Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

trojan virus named shopperz

This is a discussion on trojan virus named shopperz within the Resolved HJT Threads forums, part of the Tech Support Forum category. I was trying to download a program and apparently it downloaded a virus instead and now its ruining my laptop.


 
 
Thread Tools Search this Thread
Old 08-06-2015, 01:26 PM   #1
Registered Member
 
Join Date: Aug 2015
Posts: 8
OS: windows 7



I was trying to download a program and apparently it downloaded a virus instead and now its ruining my laptop. when I ran the AVG it said it detected 3 malware called shopperz but it can't remove it.
when I start my computer it will say personalized something and it's as if it changed my settings.
Attached Files
File Type: txt attach.txt (18.7 KB, 35 views)
File Type: txt dds.txt (36.3 KB, 186 views)
amalg is offline  
Sponsored Links
Advertisement
 
Old 08-07-2015, 09:28 AM   #2
Registered Member
 
Join Date: Aug 2015
Posts: 8
OS: windows 7



no reply bump
amalg is offline  
Old 08-08-2015, 04:27 PM   #3
Registered Member
 
Join Date: Aug 2015
Posts: 8
OS: windows 7



Why isn't anyone helping me �� 0 reply bump
amalg is offline  
Sponsored Links
Advertisement
 
Old 08-10-2015, 12:13 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello amalg,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

STEP 1

Please download AdwCleaner on to your desktop.
Close all open programs and internet browsers.
Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
Click on Scan.
After the scan is complete click on "Cleaning"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

====================================================

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 08-11-2015, 11:38 AM   #5
Registered Member
 
Join Date: Aug 2015
Posts: 8
OS: windows 7



Hello Tolga,
thank you for helping me!
I've done what you asked and attached the files.
while i was waiting for a reply i downloaded malwarebytes and scanned and it removed some of the viruses but whenever i used the internet it would give me a pop up of a malicious virus and where it's located. anyways, I ended up deleteing iexplore.exe from program files(x86) and i don't know how to get it back. If you'd kindly help me with that too, please.
Attached Files
File Type: txt AdwCleaner[S0].txt (6.9 KB, 129 views)
File Type: txt FRST.txt (66.8 KB, 23 views)
File Type: txt Addition.txt (51.1 KB, 26 views)
amalg is offline  
Old 08-12-2015, 12:58 AM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Thanks for the logs. Can you attach the Malwarebytes log ?

Launch Malwarebytes
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

========================================================

Please do the below steps.

STEP 1

We need to uninstall some programs.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

Best Buy pc app >>>> read
Popcorn Time >>>>>> read

İf you see Please delete the following folder.

shopperz04082015 2.0.0.475

==============================================

STEP 2

Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST.exe to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Attached Files
File Type: txt fixlist.txt (6.9 KB, 214 views)
__________________
tekir06 is offline  
Old 08-12-2015, 05:19 PM   #7
Registered Member
 
Join Date: Aug 2015
Posts: 8
OS: windows 7



Hello Tolga,
For step 1, i did all the steps but when i got to the add/remove programs window and tried to look for what you asked to be uninstalled, i couldn't find any of what was mentioned.
But everything else worked.
Attached Files
File Type: txt Malwarebytes.txt (1.0 KB, 121 views)
File Type: txt Fixlog.txt (20.3 KB, 26 views)
amalg is offline  
Old 08-12-2015, 11:40 PM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Okay. Please do the following:

Your java is out of date.

Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed. Next, download the latest Java, version 8 Update 51 from the following link
Download Free Java Software

=========================================================

Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan Archives
  • Enable Anti-Stealth Technology
Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.
__________________
tekir06 is offline  
Old 08-13-2015, 02:04 PM   #9
Registered Member
 
Join Date: Aug 2015
Posts: 8
OS: windows 7



C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\5ValpBMcRS.vir JS/Toolbar.Crossrider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\owner\AppData\Roaming\cvBRfDMiSBME20vjp.vir JS/Toolbar.Crossrider.I potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\08B69DF0-1438834803-11E0-89FC-2214011115C6\rnsc1C03.exe a variant of Win32/Adware.ConvertAd.WS application
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnet.exe a variant of MSIL/Adware.Dowsserve.A application
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe a variant of Win32/Adware.Dowsserve.A application
C:\ProgramData\Soltop\2yifb0d0.dll a variant of Win32/Toolbar.Linkury.T potentially unwanted application
C:\Users\All Users\Soltop\2yifb0d0.dll a variant of Win32/Toolbar.Linkury.T potentially unwanted application
C:\Users\owner\AppData\Local\Installer\Install_11957\DCytdieamodc_amodc_setup.exe a variant of Win32/SpeedBit.E potentially unwanted application
amalg is offline  
Old 08-13-2015, 11:23 PM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Please do the following instructions. Then tell me, Does the AVG warning message about shopperz?

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.
Code:
start
CreateRestorePoint:
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnet.exe
C:\Program Files (x86)\Microsoft.NET\v2.0.507279\msnetcore.exe
C:\ProgramData\Soltop\2yifb0d0.dll
C:\Users\All Users\Soltop\2yifb0d0.dll
C:\Users\owner\AppData\Local\Installer\Install_11957\DCytdieamodc_amodc_setup.exe
EmptyTemp:
end
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 08-14-2015, 09:17 AM   #11
Registered Member
 
Join Date: Aug 2015
Posts: 8
OS: windows 7



Hello,
AVG says no threats found.
Attached Files
File Type: txt Fixlog.txt (1.2 KB, 18 views)
amalg is offline  
Old 08-14-2015, 01:42 PM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello amalg,
Quote:
AVG says no threats found.
I'm glad to hear that.

Your java is out of date.

Please go to Start > Control Panel > Programs and Features and remove the above Java program(s) installed. Next, download the latest Java, version 8 Update 51 from the following link
Download Free Java Software

========================================================

Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 7

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 08-14-2015, 06:10 PM   #13
Registered Member
 
Join Date: Aug 2015
Posts: 8
OS: windows 7



OMG THANK YOU THANK YOU THANKYOU SO MUCH!
amalg is offline  
Old 08-14-2015, 10:24 PM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello amalg,

You're welcome. Thank you for your patience and cooperation.
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Suspecting infection deep in the system
I've had a major problem with my laptop for quite a while now. When I launch certain programs I get the following error -> X.exe - Application Error The application failed to initialize properly (0xc000007b) Click OK to terminate the application. This error comes up if I try to start my...
Starenigma Resolved HJT Threads 17 05-01-2013 04:04 AM
Desktop.ini (Trojan) found
I was infected about 2 weeks ago with a virus that was redirecting me when I selected links in my google searches and giving me fake Security Center popups. At the time, I had only Adaware installed which reported finding something like a "win32agent." I then installed other AV programs...
remo26 Virus/Trojan/Spyware Help 24 12-11-2011 11:53 AM
PLEASE HELP Stubborn Malware
Hey, early this week these messages from a fake program called Security Guard 2012 started popping up, it wanted me to pay for it and it made fake blue screens and reboot screens..it also redirected sites sometimes, didn't let me use certain programs, wouldn't let McAfee Real-Time scanning stay on...
Mike_Jack's_Gal Inactive Malware Help Topics 16 10-28-2011 04:17 PM
Search engines (bing, yahoo...) & all google pages (mail, calendar...) refuse to load
Good morning! I think I am posting everything as requested - if there's anything else you need to help me or I am submitting incorrectly, please let me know. Thank you! ~Robyn My situation My computer started having problems a few days ago with redirects when clicking on search results. My...
robynrld Resolved HJT Threads 31 08-19-2011 01:00 PM
google redirect and script errors
Hi, When I use google any link I click is redirected to random websites. Also I am constantly getting pop up notifications from internet explorer that there is a script error. Thanks for any help DDS Log . DDS (Ver_11-03-05.01) - NTFSx86 Run by Susan at 13:09:47.78 on Thu...
healys818 Resolved HJT Threads 18 05-12-2011 06:42 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:30 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts