PDA

View Full Version : monstermarketplace.com virus



micky
28-09-2013, 09:10 PM
I have monstermarketplace.com virus can tried lots of programmes but I still have it can some one advise to alter registery.

Driftwood
28-09-2013, 10:04 PM
You could try this

http://malwaretips.com/blogs/monstermarketplace-virus/

Some more on google about it too.

Billy T
28-09-2013, 10:08 PM
Snap! DW got in just before me!

Cheers

Billy 8-{)

micky
29-09-2013, 07:52 AM
I have tried all the programs listed still can't get rid of need to do it manually, but need better instructions.

pctek
29-09-2013, 08:11 AM
The guide shows webcake and delta.

I just cleaned a PC yesterday with those (and others) on it...
It wasn't hard, first I uninstalled from Control Panel - Programs and Features as you normally do.

Then I ran the usual antispywares - Spybot, Malware Bytes.

Cleaned up easily.....

Checked with Hijackthis too...nothing....

blanco
29-09-2013, 08:54 AM
Try running RKill first before running Malwarebytes or other removal tool.
http://www.bleepingcomputer.com/download/search/?keyword=rkill
Description:

From Bleeping Computer:

RKill is a program developed at BleepingComputer.com that was originally designed
for the use in our malware removal guides. It was created so that we could have an
easy to use tool that kills known processes that stop the use of our normal anti-malware
applications. Simple as that. Nothing fancy. Just kill known malware processes so that
anti-malware programs can do their job.
So in summary, RKill just kills processes, imports a Registry file that removes incorrect
file associations and fixes policies that stop us from using certain tools. Then it kills
Explorer.exe so it will restart and enable some of the Registry changes. When done,
RKill will then create a log listing all processes that were terminated while the program
was running. Please note that this will include processes that were terminated manually
by the user as well as RKill. Other than what is listed above, it does nothing else.

Pancake
29-09-2013, 10:59 AM
I have monstermarketplace.com virus can tried lots of programmes but I still have it can some one advise to alter registery.


Please download AdwCleaner ('http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner') by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Clean.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

micky
29-09-2013, 06:26 PM
Please download AdwCleaner ('http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner') by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Clean.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[R1].txt as well.


# AdwCleaner v3.005 - Report created 28/09/2013 at 06:18:20
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mike - MIKE-PC
# Running from : C:\Users\Mike\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Mike\AppData\Local\Conduit
Folder Deleted : C:\Users\Mike\AppData\Local\cre
Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mike\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Mike\AppData\Roaming\DefaultTab
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedg pfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchSco pes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Prof iles\sxue391y.default-1380276774176\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "1416098564d1624fee665f92f6f6bfcc");

-\\ Google Chrome v

[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2102 octets] - [28/09/2013 06:17:05]
AdwCleaner[S0].txt - [2017 octets] - [28/09/2013 06:18:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2077 octets] ##########
# AdwCleaner v3.005 - Report created 29/09/2013 at 18:16:57
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mike - MIKE-PC
# Running from : C:\Users\Mike\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Users\Mike\AppData\Local\Temp\Conduit
Folder Deleted : C:\Users\Mike\AppData\Roaming\DefaultTab

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedg pfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282698
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_giolhomkcooifelkdfpejhidfida ahlc]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchSco pes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Prof iles\k9y96e5k.default\prefs.js ]

Line Deleted : user_pref("CT3282698.FF19Solved", "true");
Line Deleted : user_pref("CT3282698.UserID", "UN11476018471904310");
Line Deleted : user_pref("CT3282698.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3282698.fullUserID", "UN11476018471904310.IN.20130926205944");
Line Deleted : user_pref("CT3282698.installDate", "26/09/2013 20:59:47");
Line Deleted : user_pref("CT3282698.installSessionId", "{403A8F6D-5A52-4945-B187-5C0FDEAF5EFE}");
Line Deleted : user_pref("CT3282698.installSp", "TRUE");
Line Deleted : user_pref("CT3282698.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3282698.keyword", "true");
Line Deleted : user_pref("CT3282698.originalHomepage", "about:home");
Line Deleted : user_pref("CT3282698.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3282698.originalSearchEngine", "");
Line Deleted : user_pref("CT3282698.originalSearchEngineName", "");
Line Deleted : user_pref("CT3282698.searchRevert", "false");
Line Deleted : user_pref("CT3282698.searchUserMode", "2");
Line Deleted : user_pref("CT3282698.smartbar.homepage", "true");
Line Deleted : user_pref("CT3282698.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3282698.xpeMode", "0");
Line Deleted : user_pref("CT3289075.FF19Solved", "true");
Line Deleted : user_pref("CT3289075.UserID", "UN26947165251513419");
Line Deleted : user_pref("CT3289075.fullUserID", "UN26947165251513419.IN.20130922104328");
Line Deleted : user_pref("CT3289075.installDate", "22/09/2013 10:43:32");
Line Deleted : user_pref("CT3289075.installSessionId", "-1");
Line Deleted : user_pref("CT3289075.installSp", "FALSE");
Line Deleted : user_pref("CT3289075.installUsage", "24/09/2013 00:08:27");
Line Deleted : user_pref("CT3289075.installUsageEarly", "24/09/2013 00:08:27");
Line Deleted : user_pref("CT3289075.installerVersion", "1.7.0.9");
Line Deleted : user_pref("CT3289075.searchRevert", "FALSE");
Line Deleted : user_pref("CT3289075.searchUserMode", "1");
Line Deleted : user_pref("CT3289075.versionFromInstaller", "10.20.0.13");
Line Deleted : user_pref("CT3289075.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "SweetTunes1 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetTunes1 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282698&CUI=UN11476018471904310&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "SweetTunes1 Customized Web Search");
Line Deleted : user_pref("extensions.crossrider.bic", "141541be5792a292c36dca66c3816a88");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282698&SearchSource=2&CUI=UN11476018471904310&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3282698");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3282698&CUI=UN11476018471904310&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282698&SearchSource=2&CUI=UN11476018471904310&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3282698");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3282698");
Line Deleted : user_pref("smartbar.machineId", "RXRAIB0BNZKDO5JEITG5JZ7OYF3TGHM4K/SBZEMBFQGOLGMMNK0WPWLHQVS4DATSGRQNVLB6IDSNRX8LOBLW QA");

-\\ Google Chrome v

[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7817 octets] - [28/09/2013 07:17:05]
AdwCleaner[S0].txt - [7768 octets] - [28/09/2013 07:18:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7828 octets] ##########

Pancake
29-09-2013, 06:36 PM
How is it know..??

micky
29-09-2013, 06:51 PM
How is it know..??

I have Firefox running OK but I still have all crap on Chrome

Cheers Mike

Pancake
29-09-2013, 07:20 PM
Ok.Your best bet is to Uninstall Chrome (https://support.google.com/chrome/answer/111899?hl=en),reboot and reinstate it.