Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: (PUP.Datamngr) how can i get rid of this


02 Feb 2013   #11

windows 7 home premium 64 bit
 
 

ok here it is..also,i ran the killer one again and the visualbee is gone but these show up again after deleting them...




Attached Thumbnails
(PUP.Datamngr)   how can i get rid of this-capture.png  
Attached Files
File Type: txt OTL.Txt (62.9 KB, 10 views)
My System SpecsSystem Spec
.

02 Feb 2013   #12

Windows 7 Home Premium
 
 

iceman087,

Datamngr is showing in OTL.

Would appreciate your patience.

Need to go out for a while, and cannot prepare a script to remove the Datamngr entries until I get back.

After you run the script in OTL, then, we will use whatever else is needed to make sure it is not there any longer.

Once again, thanks for your patience, and I will be back in about 3 to 4 hours.


Please post the RKreport from RogueKiller also. Everything showing it helps. Operating in the blind, as you have found out, does not always produce the desired results.
My System SpecsSystem Spec
02 Feb 2013   #13

windows 7 home premium 64 bit
 
 

ok,np.i have to step out also.wont be able to get back on till tommorrow.thanksalot for your help.hope to hear from you tommorrow.
My System SpecsSystem Spec
.


02 Feb 2013   #14
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

VisualBee\Bee.exe: A variant of the IRCBot family of worms and IRC backdoor Trojans
Microsoft Update Machine - bee.exe - Program Information
My System SpecsSystem Spec
02 Feb 2013   #15

windows 7 home premium 64 bit
 
 

but the c/autoruns doesnt exsist nevermind,i hadto create it
My System SpecsSystem Spec
02 Feb 2013   #16
Microsoft MVP

 

While you're in the hands of the very best attempting to clean up the infection, keep in mind that many of these serious infections never completely clean up so you might want to be backing up your data to quarantine for thorough scanning, gathering your program installers, and studying these same steps to get a perfect Clean Reinstall - Factory OEM Windows 7.

Just sayin I have never had a situation where I ran perfect Windows 7 after such an infection.
My System SpecsSystem Spec
02 Feb 2013   #17

Windows 7 Home Premium
 
 

Please go to Control Panel > Program and Features, and uninstall whatever entry you find with the following:
Datamngr
VisualBee
Conduit
Tarma
iLivid

Next, please run OTL once again.

Copy and paste the text inside of the code box below into the Custom Scans/Fixes box located at the bottom of OTL:

Code:
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=295&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0795562833234272&q={searchTerms}
IE - HKLM\..\URLSearchHook: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=295&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0795562833234272&q={searchTerms}
IE - HKU\S-1-5-21-1709582024-3653389009-2489712307-1001\..\URLSearchHook: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - No CLSID value found
IE - HKU\S-1-5-21-1709582024-3653389009-2489712307-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
O2:64bit: - BHO: (no name) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1709582024-3653389009-2489712307-1001\..\Toolbar\WebBrowser: (no name) - {7AEAE561-714B-45F6-ACE3-4A8AED6E227B} - No CLSID value found.
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - File not found

 
:Folders
C:\Users\chuck\AppData\Local\VisualBeeExe
C:\Users\chuck\AppData\Local\Conduit
C:\ProgramData\Tarma Installer
C:\ProgramData\VisualBee

 
:Commands
[emptytemp]
[Reboot]
[CREATERESTOREPOINT]

Quote:
>>> Note:
Having some problems using the code box in this forum, so, please type in the following right above the first entry: :OTL

It should look like this, make sure there is a colon before OTL

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com

Here is an Image of how it should look in Custom Scans/Fixes (at the bottom):


Apparently, :OTL has the colon right before it, and that is throwing things off.
After all the information (including :OTL), is pasted in the Custom Scans/Fixes box, click: Run Fix (at the top)
Allow the program to run without interruption.

The computer restarts itself, and a log is created after the machine reboots.

Please post the contents of the new OTL log in your next reply.

~~~~
Now, please download AdwCleaner:
http://general-changelog-team.fr/fr/...e/2-adwcleaner

Save to the desktop.
  • Close all open programs.
  • Double-click on AdwCleaner.exe to run it.
  • Click on Delete and confirm the prompt.
  • After it finishes, the computer is restarted.
A text file report opens after the restart.


Please post the content of the AdwCleaner report to your reply.
(A copy of the log is also saved at C:\AdwCleaner[S1].txt)

~~~~
Last, please run RogueKiller once again, do a Scan, and provide its RKreport.txt.

Please do not remove anything from RogueKiller, so I can see where we are at.


 
My System SpecsSystem Spec
03 Feb 2013   #18

windows 7 home premium 64 bit
 
 

adw reports


Attached Files
File Type: txt AdwCleaner[R1].txt (6.1 KB, 4 views)
File Type: txt AdwCleaner[S1].txt (6.1 KB, 2 views)
My System SpecsSystem Spec
03 Feb 2013   #19

windows 7 home premium 64 bit
 
 

here is the log
# AdwCleaner v2.109 - Logfile created 02/03/2013 at 12:17:19
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : chuck - CHUCK-PC
# Boot Mode : Normal
# Running from : C:\Users\chuck\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\chuck\AppData\Local\APN
Folder Deleted : C:\Users\chuck\AppData\Local\Conduit
Folder Deleted : C:\Users\chuck\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\chuck\AppData\LocalLow\ilividtoolbarguid
Folder Deleted : C:\Users\chuck\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\chuck\AppData\LocalLow\VisualBee_V.1
Folder Deleted : C:\Users\chuck\AppData\Roaming\OpenCandy

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.1
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ilividtoolbarguid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0DD0FE23-7024-4FB8-AD4B-6C65D085618F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0DD0FE23-7024-4FB8-AD4B-6C65D085618F}
Key Deleted : HKLM\Software\VisualBee_V.1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35E7A657-A9BB-472E-A68B-AE7DEAEDAE3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58F6C026-3A8C-4EEF-AE3E-3624180DBB5D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6199 octets] - [03/02/2013 12:16:48]
AdwCleaner[S1].txt - [6133 octets] - [03/02/2013 12:17:19]

########## EOF - C:\AdwCleaner[S1].txt - [6193 octets] ##########
My System SpecsSystem Spec
03 Feb 2013   #20

windows 7 home premium 64 bit
 
 

heres the rogue report


Attached Files
File Type: txt RKreport[1]_S_02032013_02d1221.txt (1.4 KB, 3 views)
My System SpecsSystem Spec
Reply

 (PUP.Datamngr) how can i get rid of this




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:04 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33