Supra Savings infection #?

Hello mmj; welcome to the forum.

Do Not use advanced tools or any tools used on this board without supervision.

Malware removal can be difficult over a forum as it is, without a user doing their own actions, the tools used are more advanced and thus have added danger that comes with that. This board is protected so that only Malware removers, Admin and Mods can reply to a users thread but all members can create a thread asking for removal of Infection(s)

Make changes to your computer only when the Malware Expert specifically states it. The Malware Experts request specific steps to be followed, as some malware removal requires multiple steps and evaluations along the way. When you take other advice or make other changes, this often negates the work done by the expert, and can sometimes result in an inoperable system.

This also includes any tools or steps other than those the from the Malware Expert. We need to be certain about the state of your system to see what actually is going on, and what is required to fix the system while not harming the rest of the system. Most often, well-intentioned independent efforts can make things much worse. The malware remediation tools are more advanced than other tools, and can often create bigger problems when used without expert guidance.


Follow all the directions in order, and to the end. Please perform all steps in the order they are listed in each set of instructions. As you might imagine, some steps are a bit complicated. If things are not clear, be sure to stop and let the Malware Expert know the problem. We don't mind clarifying a situation, as others might have the same question. If a tool does not run as expected, don't force it. Stop the steps, and update the forum topic with the current situation. It is better stop and let us know, than to force a tool to run and cause bigger problems.  Bottom line is, if you are not sure about something, STOP and ASK until you are sure.

Also, when your computer is clean and we are finished, the Expert will tell you we are finished. Malware removal is a process that requires verification, and we want to be sure your system is completely clean before we're done.

When describing your problem, provide as much information as possible, as soon as possible. Explain as best you can what happens with your computer, e.g. it beeps three times, black screen with cursor then goes no further, system gets stuck at the Windows startup logo, etc. This helps the expert to understand what is happening to the system and what may be wrong. If your computer cannot start up successfully please provide details about your installed Windows Operating System, including the Version, Edition and if it is a 32bit or a 64bit system. (e.g. Windows Vista Home Premium 32-bit)

When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.

Take longer to read if your language is not English, so that hopefully it is understood.

>>>>>> Reply stating you have read the post fully. <<<<<<<

Also, please tell us what your Operating system is (Win7 Ultimate, Vista Home Premium, Win XP Pro, etc.) and is it 32 bit or 64 bit. WE need this information to direct you to the proper tools to use.

I understand you have Windows7 but is it 32bit or 64bit?

Read Slowly and all of it.

Please download www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 64 bit version.


Place FRST64.exe onto your desktop from where ever it downloaded to. IF IT IS NOT ON THE DESKTOP (YOU DID NOT DOWNLOAD DIRECTLY TO DESKTOP), THEN RIGHT CLICK ON THE DOWNLOADED FILE AND SELECT CUT. FIND A BLANK SPOT ON YOUR DESKTOP AND RIGHT CLICK ON IT, SELECT PASTE AND THE FILE WILL BE ON THE DESKTOP. Thank You (this is very important later on)!


Start FRST64 that is on your Desktop

The tool will start to run.
When the tool opens click Yes to disclaimer. (if it does)
Press Scan button.


It will make two logs (FRST.txt and Addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. (Ask if you don't know how to do either of these).

First, Please run the FRST Fixlist script.

Please download the following attached Fixlist.txt file to the same location you have FRST64.exe at (on your desktop).

You can download the file by right clicking on it and selecting "Save Link as..".

Once this file is located in the same place as FRST64.exe, double click on FRST64.exe, let it load fully (it may auto update itself; let this process complete before dunning the fix) and then click on the Fix button once.

Once the FRST64 fix is complete, it may ask to restart the system; let it do so and it will complete the Fix run then.

A log file named Fixlog.txt will be produced on your desktop; please attach that in a post here.

NOTICE: THIS FIX IS FOR THIS USER AND THEIR CURRENT SYSTEM ONLY!!  ANY OTHER USAGE COULD RESULT IN DAMAGE TO THE SYSTEM, LOST DATA OR NON-BOOTING.  IF ANYONE ELSE NEEDS THEIR SYSTEM FIXED, PLEASE START A SEPARATE NEW THREAD.


Next, please follow the steps below to reset the Chrome home page.


Home Page - The Home Page is the page that the browser will open whenever you tell it start up. When you first open the browser, it loads your Home Page that is set in the browser's properties. To change the Home Page for Google Chrome, follow these directions:

1) Open Chrome and click on the menu button in the upper right corner of the browser. The Menu Button looks like three bars (see below).



2) On the Menu that opens down, click on Settings to open the Settings page in Chrome.


3) Look for the Appearance section in the Settings page and make sure the Show Home button box is checked. Then click on the blue Change next to New Tab Page.


4) A box will pop up and allow you to either set a New Tab Page as your home page or type a URL address for a Home Page ( for example, you could enter www.google.com there to set Google as your home page). Click OK when you have made the setting you want and the box will close. Close the Settings page when you are done making the changes to the Home Page.

Yes, that is the proper log and it looks like FRST64 did its job. So for the next steps, can you answer some questions for me and then run a few scans?

First, have you rebooted the system since running the FixList? If not, please do so.

Second, did you reset your Home Page on Chrome? The FRST scan log showed that the home page for Chrome has been hijacked to trovi(dot)com. The best way to reset the home page in Chrome is manually otherwise the profile is broken.

Thirdly, has the popups / ads / redirects stopped?

Fourth, please run scans with AdwCleaner and JRT; the directions for these scanners are below.

AdwCleaner:

Read carefully

Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop

The Blue

Download Now 
@bleepingcomputer      button

and run a scan. You may have to right click adwcleaner.exe and choose "Run as Administrator" from the menu. (Click the Scan button to start the scanning). It will create a log after it is finished. If not, there is a Report button in the middle of the main window; click that and it will make the log file.

ONE SCAN ONLY, PLEASE

Attach or paste the log back here for review and further instructions. Thanks.


JRT:

Download this and run it on the desktop. www.bleepingcomputer.com/download/junkware-removal-tool/


Download Now
@ Autors site    Button

Double click on the downloaded file on your desktop; it will open up a command window and run from there. When asked, press any key to let it run.

This will create a log on the desktop; please attach or copy & paste in your next post (JRT.txt).


Things for your next post:

• Did you reboot?
• Did you change the home page?
• System is running OK?
• AdwCleaner scan log
• JRT scan log
• Any questions you have.

Thanks.