Deleted Internet shortcut keeps returning when I start me computer.

Saigonjeff,

Please do the following...this tool normally detects hard to find malware.


Download the Farbar Recovery Scan Tool
Select the 64-bit version.



Save it to the Desktop.

• Double-click the downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• Press the Scan button.
• FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply. <<---


The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply. <<---

Should I restart and let the thing happen again before running FRST?

That's a good idea!

Saigonjeff,

Please do the following...

Open Notepad (Start > All Programs > Accessories > Notepad)

Copy/paste all the contents inside the quote box below to Notepad (do not copy the word 'Quote').
Save it on the Desktop as: fixlist.txt

start
HKCU\...\Runonce: [lbro] F:\Users\Jeff\AppData\Roaming\laban.exe -ro 001 [x]
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.laban.vn/?utm_source=001&...bb0b19f97f27ad
FF Homepage: hxxp://www.laban.vn/?utm_source=001&u=7260d6f9544013295f2570bb0b19f97f27ad
CHR RestoreOnStartup: "hxxp://www.laban.vn/?utm_source=001&u=7260d6f9544013295f2570bb0b19f97f27ad
2013-07-05 12:41 - 2013-07-05 12:41 - 00000161 ____A F:\Documents and Settings\Jeff\Desktop\Laban.vn.url
2013-07-03 14:07 - 2013-07-03 14:06 - 00513832 ____A (VNG Corporation) F:\Documents and Settings\Jeff\Application Data\laban.exe
2013-07-03 14:07 - 2013-07-03 14:06 - 00513832 ____A (VNG Corporation) F:\Documents and Settings\Jeff\AppData\Roaming\laban.exe
2013-07-05 12:41 - 2013-07-05 12:41 - 00000161 ____A F:\Documents and Settings\Jeff\Desktop\Laban.vn.url
2013-07-03 14:06 - 2013-07-03 14:07 - 00513832 ____A (VNG Corporation) F:\Documents and Settings\Jeff\Application Data\laban.exe
2013-07-03 14:06 - 2013-07-03 14:07 - 00513832 ____A (VNG Corporation) F:\Documents and Settings\Jeff\AppData\Roaming\laban.exe
end

WARNING: This script is written specifically for Saigonjeff, for use on this particular computer. Running the script on another computer may cause damage to the Operating System!!

Run FRST again, but this time press the Fix button just once, and wait.

When done, the tool makes a log on the Desktop.
This time it is called: Fixlog.txt

Please post Fixlog.txt in your reply.


Also, please press on with Downloading MiniToolBox
Save to the Desktop. <<--
Double-click the downloaded file to run it.

Image courtesy of BleepingComputer:





When the above console opens, please check the following boxes:

• Flush DNS
• Report IE Proxy Settings
• Report FF Proxy Settings (Only if you use FireFox)
• List content of Hosts

Click: Go


Please post the Result.txt in your reply.
(A copy of Result.txt is also saved on the Desktop.)

Please open your Chrome browser.

Click on the Custumize and Control Google Chrome button (Top right - button with 3 horizontal bars)
Select: Settings

In the Settings area, go to: On startup
Tick: Open a specific page or set of pages > Set pages

In the prompt that appears (Startup pages), click: Add a new page
From there, select the new page you want to use, and delete any reference to the Laban.vn website.

Restart the computer, and post back on how it goes. Is the Laban.vn website still taking over?

Saigonjeff,

Laban.vn looks like some sort of Yahoo like website:
http://www.vng.com.vn/en/
Can't say it is malicious, but it sure installs with a grip.
There are programs that come 'bundled' with other 'goodies', so, you may have gotten it while downloading something else. Need to watch the download closely to make sure you are not installing any "extras'!

There is also some adware/junkware in the system, so, please do the following:

Download AdwCleaner:

http://www.bleepingcomputer.com/download/adwcleaner/

• Save the program to the Desktop
• Close all open programs and internet browsers.
• Right-click on adwcleaner.exe and select: Run As Administrator
• At the program console, click on: Delete
• When the program is done, the computer is rebooted automatically, and a text file opens after the restart.

Please post the AdwCleaner report in your reply. <<<---


Also use the Junkware Removal Tool Download
Save to the Desktop.

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications.
These programs may interfere with the running of JRT.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides


Right-click JRT.exe and select: Run as Administrator
The tool opens and starts scanning the system. Please be patient as this can take a while...

When done, a report, JRT.txt is saved on the Desktop.

Please post the contents of JRT.txt in your reply.


Last, let’s check your Security status with the following...

Download Security Check:
http://screen317.spywareinfoforum.org/
Save to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside the black box.

When done, a Notepad report opens automatically, called: checkup.txt

Please post the checkup.txt in your reply.

(Please do not take any corrective actions!)