Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 6, 2014 14:06:27 GMT -8
a) Click the Scan Button and wait for the scan to finish, (If Adwcleaner has been left open at the finish of the scan this is already done). b) Make sure in your case all the items under each TAB are ticked / checked then. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot exampleIt will create a new log afterwards with [S0] in its name Quads
|
|
|
Post by choltz on Feb 7, 2014 12:42:39 GMT -8
Attachment DeletedHere is the file after scanning/cleaning with AdwCleaner. The file is 'S1' (maybe because I did run this application once before I entered this forum). I opened Google Chrome and rzr still resides there. My other browsers do not have pop-ups with rzr.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 7, 2014 14:06:33 GMT -8
I am thinking, some times the smallest things are the hardest to find (one or 2 little objects)
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 8, 2014 9:48:55 GMT -8
There is a theory on where it comes from and why it can only affect one browser but not the others (Say effects Chrome but not IE etc) and can affect both Windows and Mac.
It gets into the browser that was in use at the time by the fact it was that browser that was being used at the time when viewing a website, including legit good sites, when the webpage is loaded. If the user then says Oh somethings is up with that browser they may try with the others causing the same problem, load website BANG POPUPS. But if the user never used the other browsers on the offending website then the others don't have the problem.
Now for an example I will use CNN.com and Chrome.
If the offending website is CNN and the user uses Chrome to load CNN.com then boom the browser gets the popup problem. But if the user uses IE or Firefox which does not have the problem and if the user does not go to CNN the problem does not occur.
Now if the user completely reset the browser removing caches, cookies data etc. and that fixes the problem YAY but goes back to CNN.com and loads the website the problem reoccurs. as a Cookie piece of data or cache file is back in to the browser from CNN.
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 8, 2014 15:08:43 GMT -8
1. In the top right corner of the Chrome window, click on the icon that looks like three stacked horizontal lines. If you hover your mouse over it, it should read "Customize and control Google Chrome." Alternately, type " chrome://settings/" into your address bar and hit " Return." 2. Scroll down to the end of the page and click the link that reads, " Show advanced settings." 3. Scroll to the end of the page again and click the button labeled " Reset browser settings. 4. You'll get a pop-up window explaining what will happen if you reset browser settings. If you'd still like to do it after reading the explanation, click the " Reset" button Restart your system and then see if you get the popup in Chrome Quads
|
|
|
Post by choltz on Feb 8, 2014 16:53:41 GMT -8
Attachment DeletedI reset Google Chrome. After restarting the computer I opened Chrome and clicked in the search field (for Google); this is when the rzr pop up appears. I did not get the pop up on the initial tab. So I opened a new tab, clicked in the Google search field and there it was....the rzr pop up (see attached Word file with screen shots). Before we started this process I was getting pop ups anywhere I went in my browsers. Now it only happens when I click in the Google Chrome search field. I wonder if I should uninstall Chrome and reinstall (?).
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 8, 2014 17:13:10 GMT -8
Whatever you do don't click OK on the POPUPS I did notice 2 words in the web address I have seen before That's a few items Download OTL www.bleepingcomputer.com/download/otl/ On to the Desktop Click on the Blue Button on the download page Download Now @ Authors Site Disable Norton / Symantec for say 30mins Start OTL, (Right click and from the menu choose "Run as Administrator") Click the Scan All Users checkbox. Change file age to 90 days Press the An OTL.txt and extras.txt will be created. To attach back in a post Quads
|
|
|
Post by choltz on Feb 9, 2014 8:32:49 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 9, 2014 10:00:08 GMT -8
The search provider has come back and there are still extensions I am going to manually look up each numbers to see which I have to script to manually shift out of Chrome.
I have found one that is in Chrome but not in Firefox or IE so far but I have also found one that stands out in Firefox but is not in IE or Chrome,
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Feb 9, 2014 13:26:53 GMT -8
Disable Norton Start OTL, Right click "Run as Administrator" Under Copy and paste What I have put in the .txt file I have attached, It is in the correct line by line layout as it is to be for OTL to understand, what I want it to do. (include the : at the start of :OTL and all the way to the end / bottom) and run the script. (Red Run Fix Button) The output log, should be placed in the C:\_OTL\MovedFiles folder after, to attach back here. Looks like a txt file not a Folder Quads
|
|