Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Dad's PC infected with Dregol, etc.

12 May 2015   #1
gregrocker

 
Dad's PC infected with Dregol, etc.

My Dad's PC was infected with some sort of adware package I think was clicked on in a webpage popup. He says he knows not to do anything but close those out, but I wonder if even doing that can download them. Are they able to reprogram the exit X to download in IE11? Should we always just reboot if a dodgy ad page or popup appears while browsing?

For Dregol, after uninstalling that and some others in Control Panel, a search suggested SPyhunter which I ran. It seems to have found multiple adware and searchware. But when I click Fix Infections it wants us to pay so now I'm suspicious of it. It says it found evidence of Conduit, Search Protect, Adware Helpers which I see no evidence of so I'm now wondering if it is illegit and maybe seeded us. I uninstalled it.

I could not remove Dregol from IE search so reset that browser which seems OK now. There is no evidence of it in files or registry using name search.

MBAM found PUPS I removed but didn't seem to find Dregol, SAS found cookies, so I ran AdwCleaner and ESET online scanner. AdwCleaner found Conduit and Search Protect and some other things but I'm waiting for ESET to finish before cleaning those up since it wants to Force Shut all programs.

Anything else suggested?




Attached Files
File Type: txt eset.txt (730 Bytes, 4 views)
File Type: txt AdwCleaner[S0].txt (3.0 KB, 6 views)
My System SpecsSystem Spec
.
12 May 2015   #2
RolandJS

Windows 7 Professional 64-bit
 
 

Hitman Pro is one of the few that actually find Conduit and Ask, SpyHunter's probably correct on that one. I still have Malwarebytes AM & SUPERAntispyware on my system. Take heed using SpyHunter, many others have removed it.
My System SpecsSystem Spec
12 May 2015   #3
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Greg, this adware will sneak in with some 'freeware software'. Warn your Dad about that!

Download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
My System SpecsSystem Spec
.

12 May 2015   #4
cottonball

Windows 7 Home Premium
 
 

Greg,

After running JRT as recommended by Jacee, please see if you can do the following to check a few things:

Please download Zoek.exe:
Download z o e k . e x e version 5.0.0.0
Save to the Desktop.

Please close all antivirus and anti-malware programs so they do not interfere with the download or execution of Zoek.
Instructions how to disable security application:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

• Next, double click zoek.exe to start the program.
• Copy and paste the following script in the code box:

Note: This script is written specifically for this user's computer.
Do not use it on another computer even if its problems are similar !

Code:
standardsearch;
installedprogs;
process;
services-list;
srinfo;
emptyfolderscheck;
• Close any open browsers.
• Click the Run script button and wait patiently.
• When finished the logfile, zoek-results.log, is opened in Notepad.
• If a reboot is needed the logfile is opened after rebooting.
• The zoek-results.log is also found on your system drive (normally C:\).


Please post the zoek-results.log in your reply.
My System SpecsSystem Spec
13 May 2015   #5
gregrocker

 

His performance Is better than before. He's a little annoyed by new IE11 install asking if he wants to enable Add-Ons like WMP and Quicktime plug-in, offering only to Allow but not to Disable unless he goes into IE Add-Ons. I will keep an eye on that.

Both logs coming


Attached Files
File Type: txt JRT.txt (857 Bytes, 4 views)
File Type: txt zoek-results.txt (33.2 KB, 4 views)
My System SpecsSystem Spec
13 May 2015   #6
RolandJS

Windows 7 Professional 64-bit
 
 

Greg, Wise Plugin Manager, just one of several good ones, might be a good tool for him. I've used it to remove some pesky plugins, extensions. Be advised that many FF add-ons have mighty unhelpful strange names listed in WPM However, the listing within Chrome and IE are almost always in plain language.
My System SpecsSystem Spec
13 May 2015   #7
cottonball

Windows 7 Home Premium
 
 

Greg,

Did not see malware in the Zoek report, and the JRT took care of an item.

If you wish, you can also check browsers plugins and see if they are up to date.
Plugins add new capabilities into the browser, but, they can also provide opportunities for malicious code to get in.


Check Firefox > https://www.mozilla.org/en-US/plugincheck/

To check other browsers, use: Qualys BrowserCheck
It is a cloud service that scans your browsers and plugins to see if they are all up-to-date.

Download > https://browsercheck.qualys.com/

When the program opens, click on: Scan without installing plugin
Then, click on: Scan now
My System SpecsSystem Spec
Reply

 Dad's PC infected with Dregol, etc.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
My PC is infected!
:(I've tried to find these things and delete them. But I have at least two I can't get rid of. One of them is a "PC CLeaner" Another is some problem in ITunes saying its not for my new W-7....but it always was good till this other thing came along. The PC is doing something else when I...
System Security
I am infected.
I was looking for info on a new korean game called tree of saviour and i found a webpage siliconera.com which apparently had a good image of the game classes so i tried to go into the page and suddenly a windows want to execute cmd something came up and i went full retard and put yes my laptop...
System Security
I think we have been infected... need some help
Was using this computer today with no issues, all of a sudden I come home tonight and any browser I choose, mozzilla, chrome has all kinds of pop ups occurring. We run two computers in the house, but it seems only this one is having the problem. We run Mcaffe security suite and everything...
Browsers & Mail
Infected?
I'm wondering if I got a virus. I got the death blue screen once, but only once. Things boot fine now. Anyway, later, when I try to run various applications, I get errors for some of them, like this: "The application was unable to start correctly (0x0000005). Click OK to close the application."...
System Security
Does it appear that I am infected?
Hello to all, Thank you for any response. Yesterday while running Malwarebytes Antimalware a scan on Windows 7 Ultimate 64 bit it seemed to freeze up, now to be honest on certain cab or manifest files it can take a long time. But the clock was over 5 minutes slow, cursor immovable, and Task ...
System Security
Have you ever been infected?
Yes. During the years of IE6 we used Norton. It was regularly finding viruses/malware until we switched to Firefox. We switched to AVG. It found at least one threat my dad had downloaded. We tried ESET and I downloaded a program that 1000s had downloaded and a few said it was clean. It seemed to...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:58.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App