Solved

removing keybar malware?

Posted on 2013-06-02
9
703 Views
Last Modified: 2013-06-03
i went to the wrong site to download gimp (gimpsoft.com, i think).. it put some junk (PC Speed Fix/24x7 Help malware) in the system which was trying to overtake. (in the name of gimp, they gave a malware file, basically, which i was fooled into).

so i went in safe mode and restored it to a point before i went to the above site.

when i booted the computer, i dont see the 24x7 windows popping up anymore.. but i in FF, i see the page for keybar  

so i ran malware bytes, but it did not find anything.. so i ran combofix and also adwcleaner  .. do you see any reference to any malware removed or concerns? do you think the system is OK and past the concern of whatever 24x7 might have put in?
0
Comment
Question by:25112
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 5

Author Comment

by:25112
ID: 39215107
attached is the keybar screen and also the log from comboxfix and adwcleaner..

should i run the 'delete' on adwcleaner? or dont need to now? is there any downside to running the delete on adwcleaner, if i just want to be sure, it get anymalware if any left?
adwcleaner.png
keybar.png
AdwCleaner-R1-.txt
ComboFix.txt
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 300 total points
ID: 39215110
Can't see any attachments.
0
 
LVL 5

Author Comment

by:25112
ID: 39215112
i ran TDSS, too.. please see attached log for that, too, please.
TDSSKiller.2.8.16.0-02.06.2013-1.txt
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 24

Assisted Solution

by:aadih
aadih earned 300 total points
ID: 39215119
Yes. Delete what adwcleaner asks to delete.

Also did you try system restore to an earlier date?  It's a good way to fix problems. After doing the restore, scan with MBAM and ad-cleaner, just to be sure.
0
 
LVL 5

Author Comment

by:25112
ID: 39215203
thank you- i ran DELETE on ADW, and attached is the log.. i see it removed some folders.. do you recommend anymore?
AdwCleaner-S1-.txt
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 300 total points
ID: 39215212
Your PC is clean of ad wares now.

Just to be sure do a quick scan with MBAM.  If it comes clean, no worries; enjoy using your PC.
0
 
LVL 1

Assisted Solution

by:mstickler1
mstickler1 earned 100 total points
ID: 39215254
You may want to check you homepage in each of your browsers that's probably what is coming up.

Also I like hitman pro as one last check.
0
 
LVL 28

Accepted Solution

by:
Thomas Zucker-Scharff earned 100 total points
ID: 39215259
try  running  spydllremover  and spy bhoremover.  these should make sure.
0
 
LVL 5

Author Comment

by:25112
ID: 39216037
yes- thanks a lot!
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question