i already use adwcleaner to remove some malware, it couldnt remove albireo from firefox. thanks.. sorry for my bad english

Re: why couln't remove 'albireo"

Hello,

Can you share the logfile (in C:\Program Files (x86)\AdwCleaner) ?

Is it your antivirus which shows the "albireo" infection ?

Regards,

Re: why couln't remove 'albireo"

sorry for late reply actually i dont use any antivirus (my bad) but when i browse some website, albireo ads shows up, and its annoying. i thought its can be delete from adwcleaner but it couldnt

# AdwCleaner v5.102 - Logfile created 16/03/2016 at 12:57:17
# Updated 13/03/2016 by Xplode
# Database : 2016-03-14.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : user - TOSHIBA
# Running from : D:\adwcleaner_5.102.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : cherimoya
[-] Service Deleted : PanService
[-] Service Deleted : ihpmServer
[-] Service Deleted : gerocyni
[-] Service Deleted : zycihupizbt

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\shopperz140320161603
[-] Folder Deleted : C:\Program Files (x86)\PANDORA.TV
[-] Folder Deleted : C:\Program Files (x86)\RayDld
[-] Folder Deleted : C:\Program Files (x86)\CleanBrowser
[-] Folder Deleted : C:\Program Files (x86)\48820CA0-1458013908-81E3-2685-0C54A549E607
[-] Folder Deleted : C:\users\user\AppData\Local\48820CA0-1458039438-81E3-2685-0C54A549E607
[-] Folder Deleted : C:\users\user\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\users\user\AppData\Roaming\cpuminer
[-] Folder Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9s4krwzs.default\extensions\deskCutv2@gmail.com

***** [ Files ] *****

[-] File Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9s4krwzs.default\searchplugins\search-provided-by-yahoo.xml
[-] File Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9s4krwzs.default\searchplugins\Search Provided by Yahoo.xml
[-] File Deleted : C:\users\user\Desktop\Facebook.lnk [-] File Deleted : C:\Windows\SysNative\drivers\cherimoya.sys

***** [ DLLs ] *****

[N] File Not Disinfected : C:\Windows\Sysnative\dnsapi.dll
[N] File Not Disinfected : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : Bidaily Synchronize Task
[-] Task Deleted : Bidaily Synchronize Task
[-] Task Deleted : Bidaily Synchronize Task

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8DD92279-9B04-4C6F-A862-EF3C24603804}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{452F0062-8999-4F3E-8567-76E77CEE8B10}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} [-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\yahooprovidedsearch
[-] Key Deleted : HKLM\SOFTWARE\ihpmserver
[-] Key Deleted : HKLM\SOFTWARE\mysites123Software [-] Key Deleted : HKLM\SOFTWARE\RayDld
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53B21E29-3967-C332-57EB-C02631658584}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7304C9D1-98AD-55F0-636E-22D8DD57F176}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B696F285-F54E-2524-58B1-E06A70ABE6BE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cpuminer
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{23BCAACE-8728-4E6C-A3C6-20E07332E103} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2974641B-9DD9-47B3-AEF0-EF8B66B1D6D8} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{71527017-BCED-4614-B157-005BF92F6F6D} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B3260045-E0EF-46D4-9970-C24FE3DBCD80} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{DC89665B-FD43-43F6-8908-59B1A77C3B2C} [NameServer]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [cpuminer]

***** [ Web browsers ] *****

[-] [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9s4krwzs.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.searchengine.uid", "[xpconnect wrapped nsIUUIDGenerator]"); [-] [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9s4krwzs.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false); [-] [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9s4krwzs.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

:: "Tracing" keys removed :: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [6102 bytes] - [16/03/2016 12:57:17] C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [6657 bytes] - [16/03/2016 12:55:01]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [6288 bytes] ##########

 

Re: why couln't remove 'albireo"

After search again.. Its from shopperz who infect dnsapi.dll ( infected on safemode too) 

 

 

Re: why couln't remove 'albireo"

Hello,

Please download and run the latest AdwCleaner's version ( v5.104 ). It should disinfect infected DNSApi.dll files. There was a bug in v5.103 which caused AdwCleaner to detect but not disinfect these files.

Regards.

Re: why couln't remove 'albireo"

wow,,, thank you ,,

glad to download it..

 

Re: why couln't remove 'albireo"

# AdwCleaner v5.105 - Logfile created 23/03/2016 at 00:36:50
# Updated 21/03/2016 by Xplode
# Database : 2016-03-21.3 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : user - TOSHIBA
# Running from : C:\Users\user\Downloads\adwcleaner_5.105.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mysites123.xml

***** [ DLL ] *****

File Infected : C:\Windows\Sysnative\dnsapi.dll
File Infected : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [433 bytes] - [21/03/2016 17:18:50] C:\AdwCleaner\AdwCleaner[R0].txt - [7646 bytes] - [01/05/2015 16:32:42] C:\AdwCleaner\AdwCleaner[R1].txt - [1417 bytes] - [16/03/2016 12:48:16] C:\AdwCleaner\AdwCleaner[R2].txt - [1411 bytes] - [16/03/2016 12:50:05] C:\AdwCleaner\AdwCleaner[S0].txt - [6381 bytes] - [01/05/2015 16:34:12] C:\AdwCleaner\AdwCleaner[S1].txt - [1134 bytes] - [21/03/2016 17:12:12] C:\AdwCleaner\AdwCleaner[S2].txt - [1280 bytes] - [21/03/2016 17:22:25] C:\AdwCleaner\AdwCleaner[S3].txt - [1334 bytes] - [21/03/2016 17:32:28] C:\AdwCleaner\AdwCleaner[S4].txt - [1367 bytes] - [23/03/2016 00:36:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1440 bytes] ##########

 

 

# AdwCleaner v5.105 - Logfile created 23/03/2016 at 00:39:33
# Updated 21/03/2016 by Xplode
# Database : 2016-03-21.3 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : user - TOSHIBA
# Running from : C:\Users\user\Downloads\adwcleaner_5.105.exe
# Option : Clean # Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mysites123.xml

***** [ DLLs ] *****

[-] File Disinfected : C:\Windows\Sysnative\dnsapi.dll
[-] File Disinfected : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed :: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [433 bytes] - [21/03/2016 17:18:50] C:\AdwCleaner\AdwCleaner[C2].txt - [965 bytes] - [23/03/2016 00:39:33] C:\AdwCleaner\AdwCleaner[R0].txt - [7646 bytes] - [01/05/2015 16:32:42] C:\AdwCleaner\AdwCleaner[R1].txt - [1417 bytes] - [16/03/2016 12:48:16] C:\AdwCleaner\AdwCleaner[R2].txt - [1411 bytes] - [16/03/2016 12:50:05] C:\AdwCleaner\AdwCleaner[S0].txt - [6381 bytes] - [01/05/2015 16:34:12] C:\AdwCleaner\AdwCleaner[S1].txt - [1134 bytes] - [21/03/2016 17:12:12] C:\AdwCleaner\AdwCleaner[S2].txt - [1280 bytes] - [21/03/2016 17:22:25] C:\AdwCleaner\AdwCleaner[S3].txt - [1334 bytes] - [21/03/2016 17:32:28] C:\AdwCleaner\AdwCleaner[S4].txt - [1519 bytes] - [23/03/2016 00:36:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1621 bytes] ##########

 

didnt work,,, the ads still shown up

 

i wanna post the image file

Re: why couln't remove 'albireo"

You need to use an antivirus, to protect your PC from such infections, but sometimes you can just remove the unwanted program manually. Here's an article about both manual and automatic methods to remove Albireo, and it really works for all browsers and all versions of Windows. Anti-viral software is very useful to protect you from incoming threats and warn you about the suspicious files and programs. But when the virus is actualli on your PC, in 99% cases you can easily remove it by hand. Just follow the given instructions, and Aldireo will disappear in a few minutes.

Re: why couln't remove 'albireo"

You need to use an antivirus, to protect your PC from such infections, but sometimes you can just remove the unwanted program manually. Here's an article about both manual and automatic methods to remove Albireo, and it really works for all browsers and all versions of Windows. Anti-viral software is very useful to protect you from incoming threats and warn you about the suspicious files and programs. But when the virus is actualli on your PC, in 99% cases you can easily remove it by hand. Just follow the given instructions, and Aldireo will disappear in a few minutes.


simbelmayne, 2016-03-31 13:04:41 (UTC)

thank you ... :)