ( if they are too big) feel free to add them as attachments. The reports will give us a good starting point in recognizing any malware/problems with your system. Also don't forget to inform us of anything you have already tried to remove the malware/problem. Step 1 Scan your computer with Malwarebytes Anti Malware Download Malwarebytes Anti-Malware Free and save it to your desktop Double click the desktop icon, click Run, then OK Click Next Select I accept the agreement then continue to click Next then finally click Install A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program Click Finish If you are notified the Database is out of date click Update Now http://img.photobucket.com/albums/v708/starbuck50/mbamnew_zpsdc989cc1.png Click Scan Now >> A Threat Scan will begin. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes. . (Copy to clipboard for pasting into forum replies) After the restart once you are back at your desktop, open MBAM once more. Click on the History tab >> Application Logs. http://img.photobucket.com/albums/v708/starbuck50/mbamapplog_zps222887ef.png Double click on the scan log which shows the Date and time of the scan just performed. Click 'Copy to Clipboard' http://img.photobucket.com/albums/v708/starbuck50/mbamhis_zps7bfe6503.png Paste the contents of the clipboard into your reply. Step 2 Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste this to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste this to your reply also. When FRST is run it will make a backup of your registry before compiling the report. Is your system the target of Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers If so, please add this additional step. Please download AdwCleaner by Xplode onto your desktop. Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator. Click on the Scan button. AdwCleaner will begin to scan your computer. After the scan has finished... Click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. . To summarize: In your post, please supply: MBAM scan report FRST.Txt and Addition.Txt. Plus the ADWCleaner report if applicable. If you have any problems running any of the above requests, please inform the helper that replies to you. Whilst we are helping you, please don't run other programs/scans without our knowledge .... it only confuses things. Thanks. Hi Please find attached reports as requested, my anti virus (Norton) did not allow me to run the FARBAR recovery tool, but I completed other scans: # AdwCleaner v3.023 - Report created 11/04/2014 at 15:30:01 # Updated 01/04/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Home User - HOME-736DDA8847 # Running from : C:\Documents and Settings\Home User\My Documents\Downloads\AdwCleaner(5).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\Mega Browse Folder Deleted : C:\DOCUME~1\HOMEUS~1\LOCALS~1\Temp\Mega Browse ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Documents and Settings\Home User\Application Data\Mozilla\Firefox\Profiles\pszjxes4.default\prefs.js ] -\\ Google Chrome v34.0.1847.116 [ File : C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted : homepage ************************* AdwCleaner[R0].txt - [6646 octets] - [26/03/2014 11:33:22] AdwCleaner[R1].txt - [1206 octets] - [26/03/2014 11:55:56] AdwCleaner[R2].txt - [1607 octets] - [11/04/2014 13:28:31] AdwCleaner[R3].txt - [1667 octets] - [11/04/2014 15:28:35] AdwCleaner[s0].txt - [5450 octets] - [26/03/2014 11:34:46] AdwCleaner[s1].txt - [1381 octets] - [11/04/2014 15:30:01] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1441 octets] ########## # AdwCleaner v4.206 - Logfile created 18/06/2015 at 16:43:16 # Updated 01/06/2015 by Xplode # Database : 2015-06-17.1 [server] # Operating system : Windows 7 Ultimate Service Pack 1 (x86) # Username : John - JOHN-PC # Running from : C:\Users\John\Downloads\AdwCleaner (2).exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Google Chrome v43.0.2357.124 -\\ Chromium v ************************* AdwCleaner[R0].txt - [9767 bytes] - [26/03/2014 11:33:22] AdwCleaner[R1].txt - [4331 bytes] - [26/03/2014 11:55:56] AdwCleaner[R2].txt - [2669 bytes] - [11/04/2014 13:28:31] AdwCleaner[R3].txt - [1667 bytes] - [11/04/2014 15:28:35] AdwCleaner[s0].txt - [8598 bytes] - [26/03/2014 11:34:46] AdwCleaner[s1].txt - [2449 bytes] - [11/04/2014 15:30:01] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2508 bytes] ########## Malwarebytes Anti-Malware http://www.malwarebytes.org Scan Date: 29/08/2014 Scan Time: 20:39:20 Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.29.05 Rootkit Database: v2014.08.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: John Scan Type: Threat Scan Result: Completed Objects Scanned: 309736 Time Elapsed: 19 min, 17 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.SuperFish.A, HKU\S-1-5-21-1978370848-2600541842-2022620587-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [abaed1fb1e5dfa3cdc6a5e9afc06f60a], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.OpenCandy, C:\Users\John\AppData\Roaming\OpenCandy, Quarantined, [9dbc8f3daccf78bed10a4f738280f20e], PUP.Optional.OpenCandy, C:\Users\John\AppData\Roaming\OpenCandy\950CF28549864554BB693F30ABE56454, Quarantined, [9dbc8f3daccf78bed10a4f738280f20e], PUP.Optional.OpenCandy, C:\Users\John\AppData\Roaming\OpenCandy\C29BE172452F48338A359ADFBAEA8F49, Quarantined, [9dbc8f3daccf78bed10a4f738280f20e], Files: 5 PUP.Optional.OpenCandy, C:\Users\John\AppData\Roaming\OpenCandy\950CF28549864554BB693F30ABE56454\SkypeSetupFulltrackable-6.16.0.105.exe, Quarantined, [9dbc8f3daccf78bed10a4f738280f20e], PUP.Optional.OpenCandy, C:\Users\John\AppData\Roaming\OpenCandy\C29BE172452F48338A359ADFBAEA8F49\speedupmypcUK.exe, Quarantined, [9dbc8f3daccf78bed10a4f738280f20e], PUP.Optional.OpenCandy, C:\Users\John\AppData\Roaming\OpenCandy\C29BE172452F48338A359ADFBAEA8F49\speedupmypcUK_p3v1.exe, Quarantined, [9dbc8f3daccf78bed10a4f738280f20e], PUP.Optional.Conduit.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?ctid=CT3325806&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP980D02FF-5865-4AD6-A765-F45FF68775BD&SSPV=",), Replaced,[97c2a12b691234020317ba5dda2bc937] PUP.Optional.Conduit.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?ctid=CT3325806&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP980D02FF-5865-4AD6-A765-F45FF68775BD&SSPV=", "http://start.mysearchdial.com/?f=1&a=srf_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtDtDyCyE0FyB0BzytCzytD0CyDzy0FtN0D0Tzu0SzztCyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzz0D0DyC0A0DyDtGtA0CtAtBtGtAtCzzyCtG0DtDtC0EtGyD0CtBtA0EtD0CtA0EyDyBtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0B0FyB0DyDtByCtGyC0D0E0EtG0Bzy0DtCtG0EtByCtAtGyDtByDyEyEtDzzyEyBtBtBtA2Q&cr=932044362&ir=", "http://www.google.com/" ],), Replaced,[90c90bc12c4f191d0348f91efb0acc34] Physical Sectors: 0 (No malicious items detected) Many thanks for your help in this matter kind regards John Fairlamb hi Quote
seedy21 Posted June 19, 2015 Posted June 19, 2015 Hi John, Please can you disable your Anti-virus before downloading and running FRST ? Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. Quote “It's only after we've lost everything that we're free to do anything.”― Chuck Palahniuk, Fight Club http://www.geekstogo.com/downloads/unite_blue.png Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.