searche-engine.ru / go.mail.ru adware / cannot remove

This forum is for removing Malware, Spyware, Adware. Post your HijackThis, DDS, RSIT, Combofix logs here.

Moderator: Moderators

searche-engine.ru / go.mail.ru adware / cannot remove

Postby DanielH » Wed Dec 07, 2016 2:25 pm

Hello
I am having serious issues with this russian adware. So I deleted everything connected to this ( that I could think of ) from registry, control panel.
Problem at the begining was that I would occasionally get some pop-ups even through my adblock but from today it progressed to not allowing me to use Google searches at all.
So I did everything from here
but it did not help
I'm uploading the hijackthis log file hoping you could help.

Best regards, Daniel
Attachments
hijackthis.log
(13.51 KiB) Downloaded 104 times
DanielH
 
Posts: 5
Joined: Wed Dec 07, 2016 2:12 pm

Re: searche-engine.ru / go.mail.ru adware / cannot remove

Postby patrik » Fri Dec 09, 2016 11:21 am

Hello, welcome to the Myantispyware forum.

Please download FRST from here. Close any open browsers. Double click on frst.exe. Once the tool is started, you will see a main window. Click Scan button.
When the scan is finished, it will produce two logs that called FRST.txt and Addition.txt.
Please post both here (or attach them).
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm

Re: searche-engine.ru / go.mail.ru adware / cannot remove

Postby DanielH » Fri Dec 09, 2016 11:44 am

here they are
Attachments
Addition.txt
(45.87 KiB) Downloaded 629 times
FRST.txt
(60.89 KiB) Downloaded 85 times
DanielH
 
Posts: 5
Joined: Wed Dec 07, 2016 2:12 pm

Re: searche-engine.ru / go.mail.ru adware / cannot remove

Postby patrik » Sat Dec 10, 2016 7:39 am

Open notepad, copy/paste the text in the code box below into notepad:
Code: Select all
CreateRestorePoint:
CHR StartupUrls: Default -> "hxxp://www.google.bg/","hxxps://www.google.bg/","hxxp://www.mystartsearch.com/?type=hp&ts=1429356787&from=wpc&uid=WDCXWD5000BPKX-22HPJT0_WD-WX21A94KY1Y2KY1Y2","hxxp://mail.ru/cnt/10445?gp=818404"
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
Task: {1CF6EBE2-ABEF-407B-A175-17C11C5335CF} - \WPD\SqmUpload_S-1-5-21-2094653084-2665364288-2603187371-1001 -> No File <==== ATTENTION
Task: {74FE616D-351A-4D60-BCDB-450DA0DA4737} - \KMSAuto -> No File <==== ATTENTION
Task: {E1FB732A-3984-4562-881B-0A3D108A5CEA} - System32\Tasks\syslog => C:\Users\ENVY\AppData\Local\syslog\syslog.exe <==== ATTENTION
Task: {FBFB8D07-FD2B-4465-9E59-1E0319B7888E} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Folder: C:\Users\ENVY\AppData\Local\syslog
File: C:\Users\ENVY\AppData\Local\syslog\syslog.exe
C:\Users\ENVY\AppData\Local\syslog\syslog.exe
EmptyTemp:
Reboot:

Name the Notepad file as Fixlist and Save it to a folder where FRST.exe is located.
Run FRST and press the Fix.
When finished, it will produce a report for you. Please, post that log.

Also make a fresh FRST log (perform a fresh scan) and post here.
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm

Re: searche-engine.ru / go.mail.ru adware / cannot remove

Postby DanielH » Sat Dec 10, 2016 3:08 pm

I did scan after the restart but did not delete the old logs, so I made 1 more scan with new logs [ 2 ]
Attachments
FRST64.zip
(52.47 KiB) Downloaded 90 times
DanielH
 
Posts: 5
Joined: Wed Dec 07, 2016 2:12 pm

Re: searche-engine.ru / go.mail.ru adware / cannot remove

Postby patrik » Tue Dec 13, 2016 12:48 am

Good Job. How is everything running now?
Are you still seeing pop-ups or searche-engine.ru / go.mail.ru redirect?
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm

Re: searche-engine.ru / go.mail.ru adware / cannot remove

Postby DanielH » Tue Dec 13, 2016 9:40 am

yes i am :(
DanielH
 
Posts: 5
Joined: Wed Dec 07, 2016 2:12 pm

Re: searche-engine.ru / go.mail.ru adware / cannot remove

Postby patrik » Thu Dec 15, 2016 5:22 am

What browsers are affected with searche-engine.ru and go.mail.ru redirect ?
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm

Re: searche-engine.ru / go.mail.ru adware / cannot remove

Postby DanielH » Thu Dec 15, 2016 11:15 am

chrome and now it seems there is a new pop-up too its getting worse
DanielH
 
Posts: 5
Joined: Wed Dec 07, 2016 2:12 pm

Re: searche-engine.ru / go.mail.ru adware / cannot remove

Postby patrik » Thu Dec 22, 2016 2:04 am

Sorry for delay.

Run Chrome, Open tools menu, select Settings option.
On the left panel click "Extensions".
It will display all installed extensions.
Please disable all of them.
Once is finished, close settings and try to search for anything (check the searche-engine.ru redirect).
patrik
Site Admin
 
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm


Return to Spyware Removal

Who is online

Users browsing this forum: No registered users and 0 guests

cron