(PUP.Datamngr) how can i get rid of this

Page 2 of 5 FirstFirst 1234 ... LastLast

  1. Posts : 62
    windows 7 home premium 64 bit
    Thread Starter
       #11

    ok here it is..also,i ran the killer one again and the visualbee is gone but these show up again after deleting them...
    Attached Thumbnails Attached Thumbnails (PUP.Datamngr)   how can i get rid of this-capture.png  
    (PUP.Datamngr)   how can i get rid of this Attached Files
      My Computer


  2. Posts : 2,470
    Windows 7 Home Premium
       #12

    iceman087,

    Datamngr is showing in OTL.

    Would appreciate your patience.

    Need to go out for a while, and cannot prepare a script to remove the Datamngr entries until I get back.

    After you run the script in OTL, then, we will use whatever else is needed to make sure it is not there any longer.

    Once again, thanks for your patience, and I will be back in about 3 to 4 hours.


    Please post the RKreport from RogueKiller also. Everything showing it helps. Operating in the blind, as you have found out, does not always produce the desired results.
      My Computer


  3. Posts : 62
    windows 7 home premium 64 bit
    Thread Starter
       #13

    ok,np.i have to step out also.wont be able to get back on till tommorrow.thanksalot for your help.hope to hear from you tommorrow.
      My Computer


  4. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #14

    VisualBee\Bee.exe: A variant of the IRCBot family of worms and IRC backdoor Trojans
    Microsoft Update Machine - bee.exe - Program Information
      My Computer


  5. Posts : 62
    windows 7 home premium 64 bit
    Thread Starter
       #15

    but the c/autoruns doesnt exsist nevermind,i hadto create it
      My Computer

  6.    #16

    While you're in the hands of the very best attempting to clean up the infection, keep in mind that many of these serious infections never completely clean up so you might want to be backing up your data to quarantine for thorough scanning, gathering your program installers, and studying these same steps to get a perfect Clean Reinstall - Factory OEM Windows 7.

    Just sayin I have never had a situation where I ran perfect Windows 7 after such an infection.
      My Computer


  7. Posts : 2,470
    Windows 7 Home Premium
       #17

    Please go to Control Panel > Program and Features, and uninstall whatever entry you find with the following:
    Datamngr
    VisualBee
    Conduit
    Tarma
    iLivid

    Next, please run OTL once again.

    Copy and paste the text inside of the code box below into the Custom Scans/Fixes box located at the bottom of OTL:

    Code:
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=295&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0795562833234272&q={searchTerms}
    IE - HKLM\..\URLSearchHook: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=295&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0795562833234272&q={searchTerms}
    IE - HKU\S-1-5-21-1709582024-3653389009-2489712307-1001\..\URLSearchHook: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - No CLSID value found
    IE - HKU\S-1-5-21-1709582024-3653389009-2489712307-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    O2:64bit: - BHO: (no name) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-1709582024-3653389009-2489712307-1001\..\Toolbar\WebBrowser: (no name) - {7AEAE561-714B-45F6-ACE3-4A8AED6E227B} - No CLSID value found.
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
    O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - File not found
    O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - File not found
    
     
    :Folders
    C:\Users\chuck\AppData\Local\VisualBeeExe
    C:\Users\chuck\AppData\Local\Conduit
    C:\ProgramData\Tarma Installer
    C:\ProgramData\VisualBee
    
     
    :Commands
    [emptytemp]
    [Reboot]
    [CREATERESTOREPOINT]

    >>> Note:
    Having some problems using the code box in this forum, so, please type in the following right above the first entry: :OTL

    It should look like this, make sure there is a colon before OTL

    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com

    Here is an Image of how it should look in Custom Scans/Fixes (at the bottom):


    Apparently, :OTL has the colon right before it, and that is throwing things off.
    After all the information (including :OTL), is pasted in the Custom Scans/Fixes box, click: Run Fix (at the top)
    Allow the program to run without interruption.

    The computer restarts itself, and a log is created after the machine reboots.

    Please post the contents of the new OTL log in your next reply.

    ~~~~
    Now, please download AdwCleaner:
    http://general-changelog-team.fr/fr/...e/2-adwcleaner

    Save to the desktop.
    • Close all open programs.
    • Double-click on AdwCleaner.exe to run it.
    • Click on Delete and confirm the prompt.
    • After it finishes, the computer is restarted.
    A text file report opens after the restart.


    Please post the content of the AdwCleaner report to your reply.
    (A copy of the log is also saved at C:\AdwCleaner[S1].txt)

    ~~~~
    Last, please run RogueKiller once again, do a Scan, and provide its RKreport.txt.

    Please do not remove anything from RogueKiller, so I can see where we are at.


     
    Last edited by cottonball; 02 Feb 2013 at 23:04.
      My Computer


  8. Posts : 62
    windows 7 home premium 64 bit
    Thread Starter
       #18

    adw reports
    (PUP.Datamngr)   how can i get rid of this Attached Files
      My Computer


  9. Posts : 62
    windows 7 home premium 64 bit
    Thread Starter
       #19

    here is the log
    # AdwCleaner v2.109 - Logfile created 02/03/2013 at 12:17:19
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : chuck - CHUCK-PC
    # Boot Mode : Normal
    # Running from : C:\Users\chuck\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\Users\chuck\AppData\Local\APN
    Folder Deleted : C:\Users\chuck\AppData\Local\Conduit
    Folder Deleted : C:\Users\chuck\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\chuck\AppData\LocalLow\ilividtoolbarguid
    Folder Deleted : C:\Users\chuck\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\chuck\AppData\LocalLow\VisualBee_V.1
    Folder Deleted : C:\Users\chuck\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
    Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
    Key Deleted : HKCU\Software\APN DTX
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.1
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKCU\Software\ilividtoolbarguid
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0DD0FE23-7024-4FB8-AD4B-6C65D085618F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\iLividSRTB
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0DD0FE23-7024-4FB8-AD4B-6C65D085618F}
    Key Deleted : HKLM\Software\VisualBee_V.1
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35E7A657-A9BB-472E-A68B-AE7DEAEDAE3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58F6C026-3A8C-4EEF-AE3E-3624180DBB5D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : HKLM\SOFTWARE\DataMngr
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [6199 octets] - [03/02/2013 12:16:48]
    AdwCleaner[S1].txt - [6133 octets] - [03/02/2013 12:17:19]

    ########## EOF - C:\AdwCleaner[S1].txt - [6193 octets] ##########
      My Computer


  10. Posts : 62
    windows 7 home premium 64 bit
    Thread Starter
       #20

    heres the rogue report
    (PUP.Datamngr)   how can i get rid of this Attached Files
      My Computer


 
Page 2 of 5 FirstFirst 1234 ... LastLast

Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:06.
Find Us