Adware.Hicosmea

[Snugglebugs]

Almost everytime I run Malwarebytes I get a report that Adware.Hicosmea needs quarantining. I have checked on advice for permanently removing this nuisance, but the steps needed are so involved that I don't fancy trying to do it manually. The adverts that popup recommending various removal software downloads to buy don't inspire me with any confidence!

Does anyone know of a macro that is available to run all the cmd commands to remove it?

Tony

 

[Snick]

Hi Snugglebugs,
This is pretty simple, have you perused:
How to remove Hicosmea completely
or
How to remove Hicosmea Adware - MalwareKillers.com
Nic

 

[Snugglebugs]

Snick

The first suggestion was one of the ones I gave up on - the auto method involves installing a programme that itself has disadvantages. The manual method suggests different things that are not correct! For example, Hicosmea does not appear as an installed programme via CP. Neither does it appear in programme files or programme data or in roaming, and regedit doesn't show it.

The second suggestion is merely a different sell from the first! Methods in there are a carbon copy and give the same results in CP and regedit etc.

As I said, Malwarebytes detects and cleans it, but obviously not completely as it comes back af ter a while and is then detected again, and again, and...........

Tony

 

[Snick]

OK Snugglebugs, please do the following:
On default settings, run Malwarebytes and delete everything it finds.
To upload Malwarebytes log
start Malwarebytes select History>Applications Log>double click latest scan log>export>text file>at popup choose desktop.
Upload log

Nic

 

[Snugglebugs]

Snick

Generally I just delete the reports but I found a recent one that I didn't!
Here it is attached. (Not in the menu as you describe, but I found it.)

Sorry I took so long - been rather busy!

Tony

 

[Snick]

No problem with the time factor.

OOPS, I didn't ask you to click setting > Detection and Protection > check Scan for rootkits
Would you please do that now, & rescan.
I'm running an older version of Malwarebytes, interface may be different on new versions. Old MB Free doesn't delete my MB Anti-Exploit and MB Anti-Ransomware stand alone versions. New MB has those included, but deletes the stand alone versions, even if you don't choose MB Premium Trial

In perusing your posts, Hicosmea has a few variations, I believe, that is what those articles address. You've determined that some of the instruction don't apply to your particular situation.
Appears that Malwarebytes flagged a registry key and quarantined it.

Please download the appropriate FRST for your ailing machine.
FRST32
FRST64

Place it on your Desktop and run it.
In search type Hicosmea > click Search Registry
When it completes > click Files

When it completes upload SearchReg.txt & Search.txt from your Desktop & the new Malwarebytes Scan Log, I requested you to run above.
Logs will indicate any location that Hicosmea is still present in. If need be, I'll prepare a fix for you.

Nic

 

[file3456]

I would also try running ADwcleaner and SuperAntiSpyware.


AdwCleaner - Free Adware Cleaner & Removal Tool | Malwarebytes


SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

 

[Snugglebugs]

Scan for Rootkits option is On and always has been.

I tried FRST download and got a message that
"FRST.exe is not commonly downloaded and could harm your computer"
I selected the option Delete.

Any ideas?

Tony

 

[Snick]

Yea, false positive, I provided you a link to Bleeping Computers download (clean website too), I tested the link, downloaded FRSTx64 and FRSTx32, submitted to Virus Total, they are clean. Here's snippets

FRSTx32



FRSTx64



Those in red are from AVs that are not very good, actually, pretty bad. All the scanner that are top of the line according to AV Comparatives are green. You can upload the files to VirusTotal
and see for yourself. I have the VT uploader on my computers, added to the right-click context menu.

I'm a college student studying for CyberSecurity certification as well as CompTIA certs.

Nic

FYI: running multiple AV is not a recommended practice, AVG, MS Essentials and Windows Defender, with the exception of Malwarebytes Premium running alongside an AV (one AV).

 

[Snugglebugs]

I am not sure what you are telling me? I did try to download FRST from that bleeping computers website and that was what gave me the warning.

I have now run AdwCleaner and that found 103 threats of which two could not be removed - logs attached.
No message given as to how to deal with the two not removed.

Regarding multiple protections - no, I don't have all those installed and running! I only have MSE and Malwarebytes on THIS computer. Defender is installed (as an old experiment) but switched off so is never active.

Tony

 

[torchwood]

Hi Tony,

if you have it on your desktop, see screenshot, run it (hit the scan button), and provide BOTH logs.


Roy

 

[Snick]

Always glad to see your posts/assistance Torchwood!

 

[Snick]

I'm telling you the download link is clean! Your Anti-virus is providing you with a false positive, i.e. it is incorrectly flagging this executable.

Many AVs do this to protect the less IT savvy individuals from downloading something that may harm their computer. For example, NirSoft, author Nir Sofer, has numerous free IT tools on his website. If I download say NirLauncher, from the website, my Avast Free AV goes nuts flagging perfectly fine apps. None of NirSoft apps are malicious, however, some, if used incorrectly can cause damage to an Operation System, thus your AV flaggs them as may harm your computer.

What we are attempting to do with Farbar Recovery Scan Tool (FRST) is to locate all entries of Hicosmea, files, folders, registry entries. With those logs in hand, I can author a fix to remove the malware/adware from your computer.

If you continue to have issues with downloading FRST, you may temporarily disable your AV. FRST is an executable and doesn't require installation on your computer.

 

[Snick]

Regarding multiple protections - no, I don't have all those installed and running! I only have MSE and Malwarebytes on THIS computer. Defender is installed (as an old experiment) but switched off so is never active.

I was perusing your System specs, in which you indicate, Antivirus: AVG, MS Essentials and Windows Defender
That is why I made referencing statement.

Just perused your ADWCleaner logs, lots of crap was on your computer!

 

[Snugglebugs]

I will try and get it to download and then run it. Not today though

 

[Snick]

Not a problem, I don't sit waiting for a response from OPs. I do however, have my email notifications set. Torchwood/Roy has been at this a bit long that I have, he is monitoring this thread as he posted here.

F22 Simpilot's suggestions are applicable and relevant. I also use & recommend them as well as a few others, which I have posted in a couple other threads including hyperlinks thereto.

 

[Snugglebugs]

I have now run FRST from my desktop and after two messages about incorrect entries, it generated the two log files attached. I ran it using the defaults that appeared and have not changed anything, or clicked on any buttons except "Scan"

Tony

PS - What are OPs?

 

[torchwood]

Hi Tony,

Actually theres a fair bit of unusuall activity reported.
Im not a malware hunter/cleaner, so i've put a call out to DonnaB.


Your the OP - original poster.


Roy

 

[Snick]

Thanks again Torchwood!

 

[torchwood]

Hi Tony,

Here's the whole kit and kaboodle about FRST, Farbar.

FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


Roy