[ti]SOLVED[/ti]Repeated Outbound traffic by Norton & Fake Plugin Activity 2

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Google Chrome

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

You may want to read carefully all of this message first before starting the steps.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Download the Fixlist.exe file that is attached to your desktop.  Please double click on the file to start the self extractor; select to place the file on the desktop.  You can delete the Fixlist.exe file from your desktop once the Fixlist.txt file is on your desktop.

DO NOT DRAG AND DROP to download the script, it won't work properly for FRST.

The script tells FRST what to do.

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..."

When the tool opens click Yes to disclaimer. (if it still does)  Allow the tool to check for an update; the tool will inform you when it is ready to use.

Press the Fix button just once and wait. The script will be processed and your system restarted to complete the removal / breakage of the malware.



The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)


LAST >>>>

Chrome -> The malware has changed the version of Chrome to a less secure type. The only way to fix this is to uninstall Chrome and re-install it.

64 bit: Reboot your machine and then go to here and download a fresh installer for Chrome.

Double click on the downloaded file to install the latest version of Chrome. Your settings and extensions should be added automatically; please let me know if there are any errors with this.

Also, please tell me how your system is running now. Thanks.

Let us run a few checks to see if anything else is on the system .....

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

Read carefully

Download Adwcleaner from here to your desktop and run a scan.

You may have to right click adwcleaner.exe and choose "Run as Administrator" from the menu. (Click the Scan button to start the scanning).

It will create a log after it is finished scanning. If not (or if it just asks for you to uncheck what you don't wanted deleted), there is a LogFile button in the middle of the main window; click that and it will make the log file.

Once the report file is made, you can leave AdwCleaner running (but don't delete anything yet) or you can close it down (we can always get a fresh scan done before the deletions).

ONE SCAN ONLY, PLEASE

Attach or paste the log back here for review and further instructions. Thanks.

FIRST

Please run AdwCleaner again (if you don't have it running from the last scan) and

a) Click the Scan Button and wait for the scan to finish, (If Adwcleaner has been left open at the finish of the scan this is already done).

b) Make sure in your case all the items under each TAB are ticked / checked then.

c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.

d) It should create a new log afterwards (with S0 in the name).

e) Please attach or copy the log into your reply here.

---

SECOND

Malwarebytes' Anti-Malware
Please download the latest version of Malwarebytes' Anti-Malware from Here

Double Click on the mbam-setup.exe file to install the application.

Do not check on the Trial of Professional version. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link


Once the program has loaded and updated, select "Scan Now >>" to start the scan.


The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.


Please click on the Save results > link in the bottom right hand corner and select the Text file(*.txt) from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

Please attach the report file to a post here; I will review the file and script what needs to be removed.

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

---

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).



For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.



Double click on the icon on your desktop.



Check (accept) the Terms of Use.



Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start




ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.






When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.



At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).



Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.



Attach the saved log file in your next reply please. Thanks.