Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Adware.Hicosmea

13 Sep 2018   #1
Snugglebugs

XP Pro and Win7 Pro both 32 bit plus Win 8.1 64bit
 
 
Adware.Hicosmea

Almost everytime I run Malwarebytes I get a report that Adware.Hicosmea needs quarantining. I have checked on advice for permanently removing this nuisance, but the steps needed are so involved that I don't fancy trying to do it manually. The adverts that popup recommending various removal software downloads to buy don't inspire me with any confidence!

Does anyone know of a macro that is available to run all the cmd commands to remove it?

Tony


My System SpecsSystem Spec
.
13 Sep 2018   #2
Snick

Win 10 x64, Linux Lite, Win 7 x64, BlackArch, Kali, VMWare Workstation Player, OpenVPN
 
 

My System SpecsSystem Spec
14 Sep 2018   #3
Snugglebugs

XP Pro and Win7 Pro both 32 bit plus Win 8.1 64bit
 
 

Snick

The first suggestion was one of the ones I gave up on - the auto method involves installing a programme that itself has disadvantages. The manual method suggests different things that are not correct! For example, Hicosmea does not appear as an installed programme via CP. Neither does it appear in programme files or programme data or in roaming, and regedit doesn't show it.

The second suggestion is merely a different sell from the first! Methods in there are a carbon copy and give the same results in CP and regedit etc.

As I said, Malwarebytes detects and cleans it, but obviously not completely as it comes back af ter a while and is then detected again, and again, and...........

Tony
My System SpecsSystem Spec
.

16 Sep 2018   #4
Snick

Win 10 x64, Linux Lite, Win 7 x64, BlackArch, Kali, VMWare Workstation Player, OpenVPN
 
 

OK Snugglebugs, please do the following:
On default settings, run Malwarebytes and delete everything it finds.
To upload Malwarebytes log
start Malwarebytes select History>Applications Log>double click latest scan log>export>text file>at popup choose desktop.
Upload log

Nic
My System SpecsSystem Spec
27 Sep 2018   #5
Snugglebugs

XP Pro and Win7 Pro both 32 bit plus Win 8.1 64bit
 
 

Snick

Generally I just delete the reports but I found a recent one that I didn't!
Here it is attached. (Not in the menu as you describe, but I found it.)

Sorry I took so long - been rather busy!

Tony


Attached Files
File Type: txt Hicosmea-report.txt (1.3 KB, 1 views)
My System SpecsSystem Spec
27 Sep 2018   #6
Snick

Win 10 x64, Linux Lite, Win 7 x64, BlackArch, Kali, VMWare Workstation Player, OpenVPN
 
 

No problem with the time factor.

OOPS, I didn't ask you to click setting > Detection and Protection > check Scan for rootkits
Would you please do that now, & rescan.
I'm running an older version of Malwarebytes, interface may be different on new versions. Old MB Free doesn't delete my MB Anti-Exploit and MB Anti-Ransomware stand alone versions. New MB has those included, but deletes the stand alone versions, even if you don't choose MB Premium Trial
Adware.Hicosmea-capture.png
In perusing your posts, Hicosmea has a few variations, I believe, that is what those articles address. You've determined that some of the instruction don't apply to your particular situation.
Appears that Malwarebytes flagged a registry key and quarantined it.

Please download the appropriate FRST for your ailing machine.
FRST32
FRST64

Place it on your Desktop and run it.
In search type Hicosmea > click Search Registry
When it completes > click Files

When it completes upload SearchReg.txt & Search.txt from your Desktop & the new Malwarebytes Scan Log, I requested you to run above.
Logs will indicate any location that Hicosmea is still present in. If need be, I'll prepare a fix for you.

Nic


My System SpecsSystem Spec
27 Sep 2018   #7
F22 Simpilot

Windows 7 Ultimate x64
 
 

My System SpecsSystem Spec
27 Sep 2018   #8
Snugglebugs

XP Pro and Win7 Pro both 32 bit plus Win 8.1 64bit
 
 

Scan for Rootkits option is On and always has been.

I tried FRST download and got a message that
"FRST.exe is not commonly downloaded and could harm your computer"
I selected the option Delete.

Any ideas?

Tony
My System SpecsSystem Spec
27 Sep 2018   #9
Snick

Win 10 x64, Linux Lite, Win 7 x64, BlackArch, Kali, VMWare Workstation Player, OpenVPN
 
 

Yea, false positive, I provided you a link to Bleeping Computers download (clean website too), I tested the link, downloaded FRSTx64 and FRSTx32, submitted to Virus Total, they are clean. Here's snippets

FRSTx32

Adware.Hicosmea-capture1.png

FRSTx64

Adware.Hicosmea-capture.png

Those in red are from AVs that are not very good, actually, pretty bad. All the scanner that are top of the line according to AV Comparatives are green. You can upload the files to VirusTotal
and see for yourself. I have the VT uploader on my computers, added to the right-click context menu.

I'm a college student studying for CyberSecurity certification as well as CompTIA certs.

Nic

FYI: running multiple AV is not a recommended practice, AVG, MS Essentials and Windows Defender, with the exception of Malwarebytes Premium running alongside an AV (one AV).


My System SpecsSystem Spec
28 Sep 2018   #10
Snugglebugs

XP Pro and Win7 Pro both 32 bit plus Win 8.1 64bit
 
 

I am not sure what you are telling me? I did try to download FRST from that bleeping computers website and that was what gave me the warning.

I have now run AdwCleaner and that found 103 threats of which two could not be removed - logs attached.
No message given as to how to deal with the two not removed.

Regarding multiple protections - no, I don't have all those installed and running! I only have MSE and Malwarebytes on THIS computer. Defender is installed (as an old experiment) but switched off so is never active.

Tony


Attached Files
File Type: txt AdwCleaner[C00].txt (9.3 KB, 2 views)
File Type: txt AdwCleaner[S00].txt (10.9 KB, 2 views)
My System SpecsSystem Spec
Reply

 Adware.Hicosmea




Thread Tools




Similar help and support threads
Thread Forum
Techbrowsing adware
Ok so this all started 3 days ago on my probook 4530s running win 7 pro x64. A chrome window randomly opened and i just closed it thinking teamviewer opened their site. Today it happened again and i let it load to see what was going on. It was a site called Techbrowsing and i looked it up to find...
System Security
Got DNS Unlocker adware, need help!
Hello! A couple of days ago Iíve downloaded some new games, and with them, DNS Unlocker sneaked on my PC. I immediately removed the virus by using this article: How to remove DNS Unlocker (updated), but today it appeared again. Probably, I incorrectly executed instructions, that were in the...
System Security
adware how to remove
have had browser taken over by QVO6 how do I get rid of it , my avast is not picking it up
System Security
Adware virus?
Hi, i was just playing tf2 and quit and steam said: You won apple iphone 4! And then i steam played sound (it was finland). I killed steam.exe (The real good gaming place) from taskmgr and the sound was gone. I should scan my pc now? :rolleyes:
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:34.
Twitter Facebook Google+