Help with this Hijack / reg infection

Hi everybody,

I'am in trouble with an infection from a infected installation (all files, archives, download... from this has been removed).

After cleaning all suspicious programs on my compture (with CCleaner), I have clean up all caches files and repair the registre with it.

In third I do scan and clean up with the lasted version of Malwarebytes ; ADWcleaner ; Rkill and UnHackMe. Juste Male...

supprimer Anvi Slim Toolbar, DNS Unlocker & Anime Wallpaper - problême pour créer self-extractor archive sfx de 20 Go

Bonjour,

je me présente, je m'appelles broul,

je devais m'inscrire chez coolman ce matin mais malgré le bon pseudo/mail/mot de passe ça me dit mot de passe/pseudo érroné (je pense à un virus réseau) donc je suis venu m'inscrire sur toolslib

j'ai un pc sous w10 acheté en 2005, mis à jour vers w8 en 2011 et w10 en 2016,

 

j'été infecté par reimage en 2014,

 

après une prise en charge sur f...

Re: ADWCleaners is downloaded with corruption constantly

Thanks. I'll try to reproduce this during the weekend and will let you know how it goes.

Quick question. Does it works when you're using "Download Master" with >=2 threads on Firefox (not Waterfox)?

And finally, just to make sure everything else is OK. Can you do a scan/clean with AdwCleaner?

Regards.


cocochepeau, 2018-03-01 19:49:04 (UTC)

You are welcome.

1. Download Master fails with ...

Re: Désinfection de tapsnake, cronDNS, Dubfishiw

Il faut me donner les liens menant aux rapports FRST.txt et Addition.txt sinon je ne peux pas les consulter.

On ne va pas se servir d'OTL, ZHPDiag et HijackThis.

Re: Désinfection de tapsnake, cronDNS, Dubfishiw

Bonsoir Destrio5

J'ai hébergé les rapports de FRST.txt et addition.txt sur pjjoint.malekal.com . Le site de pjjoint parle de 3 outils d'analyse (otl , zhpdiag et Hijack this, est-cequ'il faut s'en servir ?

Re: area51buy.com hijack

Hello,

Sorry for the late answer.

Glad to know it's now fixed. May be it was only related to gearbest.com, something like a defacement [1]? I can't find anything online about it tho.

Feel free to come back if you see anything weird again.

Regards.

[1] https://en.wikipedia.org/wiki/Website_defacement

Re: area51buy.com hijack

Thanks! What files from firefox profile should I upload? Logs:

MalwareBytes: https://pastebin.com/8Cr1dNMP

AdwCleaner: https://pastebin.com/NatkW1J6

Addons: https://pastebin.com/4ZgCDJsT

 

EDIT: I just checked gearbest.com and now the page loads. I don't know what happened, but it's fixed.

Re: area51buy.com hijack

Hello,

I can send files from my firefox profile if that helps (I did a full text search on all files in my profile for text string "area51buy.com" but nothing relevant was found)

Simplex, 2017-11-09 12:10:12 (UTC)

Yes, please do. I'm sure we'll find a solution.

Also,

Can you give me the list of your installed addons - in Firefox?

Also, please share the AdwCleaner/Malwarebytes logfiles.

...

Re: area51buy.com hijack

Thanks for replying. I tested it with all addons disabled and the problem is still there. Both AdwCleaner and MalwareBytes tell me that "no threates were found".

I created a new clean Firefox profile and that problem disappeared, but I would like to be able to remove it from my current profile (to preserve history, open tabs, etc.)

I can send files from my firefox profile if that helps (I did...

Re: area51buy.com hijack

Greetings,

Can you give me the list of your installed addons - in Firefox?

Also, please share the AdwCleaner/Malwarebytes logfiles.

Thanks!