Solved Infected with ouo.io

[VsUK]

My brother downloaded a free video converter on my system & he didn't uncheck all the usual pre checked boxes & now my system is infected with something.

Whenever I open a web page & click on any URL, I'm directed to a ouo.io page asking me to click on the I AM NOT A BOT box then it forwards me to my original destination. It's annoying & I have used ADWCleaner & Malwarebytes & hitmanPro. Removing everything & still when I open my browser & go to a page & click on any url it keeps sending me there.

I've uninstalled the software using Revo Uninstaller Pro & removed all reg entries & files created by it & still no luck!

 

[Jacee]

uo.io is a new money making URL

Let's see if Junkware removal tool works: download Junkware Removal Tool to your desktop.


Go offline--- disconnect from the Internet, then,

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[VsUK]

As you can see nothing turns up other than resetting my chrome. I ran a hand full of recommended tools in safe mode & got rid of quite a few things but its not apparent from the start if its removed until It randomly appears again & then its every 4 or 5 clicks I get that bloody site!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Ultimate x64
Ran by VsUK on Wed 09/30/2015 at 17:26:33.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Chrome
[C:\Users\VsUK\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\VsUK\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\VsUK\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\VsUK\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/30/2015 at 17:38:30.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Jacee]

This is crap! ---> TuneUpUtilities_Task_BkGndMaintenance2013 ... C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe

 

[essenbe]

This is crap! ---> TuneUpUtilities_Task_BkGndMaintenance2013 ... C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe

I totally agree, Jacee. Good post.

 

[VsUK]

Yeah good post considering it does nothing to alleviate my problem.

I am a software & hardware engineer by trade! Tuneup has its flaws but it has features I find useful within 1 program rather than having 3 or 4 individual programs that do the same thing!

Fixed the issue by the way! Found a hidden exe file within my windows directory that was secretly activating whenever I opened a browser which triggered it to install its nasties. File name was filjipi.exe should anyone care!

 

[Jacee]

This? https://malwr.com/analysis/NmI4OTdmZTY4ZmFjNDVkNjlkN2MwMmExNzVkMTQxZDE/

 

[VsUK]

It probably was. I only recalled the name from memory as I already removed it before I got the reply. But I ran one or 2 tools to confirm it was all removed!

 

[syafiq89]

Yeah good post considering it does nothing to alleviate my problem.

I am a software & hardware engineer by trade! Tuneup has its flaws but it has features I find useful within 1 program rather than having 3 or 4 individual programs that do the same thing!

Fixed the issue by the way! Found a hidden exe file within my windows directory that was secretly activating whenever I opened a browser which triggered it to install its nasties. File name was filjipi.exe should anyone care!

Hi @VsUK .. may i know how did you fixed this problem? I means what tool did you used? I also encounter the same problem and I'm keep getting frustrated as I have tried many anti malware tools but still couldn't solve the problem... I really need your help..

 

[VsUK]

Hi @VsUK .. may i know how did you fixed this problem? I means what tool did you used? I also encounter the same problem and I'm keep getting frustrated as I have tried many anti malware tools but still couldn't solve the problem... I really need your help..

Firstly I downloaded the following tools

HitmanPro from HitmanPro 3 - SurfRight
Microsofts Safety Scanner from Microsoft Safety Scanner - Free Virus Scan with the Microsoft Safety Scanner
AdwCleaner from https://toolslib.net/downloads/viewdownload/1-adwcleaner/
JRT from www.bleepingcomputer.com

Reboot into safe mode but you need networking otherwise hitmanpro wont work as its cloud based scanning.

Firstly, when in safe mode. Run JRT.exe first. This can remove auto fill data from browsers & remove plugins as it did to me on chrome but not firefox & it will also stop active services that are still running in the background hidden. This will take between 5 - 20 minutes depending on your system.

When complete, run HitmanPro. You don't need to install, just run it, register for your free 30 day trial & then let it run. Delete all it recommends you to do or quarantine.

Then run Microsoft Safety scanner. This take's the longest time to complete but doing a full scan is important. Took about an hour for me but I do have over 10TB of HD drives so it may not take as long for you. I cant remember if this prompts you to reboot. You don't want to if so.

Finally run AdwCleaner. Let it scan & remove all it comes up with. It will then ask you to reboot. But make sure you have changed your settings to reboot normally before running AdwCleaner as once it prompts you to reboot, it won't let you click on anything but ok to reboot.

This I did twice as first time I did it in normal windows & it came back. 2nd time in safe mode & it removed it!

Hope this helps

 

[syafiq89]

Hi @VsUK .. may i know how did you fixed this problem? I means what tool did you used? I also encounter the same problem and I'm keep getting frustrated as I have tried many anti malware tools but still couldn't solve the problem... I really need your help..

Firstly I downloaded the following tools

HitmanPro from HitmanPro 3 - SurfRight
Microsofts Safety Scanner from Microsoft Safety Scanner - Free Virus Scan with the Microsoft Safety Scanner
AdwCleaner from https://toolslib.net/downloads/viewdownload/1-adwcleaner/
JRT from www.bleepingcomputer.com

Reboot into safe mode but you need networking otherwise hitmanpro wont work as its cloud based scanning.

Firstly, when in safe mode. Run JRT.exe first. This can remove auto fill data from browsers & remove plugins as it did to me on chrome but not firefox & it will also stop active services that are still running in the background hidden. This will take between 5 - 20 minutes depending on your system.

When complete, run HitmanPro. You don't need to install, just run it, register for your free 30 day trial & then let it run. Delete all it recommends you to do or quarantine.

Then run Microsoft Safety scanner. This take's the longest time to complete but doing a full scan is important. Took about an hour for me but I do have over 10TB of HD drives so it may not take as long for you. I cant remember if this prompts you to reboot. You don't want to if so.

Finally run AdwCleaner. Let it scan & remove all it comes up with. It will then ask you to reboot. But make sure you have changed your settings to reboot normally before running AdwCleaner as once it prompts you to reboot, it won't let you click on anything but ok to reboot.

This I did twice as first time I did it in normal windows & it came back. 2nd time in safe mode & it removed it!

Hope this helps

It's work like a charm...
After I investigate, the chrome extension of IDM Integration Module Extension is the problem...

thank you so much for helping me....

 

[VsUK]

Really? I still have the IDM on my chrome & working fine. Have you tried reinstalling it with a fresh install of IDM? I couldn't live without IDM as it just speeds all my downloading up!

 

[syafiq89]

Really? I still have the IDM on my chrome & working fine. Have you tried reinstalling it with a fresh install of IDM? I couldn't live without IDM as it just speeds all my downloading up!

Me too! I love using IDM & my IDM is still working fine right now. I guess i have installed the fake IDM chrome extension which not from the IDM developer itself cause on the chrome warning of fake IDM integration Module Extension, it says that :
" This extension failed to redirect a network request to [removed] because another extension (IDM Integration Module Extension) redirected it to http://ouo.io/UxxkP1."

The warning popped out after I've tried the steps you've told me.
After i get rid those fake extension and use the real extension from internetdownloadmanager itself, my IDM just working fine. I realized now I need more extra careful before use extension from Chrome.