Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: New Member, Hidden Taimed Adware. Win.7 64

13 Apr 2015   #11
Berkey

Microsoft Windows 7 Professional 64-bit SP1
 
 

Malware can sometimes root itself deep in the system and simply "removing" it will not solve all the issues. I'm not an expert in Malware removal, so I will not try to BS my way through it, however I have sent a PM to an expert who may take a look at this thread.


My System SpecsSystem Spec
.
13 Apr 2015   #12
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
13 Apr 2015   #13
Spyderedge

Win. 7, 64 bit.
 
 

Ran the ESET program:


C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R8WENE4.exe Win32/ReImageRepair.F potentially unwanted application deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R7GZND2\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfhamapbpbifcoklamkeaamolomdockm\2.2\h1Oi3j2.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R7GZND2\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfhamapbpbifcoklamkeaamolomdockm\2.2\h1Oi3j2.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R7GZND2\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfhamapbpbifcoklamkeaamolomdockm\2.2\h1Oi3j2.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R7GZND2\C\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kfhamapbpbifcoklamkeaamolomdockm\2.2\h1Oi3j2.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R7GZND2\C\Users\Andre\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfhamapbpbifcoklamkeaamolomdockm\2.2\h1Oi3j2.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R7GZND2\C\Users\Andre\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfhamapbpbifcoklamkeaamolomdockm\2.2\h1Oi3j2.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R7GZND2\C\Users\Andre\AppData\Local\Torch\User Data\Default\Extensions\kfhamapbpbifcoklamkeaamolomdockm\2.2\h1Oi3j2.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R7GZND2\C\Users\Andre\AppData\Roaming\ED62.tmp.exe.vir Win32/Techsnab.H potentially unwanted application deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R7GZND2\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfhamapbpbifcoklamkeaamolomdockm\2.2\h1Oi3j2.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R7GZND2\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfhamapbpbifcoklamkeaamolomdockm\2.2\h1Oi3j2.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R7GZND2\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kfhamapbpbifcoklamkeaamolomdockm\2.2\h1Oi3j2.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-979314786-3880189125-3514849237-1000\$R7GZND2\C\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kfhamapbpbifcoklamkeaamolomdockm\2.2\h1Oi3j2.js.vir Win32/Adware.MultiPlug.EB application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\ExtensionUpdaterService.exe.vir a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\InstallerHelper.dll.vir a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\Firefox\chrome\content\main.js.vir Win32/Toolbar.Perion.K potentially unwanted application deleted - quarantined
C:\Program Files\IDT\DownloadManagerSetup.exe a variant of Win32/InstallCore.BQ potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Techsmart Computer\amnet.dll a variant of Win32/Techsnab.H potentially unwanted application deleted (after the next restart) - quarantined
C:\Program Files (x86)\Techsmart Computer\ittask.exe a variant of Win32/Techsnab.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Techsmart Computer\jpff.exe a variant of Win32/Techsnab.H potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Techsmart Computer\jswchromium.exe a variant of Win32/Techsnab.H potentially unwanted application deleted - quarantined
C:\Users\Andre\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZO5M3IGK\ReimagePackage1814x64[1].exe Win32/ReImageRepair.F potentially unwanted application deleted - quarantined
C:\Users\Andre\AppData\Local\Temp\ReimagePackage.exe Win32/ReImageRepair.F potentially unwanted application deleted - quarantined
Operating memory a variant of Win32/Techsnab.H potentially unwanted application contained infected files
My System SpecsSystem Spec
.

13 Apr 2015   #14
cottonball

Windows 7 Home Premium
 
 

Spyderedge,

If Taimed is still an issue, or you wish to us a second platform, please use the herdProtect Anti-Malware Scanner:
Download herdProtect - Free Anti-Malware Platform

It has identified the elusive Taimed LLC in other requests for assistance.

Select the Portable Version (green button on the right), and save to the Desktop.
Double-click the herdProtectScan_Portable file to run the program setup.

On the last prompt, make sure Launch herdProtect is checked, and press: Finish

Next, when presented with the Scanner prompt, press the green Scan button. (An Internet connection needs to be available.)

OK the next prompt.

The scan goes through various stages, and, when done, the scan Results are presented (Files scanned: xxx, Processes scanned: xxxx, etc. Press (at the top): Save Results

Please do not remove any entries, and provide the herdProtect Scan_2015-(date) report in your reply.
My System SpecsSystem Spec
13 Apr 2015   #15
cottonball

Windows 7 Home Premium
 
 

BTW, did you restart the computer after the ESET Scan?
If not, please do so.

Also, there may be a relationship between these two:

CN=TAIMED LLC, O=TAIMED LLC, STREET=Kirova st. 20A office 422, L=Moscow district, S=Lubertsy, PostalCode=140005, C=RU


Techsnab, identified by Eset, and also on the list Jacee provided in post #5 :

CN=Techsnab LLC, O=Techsnab LLC, STREET="Otradnaya st. 15,", STREET="Location IIА, Office 1", L=Moscow, S=Moscow, PostalCode=127273, C=RU


It may be in your best interest to scan with herdProtect Anti-Malware.


The program appesars to also have a grasp of this particular adware/malware.
My System SpecsSystem Spec
15 Apr 2015   #16
Spyderedge

Win. 7, 64 bit.
 
 

Yes, I restarted my computer. Will download Herd-Protect and see what it finds.

As far as I know, on Google Chrome it's gone. I went to Firefox today and the ads are still blaring over there, then when I hit the shortcut to chrome the shortcut has changed to "JSWchrome.exe" and would no longer work. Removed and re-installed chrome, everything is fine again after a "Adwcleaner" scan. Removed and re-installed firefox.

Just mentioning that in case it is helpful for you guys.

EDIT: Also, it changed my view of Facebook to Korean!!!
My System SpecsSystem Spec
15 Apr 2015   #17
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Delete all cookies within Facebook...
You might have to delete the 'shortcut' and re-log in with a new "User password".
https://www.facebook.com/help/748385731848104
My System SpecsSystem Spec
Reply

 New Member, Hidden Taimed Adware. Win.7 64




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Show hidden files that remain hidden
In Appearance Files View, clearing the 2 buttons to reveal hidden files does not allow access to, for instance, C documents and settings, which has a padlock next to it, and others. I had reinstalled the OS from within the machine and uninstalled any junk such as games etc. Have Avast free,...
General Discussion
How did i go from Skilled Member back to Member
one morning a few days ago i remember waking up to a badge saying that i was a skilled memebr, later that day when i come back from school i notice im back to just member, is this normal?
Chillout Room
How to see hidden text or hidden streams in a doc(x) file in Starter
I was checking Microsoft Office Word Starter 2010 and I realized that one of the files had hidden text in it. From Options - Display, I chose show hidden text and it was "Top of Form" at the top of the page. But I got curious about this and made some search and I realized that you can hide text in...
Microsoft Office
Hidden System files are no longer hidden
Some of my important system files are no longer hidden and I can't hide them even with the Command Prompt "attrib" command. Files such as bootmgr and ntldr are shown and I can't hide them. Also, show Protected System files is unchecked and show hidden files is also unchecked so they shouldn't be...
General Discussion
My pc is not showing Hidden Folders even after enabling - "Show Hidden
My pc is not showing Hidden Folders even after enabling - "Show Hidden Files, Folders and files"... now here is how it goes... i open folder options in the explorer, and saw that none of the options "DON'T Show Hidden Files, Folders and files" or "Show Hidden Files, Folders and files" is...
Performance & Maintenance
How to send each member of a dist list with member name only????
I have a distribution list of 30 mail recipients. I want to do one Send from Windows Live Mail to all 30 recipients in one shot but I also want each recipient to see only their name as the recipient but not others in the distribution list. Can I do that? If so, how? Please help. Many...
Browsers & Mail


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:55.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App