Solved What is up with UpdateNowPro.com?

[gplea]

I keep a pretty clean PC, and for 20 yrs. I've NEVER had a virus, or popup issue like this. Not saying I've never had a virus, or popup, but NEVER like this. What it does is as soon as I open Chrome it pops up a VERY convincing window with a smaller dialog box that has at the bottom UpdateNowPro.com. It is VERY pesky, and it only started coming up in the last few days. I've run SuperAnti-Spyware, and it still comes up. I also just about an hour ago had a msg appear that had a toll free # pop up that started with 855 (Can't remember the rest). It was a legit #, and the very nice guy on the other end said he was a L3 MCSE. What was so weird, and sent red flags up was the way his page popped up, as if to be SOO bogus. He didn't try to sell me any service at all. In fact, he told me I need to take it to GeekSquad (or whatever retail store) and spend $150-200 to clean my PC. Exqueeze ME! I'd rather just reformat the thing. THIS is why I have close to 10 different partitions ASIDE from my C drive.

Anyhoo, I just want to know if anyone has heard of UpdateNowPro.com, and if so, how are you banning them from your life?

 

[Britton30]

I've never heard of UpdateNowPro.com but it was odd they didn't try to extort money from you. It was likely bundled, unknowingly, with something you recently installed.

Did SAS say it found anything at all? Do not click anything in the popup window!
How to Get Rid of UpdateNowPro.com Pop-up Virus from Your IE/FF/Chrome?- AnviSoft

Please download AdwCleaner:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Save to the desktop.

Close all open programs.
To run the program, right-click AdwCleaner.exe and select: Run as Administrator

Click on Search and confirm the prompt.
After the program finishes, click the Report button. Please post the contents of the C:\AdwCleaner[Rx].txt in your next reply. In the reply window click the "#" icon at the top and paste the log text between the [code ] Paste Here [ /code] tags.

Do NOT perform the delete part before I or someone else can read the log.



To delete:

Run AdwCleaner once again.
This time click on:Delete, you will be asked to reboot to finish cleaning.
When done, please post the content of the C:\AdwCleaner[Sx].txt in your reply as outlined above.

 

[gplea]

GEEZ! I'm getting popups with almost every stroke! Britton, thanks for the quick help. I ran SAS on 2 PC's, both using Win7 64Bit Ent. Fortunately, my other one, which is my DAW, and life blood to my biz, hasn't seen the crap this one has. They both had files that I promptly removed. I haven't run the other AdwCleaner just yet, or the AnviSoft remedy. I'll be right back asap.

 

[gplea]

I ran AdwCleaner and I'm still getting Popups out the wazoo. You should be able to read my report. Quite honestly, I'm scared to run the AnviSoft app for UpdateNowPro.com. I went to the forum where your link sent me, but almost every time I click on the Anvisoft link there it sends me to a different page, so I'm kind of leary to click on anything there. Can you tell me EXACTLY what kind of page I'm supposed to see so I don't go COMPLETELY down the worm hole?

 

[Britton30]

Go ahead and run Adwcleaner Delete poart, you may have to download it again, I've marked in red the infections or unwanted prgrams it has found. Conduit is a very bad one.

File Found :[COLOR=red] C:\Windows\System32\Tasks\Driver Booster Update
File Found : C:\Windows\Tasks\Driver Booster Update.job
Folder Found C:\Program Files (x86)\SearchProtect
Folder Found C:\Users\TRR-Office\AppData\Local\SearchProtect
Folder Found C:\Windows\SysWOW64\SearchProtect[/COLOR]
***** [ Shortcuts ] *****

***** [ Registry ] *****
[COLOR=red]Key Found : HKCU\Software\AppDataLow\Software\Crossrider
[/COLOR]Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\[COLOR=red]Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-[/COLOR]E63F77503B30}
Key Found : HKCU\[COLOR=red]Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\WEDLMNGR
[/COLOR]Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\[COLOR=red]Microft\Internet Exploreosr\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[/COLOR]Key Found : [x64] [COLOR=red]HKCU\Software\WEDLMNGR
[/COLOR]Key Found : HKLM\[COLOR=red]SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901174}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0049074.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0049074.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0049074.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0049074.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444904474}
Key Found : HKLM\Software\installedbrowserextensions
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901174}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
[/COLOR]Key Found : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] -[COLOR=red] hxxp://search.conduit.com/?ctid=CT3321542&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP9FDA5FC1-E6DE-4F23-9BD5-C14F98CC18FA&SSPV=[/COLOR]

 

[gplea]

Mucho appreciado!

 

[Britton30]

How did it turn out for you?

 

[gplea]

It seems to have been fixed. Let me work thru the day just to be sure, then I'll "Mark as Solved".

 

[Jacee]

You need to get rid of all the temporary files that the adware brought with it.


Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forum and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.


TFC is an application to keep

 

[gplea]

Thanks Jacee. Right now, the problem SEEMS to have gone away. At the very least, as the old southern saying goes "If it ain't broke, don't fix it." However, I WILL keep this thread in my Inbox folder for future reference.