Adware.Hicosmea

Page 1 of 3 123 LastLast

  1. Posts : 79
    XP Pro and Win7 Pro both 32 bit plus Win 8.1 64bit
       #1

    Adware.Hicosmea


    Almost everytime I run Malwarebytes I get a report that Adware.Hicosmea needs quarantining. I have checked on advice for permanently removing this nuisance, but the steps needed are so involved that I don't fancy trying to do it manually. The adverts that popup recommending various removal software downloads to buy don't inspire me with any confidence!

    Does anyone know of a macro that is available to run all the cmd commands to remove it?

    Tony
      My Computer


  2. Posts : 3,615
    Win 10 x64, Linux Lite, Win 7 x64, BlackArch, & Kali
       #2
      My Computer


  3. Posts : 79
    XP Pro and Win7 Pro both 32 bit plus Win 8.1 64bit
    Thread Starter
       #3

    Snick

    The first suggestion was one of the ones I gave up on - the auto method involves installing a programme that itself has disadvantages. The manual method suggests different things that are not correct! For example, Hicosmea does not appear as an installed programme via CP. Neither does it appear in programme files or programme data or in roaming, and regedit doesn't show it.

    The second suggestion is merely a different sell from the first! Methods in there are a carbon copy and give the same results in CP and regedit etc.

    As I said, Malwarebytes detects and cleans it, but obviously not completely as it comes back af ter a while and is then detected again, and again, and...........

    Tony
      My Computer


  4. Posts : 3,615
    Win 10 x64, Linux Lite, Win 7 x64, BlackArch, & Kali
       #4

    OK Snugglebugs, please do the following:
    On default settings, run Malwarebytes and delete everything it finds.
    To upload Malwarebytes log
    start Malwarebytes select History>Applications Log>double click latest scan log>export>text file>at popup choose desktop.
    Upload log

    Nic
    Last edited by Snick; 16 Sep 2018 at 11:56. Reason: correct typo
      My Computer


  5. Posts : 79
    XP Pro and Win7 Pro both 32 bit plus Win 8.1 64bit
    Thread Starter
       #5

    Snick

    Generally I just delete the reports but I found a recent one that I didn't!
    Here it is attached. (Not in the menu as you describe, but I found it.)

    Sorry I took so long - been rather busy!

    Tony
    Adware.Hicosmea Attached Files
      My Computer


  6. Posts : 3,615
    Win 10 x64, Linux Lite, Win 7 x64, BlackArch, & Kali
       #6

    No problem with the time factor.

    OOPS, I didn't ask you to click setting > Detection and Protection > check Scan for rootkits
    Would you please do that now, & rescan.
    I'm running an older version of Malwarebytes, interface may be different on new versions. Old MB Free doesn't delete my MB Anti-Exploit and MB Anti-Ransomware stand alone versions. New MB has those included, but deletes the stand alone versions, even if you don't choose MB Premium Trial
    Adware.Hicosmea-capture.png
    In perusing your posts, Hicosmea has a few variations, I believe, that is what those articles address. You've determined that some of the instruction don't apply to your particular situation.
    Appears that Malwarebytes flagged a registry key and quarantined it.

    Please download the appropriate FRST for your ailing machine.
    FRST32
    FRST64

    Place it on your Desktop and run it.
    In search type Hicosmea > click Search Registry
    When it completes > click Files

    When it completes upload SearchReg.txt & Search.txt from your Desktop & the new Malwarebytes Scan Log, I requested you to run above.
    Logs will indicate any location that Hicosmea is still present in. If need be, I'll prepare a fix for you.

    Nic
    Last edited by Snick; 27 Sep 2018 at 09:31. Reason: add image
      My Computer


  7. Posts : 0
    Windows 7 Ultimate x64
       #7
      My Computer


  8. Posts : 79
    XP Pro and Win7 Pro both 32 bit plus Win 8.1 64bit
    Thread Starter
       #8

    Scan for Rootkits option is On and always has been.

    I tried FRST download and got a message that
    "FRST.exe is not commonly downloaded and could harm your computer"
    I selected the option Delete.

    Any ideas?

    Tony
      My Computer


  9. Posts : 3,615
    Win 10 x64, Linux Lite, Win 7 x64, BlackArch, & Kali
       #9

    Yea, false positive, I provided you a link to Bleeping Computers download (clean website too), I tested the link, downloaded FRSTx64 and FRSTx32, submitted to Virus Total, they are clean. Here's snippets

    FRSTx32

    Adware.Hicosmea-capture1.png

    FRSTx64

    Adware.Hicosmea-capture.png

    Those in red are from AVs that are not very good, actually, pretty bad. All the scanner that are top of the line according to AV Comparatives are green. You can upload the files to VirusTotal
    and see for yourself. I have the VT uploader on my computers, added to the right-click context menu.

    I'm a college student studying for CyberSecurity certification as well as CompTIA certs.

    Nic

    FYI: running multiple AV is not a recommended practice, AVG, MS Essentials and Windows Defender, with the exception of Malwarebytes Premium running alongside an AV (one AV).
    Last edited by Snick; 27 Sep 2018 at 11:00. Reason: add info
      My Computer


  10. Posts : 79
    XP Pro and Win7 Pro both 32 bit plus Win 8.1 64bit
    Thread Starter
       #10

    I am not sure what you are telling me? I did try to download FRST from that bleeping computers website and that was what gave me the warning.

    I have now run AdwCleaner and that found 103 threats of which two could not be removed - logs attached.
    No message given as to how to deal with the two not removed.

    Regarding multiple protections - no, I don't have all those installed and running! I only have MSE and Malwarebytes on THIS computer. Defender is installed (as an old experiment) but switched off so is never active.

    Tony
    Adware.Hicosmea Attached Files
    Last edited by Snugglebugs; 28 Sep 2018 at 10:37. Reason: clarity
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:20.
Find Us