Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Infected with Babylon Search; need help cleaning PC


02 Jul 2013   #1

Windows Seven Home Premium 64 Bit
 
 
Infected with Babylon Search; need help cleaning PC

I installed and ran Microsoft Security Essentials.
Full scan: removed 2 instances of some java exploit updater (?)
Ran CCleaner before the scan.

Please advise. Not sure where to start.

Thank you.

My System SpecsSystem Spec
.

02 Jul 2013   #2

Windows 7 Home Premium
 
 

webgal318,

Here are some instructions that you will find helpful:
Remove Babylon Search hijack (Uninstall Guide)

Basically, this is how the process goes...


Uninstall Babylon Search

  • Please click Start > Control Panel > Uninstall a program
  • Search for and uninstall Babylon, Babylon toolbar on IE, Yontoo, BrowserProtect, or any Babylon related entry.


Remove Babylon Search from Internet Explorer
  • Open Internet Explorer,then click on the gear icon at the top right and select: Manage add-ons.
  • From the Toolbars and Extensions tab, select Babylon toolbar, Babylon toolbar helper, Babylon IE plugin, babylonToolbar.com or anything related to Babylon.
  • Next click on: Disable
  • Under Add-on Types, click: Search Providers
  • Select a search provider, click Set Default, then click on Search the Web (Babylon) in the list and click on Remove
  • To change your home page, go to the home page you normally use..
  • Next, click on the gear icon , select Internet Explorer options, and in the General tab, under the Home page section, click on Use current to restore your Internet Explorer home page.
If you use FireFox or Chrome, check the link provided at the beginning of this post, and follow its instructions.


Remove Babylon Toolbar Registry keys

  • Please download AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/
  • Save the program to the Desktop
  • Close all open programs and internet browsers.
  • Right-click on adwcleaner.exe and select: Run As Administrator
  • At the program console, click on: Delete
  • When the program is done, the computer is rebooted automatically, and a text file opens after the restart.
Please post the AdwCleaner report in your reply. <<<---



Scan with Malwarebytes Anti-Malware
  • Download:http://www.malwarebytes.org/mbam-download-exe.php
  • Save to the Desktop
  • Right-click the MBAM file, and select: Run as Administrator
  • When the installation begins, follow the prompts in the setup process.
  • DO NOT make any changes to default settings and when the program has finished installing, make sure only the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware options are checked.
  • Uncheck: Enable free trial of Malwarebytes Anti-Malware PRO
  • Click on the Finishbutton.
  • If an update is found, the program automatically updates itself.
  • At the program console, on the Scanner tab, and select: Perform Full Scan
  • Next, click on the Scanbutton.
  • When the Malwarebytes scan is completed, click on: Show Results
  • When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected
  • When removal is completed, a report opens in Notepad.
Please copy/paste the entire contents of the MBAM report in your reply. <<<---


Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.
My System SpecsSystem Spec
03 Jul 2013   #3

Windows Seven Home Premium 64 Bit
 
 
ADW Cleaner Report

Here you go as requested! Many thanks! -Sylvia

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.07.03.08
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer
Ralph :: RALPH-PC [administrator]
7/3/2013 1:15:32 PM
mbam-log-2013-07-03 (13-15-32).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 585873
Time elapsed: 2 hour(s), 57 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 10
C:\Users\Ralph\Downloads\downloadmanager_Setup (1).exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Ralph\Downloads\downloadmanager_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Ralph\Downloads\Skype_Setup (1).exe (PUP.IBryte) -> Quarantined and deleted successfully.
C:\Users\Ralph\Downloads\Skype_Setup (2).exe (PUP.IBryte) -> Quarantined and deleted successfully.
C:\Users\Ralph\Downloads\Skype_Setup (3).exe (PUP.IBryte) -> Quarantined and deleted successfully.
C:\Users\Ralph\Downloads\Skype_Setup (4).exe (PUP.IBryte) -> Quarantined and deleted successfully.
C:\Users\Ralph\Downloads\Skype_Setup (5).exe (PUP.IBryte) -> Quarantined and deleted successfully.
C:\Users\Ralph\Downloads\Skype_Setup.exe (PUP.IBryte) -> Quarantined and deleted successfully.
C:\Users\Ralph\Downloads\FlashPlayer_V.7502232a.exe (PUP.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Ralph\Downloads\flvmplayer.exe (PUP.BundleInstaller.SOL) -> Quarantined and deleted successfully.
(end)


Attached Files
File Type: txt AdwCleaner[S1].txt (8.1 KB, 6 views)
My System SpecsSystem Spec
.


03 Jul 2013   #4

Windows 7 Home Premium
 
 

webgal318,

Are you still having problems with Babylon Search?

Also use the Junkware Removal Tool Download
Save to the Desktop.

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications.
These programs may interfere with the running of JRT.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides


Right-click JRT.exe and select: Run as Administrator

The tool opens and starts scanning the system. Please be patient as this can take a while...


When done, a report, JRT.txt is saved on the Desktop.

Please post the contents of JRT.txt in your reply.



Last, letís check the Security status with the following...

Download Security Check:
http://screen317.spywareinfoforum.org/
Save to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside the black box.

When done, a Notepad report opens automatically, called: checkup.txt

Please post the checkup.txt in your reply.

(Please do not take any corrective actions!)
My System SpecsSystem Spec
03 Jul 2013   #5

Windows Seven Home Premium 64 Bit
 
 
JRT file

I disabled Firewall and AV before running JRT.

I enabled both of the above before running the security check.

The security check reported in a text file that the OS was not supported.

One last note: Babylon was not in the Add/Remove programs so I ran the Revo Uninstaller. That is a wonderful tool! It removed Babylon and its aliases all the way down to the registry.

The browser opened just fine the last time I restarted this machine so I think we are close to marking this one solved.


Attached Files
File Type: txt JRT.txt (20.8 KB, 5 views)
My System SpecsSystem Spec
03 Jul 2013   #6

Windows 7 Home Premium
 
 

Security Check should support your system without any problem.

Delete the previous download, and try downloading it from here:
http://screen317.spywareinfoforum.org/SecurityCheck.exe

Then, run the program. See if you have better luck.
My System SpecsSystem Spec
03 Jul 2013   #7

Windows Seven Home Premium 64 Bit
 
 
Security Check

I tried to run it with the AV and Firewall and without.
Results attached.


Attached Files
File Type: txt checkup.txt (41 Bytes, 5 views)
My System SpecsSystem Spec
03 Jul 2013   #8

Windows 7 Home Premium
 
 

Let me do some more checking on the program. Would like to find out why it does not run on your system.

In the meantime, please run an online scanner...

This may take a while, so run the following when you can be home.

The ESET Scanner is implemented as an ActiveX control, so it is best run on Internet Explorer.
Right click the IE shortcut and select: Run as Administrator

Next, download: Free Online Virus Scanner | ESET

On the ESET website, click on: Run ESET Online Scanner
Click: Start

When asked, allow the add-on to be installed
Click: Start again

On the next prompt, Computer Scan Settings, check: Remove found threats
Next, click on: Advanced Settings


Make sure these options are checked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
Click: Scan



When the scan is completed, if threats are found, in the Scan Results prompt:
  • Click on: List of threats found
  • Click on: Export to text file
  • Save to the Desktop and name it ESET Scan Results
  • Click on: Back
  • Place a check on: Uninstall application on close
  • Click on: Finish, and close the program.
Please provide the ESET report in your reply to determine if any further action is necessary.
My System SpecsSystem Spec
03 Jul 2013   #9

Windows 7 Home Premium
 
 

Just a thought...

Try running Security Check in Safe Mode:

Please start the computer, and as it starts, tap the F8 key before the Windows logo appears.
When you get the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode, and then press: Enter
My System SpecsSystem Spec
04 Jul 2013   #10

Windows Seven Home Premium 64 Bit
 
 
ESET Report; Checkup report

After I ran the ESET and deleted the malware, I restarted the PC. I then ran Security Check in normal mode and I got a report this time. It must have been the malware blocking the SC from running.

Here are the reports.


Attached Files
File Type: txt ESET report.txt (9.4 KB, 4 views)
File Type: txt checkup.txt (784 Bytes, 6 views)
My System SpecsSystem Spec
Reply

 Infected with Babylon Search; need help cleaning PC




Thread Tools



Similar help and support threads for2: Infected with Babylon Search; need help cleaning PC
Thread Forum
Solved Getting rid of Babylon Search, Qv06.com and Delta-Search Spyware System Security
Solved Babylon Search Browsers & Mail
Google Chrome Babylon Remove Search Engine Browsers & Mail
Solved How do I remove Babylon Search from FF and IE? Browsers & Mail
How to remove babylon search bar in firefox Browsers & Mail
IE 9 an Babylon Search Engine Browsers & Mail
Infected by Katuna, after much cleaning, still many CPU cyc. when idle System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:54 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33