Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Removal of virus has blocked internet. PLEASE PLEASE HELP

24 Jun 2015   #101
ChronicX

Windows 7 Home Premium 64
 
 

Latest SysLook info.

"SystemLook 30.07.11 by jpshortstuff
Log created at 12:08 on 24/06/2015 by user
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*plsapp*"
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\plsapp64.dll --a---- 439296 bytes [21:33 27/05/2015] [21:33 27/05/2015] 33948FF6D642994C5831809F3234F30A
C:\Users\user\Desktop\FIX\BackupPLSAPP\plsapp64bu.dll --a---- 439296 bytes [07:02 22/06/2015] [03:41 14/11/2013] 83B88B7DDB5F2031F6DC9DEC742AFEAE
C:\Users\user\Desktop\FIX\BackupPLSAPP\plsappbu.dll --a---- 354592 bytes [07:02 22/06/2015] [23:12 23/01/2014] 40B9FD5561C83D37F904848F96471ED8

========== regfind ==========

Searching for "PureLeads"
[HKEY_LOCAL_MACHINE\SOFTWARE\Dyn\Installed]
"PureLeads"="PureLeads"
[HKEY_LOCAL_MACHINE\SOFTWARE\PureLeads]
[HKEY_LOCAL_MACHINE\SOFTWARE\PureLeads]
"InstallDir"="C:\Program Files (x86)\PureLeads"
[HKEY_LOCAL_MACHINE\SOFTWARE\PureLeads]
"SilverTipURL"="l.pureleads.com"

-= EOF =-"


My System SpecsSystem Spec
.
24 Jun 2015   #102
cottonball

Windows 7 Home Premium
 
 

CX,

This is incredible.

Two of those entries are your backups (I think), but the rest of the entries just wont go away.

Let's go directly to the Registry.

First, let's back up: HKEY_LOCAL_MACHINE\SOFTWARE

Using this Tutorial by Brink, select Option One, Method Two: Registry - Backup and Restore

Back up: SOFTWARE
Quote:
4. To Export a Registry KEY Branch
NOTE: This will allow you to backup the entire selected KEY branch under a HKEY with all of it's subkeys and key values to a .reg file as a backup.
Press the Windows key, and the R key
In the Run prompt, type in: regedit

When the Registry opens, go to the left of: HKEY_LOCAL_MACHINE\, and click the triangle on the left to expand the Key.
Next, click to expand: SOFTWARE
Click to expand Dyn > Installed

When you get to Installed, on the right side, look for: PureLeads
Highlite and right click on it, and select: Delete
OK any prompt that appears.

Next, get to HKEY_LOCAL_MACHINE\SOFTWARE\PureLeads
Highlite and right-click on PureLeads, and Delete
OK the action.

Close the Registry window.


Now, right-click the Windows orb on the Taskbar, and select: Open Windows Explorer
Go to C:\Program Files (x86)\PureLeads and delete the PureLeads folder
Do not delete the C:\Program Files (x86)\ folder!!!!!!

Next, please download System Restore Explorer:
System Restore Explorer | Nic's Blog

Scroll down to where it says History, and right above that, it says: "If you’d like to give System Restore Explorer a try then you can download it here..."

Download the program to the Desktop, and double-click the icon created to install the program.
Follow the prompts and Finish.

When the program opens, uncheck: Hide Restore Points created in the last 5 days

Look at the Restore Point (RP) dates, and select any that has a date around 27/05/2015.

Select/highlite the RP and press: Mount
The tool creates a shortcut opening a window to the particular RP and allows you to browse the RP contents.

Check for one that contains: plsapp64.dll

When you find the file, X out of the RP Window, and, back at the program console, click: Unmount

Now, highlite the same Restore Point were you found the file, and select: Delete
Close out of the program.

Restart the computer.

Run SystemLook again, and let's see what it shows.

Sure hope this will do it.
My System SpecsSystem Spec
24 Jun 2015   #103
ChronicX

Windows 7 Home Premium 64
 
 

Notice in the registry how the Pure Leads file is in a folder that was not identified in scans and the areas where it supposed to be is not there.


Attached Thumbnails
Removal of virus has blocked internet. PLEASE PLEASE HELP-greenred.png  
My System SpecsSystem Spec
.

24 Jun 2015   #104
ChronicX

Windows 7 Home Premium 64
 
 

I also found a folder called Pure Leads inside that same folder circled above. I deleted entries/folders. Restarting and then will run syslook.
My System SpecsSystem Spec
24 Jun 2015   #105
ChronicX

Windows 7 Home Premium 64
 
 

This is a good sign but I seem to not be able to access the System Information Folder that houses the final DLL.?
My System SpecsSystem Spec
24 Jun 2015   #106
ChronicX

Windows 7 Home Premium 64
 
 

Ooops! "SystemLook 30.07.11 by jpshortstuff
Log created at 16:17 on 24/06/2015 by user
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*plsapp*"
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\plsapp64.dll --a---- 439296 bytes [21:33 27/05/2015] [21:33 27/05/2015] 33948FF6D642994C5831809F3234F30A
C:\Users\user\Desktop\FIX\BackupPLSAPP\plsapp64bu.dll --a---- 439296 bytes [07:02 22/06/2015] [03:41 14/11/2013] 83B88B7DDB5F2031F6DC9DEC742AFEAE
C:\Users\user\Desktop\FIX\BackupPLSAPP\plsappbu.dll --a---- 354592 bytes [07:02 22/06/2015] [23:12 23/01/2014] 40B9FD5561C83D37F904848F96471ED8

========== regfind ==========

Searching for "PureLeads"
No data found.

-= EOF =-"
My System SpecsSystem Spec
24 Jun 2015   #107
ChronicX

Windows 7 Home Premium 64
 
 

I dug my way into the System V. Info folder and quarantined and deleted the last .dll. Lookee!

"SystemLook 30.07.11 by jpshortstuff
Log created at 16:48 on 24/06/2015 by user
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*plsapp*"
C:\Users\user\Desktop\FIX\BackupPLSAPP\plsapp64bu.dll --a---- 439296 bytes [07:02 22/06/2015] [03:41 14/11/2013] 83B88B7DDB5F2031F6DC9DEC742AFEAE
C:\Users\user\Desktop\FIX\BackupPLSAPP\plsappbu.dll --a---- 354592 bytes [07:02 22/06/2015] [23:12 23/01/2014] 40B9FD5561C83D37F904848F96471ED8

========== regfind ==========

Searching for "PureLeads"
No data found.

-= EOF =-"

The remaining other two files are just back up files I created in case of emergency.
My System SpecsSystem Spec
24 Jun 2015   #108
cottonball

Windows 7 Home Premium
 
 

Excellent!!!

Great job, ChronicX!!!


One more thing, please.
Remove the backup copies of plsapp64.dll that you saved.

Then, download a new copy of SystemLook: Here

Do the same search as before:

Code:
:filefind
*plsapp*
 
:regfind
PureLeads
Please post the results.


Quote:
I dug my way into the System V. Info folder and quarantined and deleted the last .dll
Would you mind sharing what you had to do? It may help someone else.

Did System Restore Explorer help you?
My System SpecsSystem Spec
24 Jun 2015   #109
ChronicX

Windows 7 Home Premium 64
 
 

SystemLook 30.07.11 by jpshortstuff
Log created at 19:40 on 24/06/2015 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "*plsapp*"
No files found.

Searching for " "
No files found.

========== regfind ==========

Searching for "PureLeads"
No data found.

-= EOF =-

Hey, Cottonball, above is the hopefully, final SystemLook report you have to look at (from me) for now. LOL

To answer your question, I used REGEDIT to search. When I used Windows Explorer to search, the remaining files were just not identified, SystemLook saw them but the paths were wrong, so as a last ditch effort I searched using REGEDIT and that exposed where the final DLLs were hiding. I didn't actually get to using System Restore Explorer as after the REGEDIT search, I knew where to aim... and the shots hit.
My System SpecsSystem Spec
24 Jun 2015   #110
ChronicX

Windows 7 Home Premium 64
 
 



Attached Images
Removal of virus has blocked internet. PLEASE PLEASE HELP-thank-you.jpg 
My System SpecsSystem Spec
Reply

 Removal of virus has blocked internet. PLEASE PLEASE HELP




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
help with possible virus removal?
I thought there was a section here, that gave details on what to submit here, in order for a professional from within to examine the content and then give further instruction. Is it still here, or is it gone? I looked under security. Hmm, I'm missing something...Thx, DM
System Security
Virus Removal
Just bought a laptop pretty decently priced even with the virus problem. I am just having problems getting rid of this one. It has content explorer which sets up proxy so after disabling it i can not get on net to install removal sofware. It has wb.exe, pc health, a password viewer, scorpion...
System Security
Want ideas for Virus removal if virus shows up in safemode CMD
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
System Security
Virus Removal
My Microsoft Security Essentials keeps alerting me to something called: Name: Exploit:HTML/IframeRef.gen Alert Level: Severe I click remove but sometime later the message pops up again saying to remove. I have clicked remove quite enough times now but still the pop-up appears. I have also...
System Security
no internet after virus removal
I removed a virus from my friends e machine net book a week or so ago it was the system tool 2012 virus.it was removed fully and have checked this via AV and malwarebytes etc.but since then the internet always finds wifif points and connects but always says limited connection.problem is he lost his...
Network & Sharing
After Virus Removal
After virus removal, this message has been popping up every time I start the computer. What do I do to restore these two DLL files? Startup repair has done nothing and I don't want to system restore because I just installed tons of drivers.
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 23:02.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App