Jump to content

Need to remove DiscouNNtExtensi 7.2


Recommended Posts

Need to remove  DiscouNNtExtensi 7.2 from my system and after reading through the procedure on your site I noticed that it was specific to the individual. At the end of the one I read it said to start a new topic for help with removal. Even though I thought I followed proper practices I obviously let something slip by and now I need your help to remove this from my machine.

 

Thanks,

Vic

Link to post
Share on other sites

Hello Vic,

please run a FRST scan:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Ok, let's start to remove these pests:


Step 1

Please uninstall some programs:

  • Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    Browser Stabilizer
    Brrowse2save
    DDiscouunnttEuXtensi
    IsaVer
    NewSaver
    TUUbeAdblocker

  • Reboot your computer.

 

 

 

Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

 

Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.
Link to post
Share on other sites

Here is the text from the AdwCleaner scan:

 

# AdwCleaner v3.022 - Report created 18/03/2014 at 09:58:51
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : VicForsman - VICFORSMAN-PC
# Running from : C:\Users\VicForsman.HARVEST\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NewSaVer
Folder Deleted : C:\ProgramData\Brrowse2save
Folder Deleted : C:\ProgramData\TUUbeAdblocker
Folder Deleted : C:\Program Files (x86)\BrowseToSave
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\NewSaVer
Folder Deleted : C:\Program Files (x86)\TUUbeAdblocker
Folder Deleted : C:\Users\VicForsman.HARVEST\AppData\Local\Conduit
Folder Deleted : C:\Users\VicForsman.HARVEST\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\VicForsman.HARVEST\AppData\LocalLow\Conduit
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\VicForsman.HARVEST\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2881 octets] - [18/03/2014 09:55:42]
AdwCleaner[s0].txt - [2827 octets] - [18/03/2014 09:58:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2887 octets] ##########
 
 
And the FRST.txt is attached.

FRST.txt

Link to post
Share on other sites

Great, we're making progress!
How is your computer running after the following steps? Are there still any problem or symptoms present?


Step 1

Please download this attached fixlist.txt and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please download Malwarebytes Anti-Malware and save it to your Desktop.

  • Execute the downloaded setup to install MBAM on your computer.
  • Start MBAM with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Full Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.
Link to post
Share on other sites

Here is the text of the Malwarebytes Anti-Malware:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.18.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
VicForsman :: VICFORSMAN-PC [administrator]
 
Protection: Enabled
 
3/18/2014 10:47:27 AM
mbam-log-2014-03-18 (10-47-27).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 921778
Time elapsed: 2 hour(s), 11 minute(s), 33 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\ct3279141 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
Files Detected: 24
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\ProgramData\Brrowse2save\512df50da954d.dll.vir (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\C\Users\VicForsman.HARVEST\AppData\Local\Temp\nse97D1.exe.xBAD (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\C\Users\VicForsman.HARVEST\AppData\Local\Temp\nse98BC.exe.xBAD (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\C\Users\VicForsman.HARVEST\AppData\Local\Temp\nsj7007.exe.xBAD (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\C\Users\VicForsman.HARVEST\AppData\Local\Temp\nsz2CEE.exe.xBAD (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\C\Users\VicForsman.HARVEST\AppData\Local\Temp\nsz5630.exe.xBAD (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\C\Users\VicForsman.HARVEST\AppData\Local\Temp\SPStub.exe.xBAD (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\C\Users\VicForsman.HARVEST\AppData\Local\Temp\UpdUninstall.exe.xBAD (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\ct3279141\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\ct3279141\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\ct3279141\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\ct3279141\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\ct3279141\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\{4EF295F0-05D2-49F0-AB1B-4DF09511B706}\Addons\assistant_v3.exe (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\{4EF295F0-05D2-49F0-AB1B-4DF09511B706}\Addons\browser_addon_setup.exe (PUP.Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\{4EF295F0-05D2-49F0-AB1B-4DF09511B706}\Addons\whitesmoke_extract.exe (PUP.Optional.SilentInstall.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\{4EF295F0-05D2-49F0-AB1B-4DF09511B706}\Addons\wsconduit__166.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\ct3279141\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\ct3279141\CT3279141.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\ct3279141\dtime.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\ct3279141\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\ct3279141\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\VicForsman.HARVEST\AppData\Local\Temp\ct3279141\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)
 
Things are behaving much much better. I don't know if we are through but what a difference!
Link to post
Share on other sites

This looks good now!
All those found threats are just inactive remnants (in temporary files) or files that are already quarantined. So we're done!


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.