 TheJokerPremium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5 | reply to edale
Re: [Adware] Win 7 laptop infected w/ backup ads, browser redire There is an uninstaller in c:\users\ROLLIEA\AppData\Local\Torch
Double-click on c:\users\ROLLIEA\AppData\Local\Torch\uninstaller.exe to run it.
Then delete the folders:
c:\users\ROLLIEA\AppData\Local\Torch
c:\programdata\Datamngr
Go to start > Control Panel > Programs and Features, and if you see an entry for Torch or Yontoo, uninstall them.
In Firefox, go to Tools > Add-ons, Select Extensions, and if you see an entry for Torch or Yontoo, remove them.
In Internet Explorer, Click the Tools button, and then click Manage add-ons.
Under Add-on Types, click Toolbars and Extensions.
Remove any entry for Yontoo, or Topic Torch toolbar.
When you’re finished, click Close.
In Google Chrome, click on Customize and control Google Chrome icon. Go to Tools > Extensions.
Select Torch or Yontoo if found and click on the small recycle bin icon to remove the toolbar.
Are you still getting unwanted new tabs?
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010 |
|
edale
join:2012-01-21
Seattle, WA
2 edits | OK, I can try their uninstaller. Just that it seemed like sometimes their uninstallers install more PUPs. Still getting the sporadic new tab generation, follows this format: google.comadsfkjadfjjfjafojafdjadjfaodjfadfjaodfja;dfjaodfijad;lfmadlfkaldfmadfkml (I just invented the alphabet soup there, not a valid link, don't click it. Note no dot or bar after the .com). Cannot display the page, page is blank. No Torch or Yontoo in any of the three browser addons/extensions. There are some other unwanted extensions in FF for example that do not have a remove button. As seen in the above screen capture. |
|
TheJokerPremium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5 | I would go ahead and try that uninstaller, and then follow these instrutions to remove those two unwanted add-ons:
»support.mozilla.org/en-US/kb/tro···a-plugin
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010 |
|
edale
join:2012-01-21
Seattle, WA | Thanks. The Torch uninstaller apparently worked.
Extensions instead of plug-ins were what I was dealing with; I found some help here
»support.mozilla.org/en-US/kb/Can···r=0&as=s
but the unwanted extensions are not in that extensions folder. They must be "ghost" remnants. |
|
TheJokerPremium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5 | To remove unwanted extension entries, follow the instructions here:
»www.howtogeek.com/howto/1698/rem···asy-way/
Be careful though, only select entries that are obviously part of the extension you are trying to remove.
After doing that, you need to restart the browser. Are you still having new strange tabs opening?
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010 |
|
edale
join:2012-01-21
Seattle, WA | said by TheJoker:Are you still having new strange tabs opening?
Not for the last few hours! |
|
TheJokerPremium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5 | If that continues through tomorrow, I'll post some clean up instructions and recommendations.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010 |
|
edale
join:2012-01-21
Seattle, WA | Great, thanks! Has not redirected yet. The last thing I did before it started behaving itself was to remove and download/install fresh Chrome, does that make sense? |
|
edale
join:2012-01-21
Seattle, WA | reply to TheJoker
Still holding strong! |
|
TheJokerPremium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5
1 recommendation | quote:
Has not redirected yet. The last thing I did before it started behaving itself was to remove and download/install fresh Chrome, does that make sense?
Yes, and add-ons/extensions have to be installed in the browser. If you save your shortcuts, uninstall, delete the program folder, reinstall a freshly downloaded current version from the vendor and then reinstall any plugins or add-ons you had installed, such as Adblock Plus, then if the problem was a add-on to the browser it should be gone. If the malware was installed in a different folder from the browser and had a different loading point, such as a Registry entry, that wouldn't fix the problem.
Your version of Adobe Acrobat Reader is outdated and vulnerable. Go to Start > Control Panel > Add or Remove Programs and remove the following program:
Adobe Reader
Then go to to »www.adobe.com and download and install the current version, When you download it, be careful to UNcheck any optional toolbar installation unless you really want the toolbar.
OK, let's do some cleanup.
Go to start > run and copy and paste the next command in the field:
ComboFix /uninstall
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, implement some cleanup procedures, and reset System Restore points.
You can now delete or uninstall any of the following programs that you downloaded and ran, and any logs they created:
OTL
AdwCleaner
Security Check
Malwarebytes Anti-Rootkit
Sophos Virus Removal Tool (uninstall)
Kaspersky Rescue Disk 10 (and delete the folder C:\Kaspersky Rescue Disk 10.0 if found
I recommend reading Tony Klein's article So How did I get Infected in the First Place? at »Security Cleanup FAQ »How do I prevent Browser Hijacks and Spyware?
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010 |
|
edale
join:2012-01-21
Seattle, WA | I had deleted Acrobat reader and installed PDF Xchange in its place soon after this post:
»Re: [Adware] Win 7 laptop infected w/ backup ads, browser redire
Acro Read doesn't appear to be currently installed on this system.
Uninstalled/deleted the other items. ComboFix wanted to scan again?
Thank You! For your help and patience. I will read the articles and put into practice the recommendations they contain.
Thanks again! |
|
TheJokerPremium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5
1 recommendation | quote:
ComboFix wanted to scan again?
No, with the uninstall command it doesn't scan, it implements some cleanup procedures and then uninstalls itself. 
quote:
Thanks again!
You're very welcome.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010 |
|
