rebsy
New Helpee
Posts: 17
|
Post by rebsy on Aug 13, 2015 7:29:54 GMT -8
I recently got rid of the Offers4U banners that kept popping up thanks to the help of DBRISEN but today I noticed they've started popping up again. Can I run the same programs in the same order as before or do I have to start another process? Mozilla Firefox 38.0.5 Windows 8.1 64-bit AMD E1-2500 APU Radeon HD 8240 graphics I've provided my system details just in case I need to start again. I did try and post it in the old thread but it's been closed. qmalwareremoval.freeforums.net/thread/1680/offers4u-removal-help
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Aug 13, 2015 22:29:25 GMT -8
Sorry but I will need fresh FRST logs to see what is going on. This particular piece of adware is still being modified as the removalists work to clean it out of the Internet. Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop. Place FRST64.exe onto your desktop from where ever it downloaded to. IF IT IS NOT ON THE DESKTOP (YOU DID NOT DOWNLOAD DIRECTLY TO DESKTOP), THEN RIGHT CLICK ON THE DOWNLOADED FILE AND SELECT CUT. FIND A BLANK SPOT ON YOUR DESKTOP AND RIGHT CLICK ON IT, SELECT PASTE AND THE FILE WILL BE ON THE DESKTOP. Thank You (this is very important later on)! Start FRST64 that is on your Desktop by right clicking on it and selecting "Run as Administrator..." .The tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these). Notes:If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file. Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com or pastebin.com to upload the file and then post the download link here in your reply post.
|
|
rebsy
New Helpee
Posts: 17
|
Post by rebsy on Aug 15, 2015 2:47:55 GMT -8
Thank you for helping me again. Sorry if I'm being a bit of a pain! As I said last time this is a shared family computer so I do try and keep everything safe. I've ran the scan and attached the logs. I've uploaded the addition.txt via pastebin pastebin.com/UUVQfCBPQuick question, why does my Norton antivirus not pick this particular piece of adware up if it's coming from a download? Attachments:FRST.txt (35.5 KB)
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Aug 16, 2015 21:37:52 GMT -8
You got to get rid of Pokki. They get part of their income from ads and other things. I would suggest ClassicShell ; it is free and actually adds some features back that MS removed from Win8 / 8.1 menus. Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed): Pokki Start MenuTo do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window. Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.
|
|
rebsy
New Helpee
Posts: 17
|
Post by rebsy on Aug 19, 2015 4:46:29 GMT -8
Is that where it keeps coming from then...my PC did an update not so long ago.
Before I start uninstalling can I check a few things....Do I need to replace Pokki with ClassicShell or can my system operate without either? Is it going to alter the whole of my start menu ie apperance, how it works...
Sorry if the questions seem a bit stupid.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Aug 19, 2015 21:11:33 GMT -8
Never hesitate to ask questions until you understand. Only way to learn new information.
Yes, your system can operate without Pokki or ClassicShell but you will have the native Win8.1 Start Menu and a lot of people found that Menu so different from the XP / Vista / Win7 Start Menu that it really hindered their ability to use their system. The choice is up to you.
|
|
rebsy
New Helpee
Posts: 17
|
Post by rebsy on Sept 2, 2015 3:21:30 GMT -8
Sorry I haven't contacted you in a whil I've been busy with work. I'm still undecided about getting rid of Pokki. I've been trying to find somewhere on the web where I can see the native Win 8 menu before I uninstall but I haven't had any luck.
Is there anyway we can get rid of the banners like before without uninstalling Pokki for the minute?
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Sept 2, 2015 21:13:26 GMT -8
Let's skip the Pokki thing for now and see if we can fix the adware first. Download zoek.exe from here: Zoek.exe at Bleepingcomputer[/font][/b][/a] or here you can read a manual how to disable your security applications.) Doubleclick zoek.exe to start the program. Copy and paste the following script in the code box: Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!: createsrpoint; autoclean; chrdefaults; FFdefaults; bitsadmin /reset /allusers >>"%temp%\log.txt";b emptyalltemp; resetIEproxy; ipconfig /flushdns >>"%temp%\log.txt";b
Close any open browsers. Click the " Run script" button and wait patiently. When finished the logfile will be opened in notepad. If a reboot is needed the logfile will be opened after reboot. The zoek-results.log can also be found on your system drive. Please post the logfile for further review in your next comment.[/ul]
|
|
rebsy
New Helpee
Posts: 17
|
Post by rebsy on Sept 8, 2015 3:02:49 GMT -8
Ran Zoek as instructed and I have attached to log file to this reply. Attachments:zoek-results.txt (8.07 KB)
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Sept 8, 2015 20:08:54 GMT -8
FIRST >>>>Junkware Removal ToolPlease download JRT from here to your desktop. Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.Double click the JRT.exe file to run the application. The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed). When it is asked, press any key to allow the program to continue / run. This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post. Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.SECOND >>>>AdwCleaner by XplodeDownload AdwCleaner from here or from here. Save the file to the desktop. NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete. Close all open windows and browsers.[/b][/color] Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner. You will see the following console: Click the Scan button and wait for the scan to finish. After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.Click the Clean button. Everything checked will be deleted. When the program has finished cleaning a report appears. Once done it will ask to reboot, allow this On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C#].txt[/ul] Optional: NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
|
|