Sponsored By

Sign in to follow this  
ore262

utop.it - wow search in internet explorer

Recommended Posts

I picked it up while installing a program from internet to watch free movies.

 

I don't understand what this means, especially about firefox, I don't playWorld of WarCraft: 

Sometimes this will happen with 2 things.

1. Something wrong with Firefox so  they will reset it !

2. From playing World of WarCraft, they delete it !

 

I have not seen utop.it or wow search in IE or firefox since I started this post but I had removed it from IE homepage using superantispyware and removed the wow search from FF by managing search engines

 

Will uninstall combofix per your directions.

 

Question: Am I STILL INFECTED FROM WHAT YOU SEE?

Share this post


Link to post
Share on other sites

Ore, lets run 1 more scan !!

 

ESET online scannner >>> http://www.eset.com/onlinescan/


Note: You can use either Internet Explorer or Mozilla FireFox for this scan.


   1. Firstly please Disable any Antivirus you have active , as shown in This topic.
   2. Note: Don't forget to re-enable it after the scan.
   3. Next please click on the following link to open a new window to ESET online scannnerhttp://www.eset.com/us/online-scanner/features
    4. Then click on:ESETONLINESCAN.gif
 

 

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


 5. Select the option YES, I accept the Terms of Use then click on:EOLS2.gif
 
 6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:

      * Scan for potentially unwanted applications
      *  Scan for potentially unsafe applications
      *  Enable Anti-Stealth Technology
    
  9. Now click on:EOLS3.gif

    10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    11. When completed the Online Scan will begin automatically.
    12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
    13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

    14. Now click on: EOLS4.gif

    15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
           or may be [email protected] as CAB hook log:

    16. Copy and paste that log as a reply to this topic.
 

 

 
==========================

 

1. Something wrong with Firefox so  they will reset it !

2. From playing World of WarCraft, they delete it !

Those are 2 of the things that could cause "wow" to show up on your computer !

 

But i think we got rid of it as far as i see !

Share this post


Link to post
Share on other sites

Chuck, I have used Eset online scanner quite a few times just to back up other scans. I ran it prior to posting here and don't remember that it came up with anything other than an Eicar file I had saved for test purposes, anyway here is the report from today... Oscar

 

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-18 12:45:39
# local_time=2012-09-17 08:45:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 56684589 99469250 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120274
# found=8
# cleaned=8
# scan_time=3339
C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\edogkopmmbiomlflahmmpchnobahleib\npFreeWorkzGC.dll    a variant of Win32/Adware.Gamevance.CS application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\FreeWorkzFirefox.dll    a variant of Win32/Adware.Gamevance.CS application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected]\components\FreeWorkzFirefox.dll    a variant of Win32/Adware.Gamevance.CS application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\Desktop\downloads\audacity_installer_1912.exe    a variant of Win32/InstallIQ application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\Downloads\New folder\SoftonicDownloader_for_google-voice-and-video-chat.exe    a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\Music\installed programs\installer_nokia_pc_suite.exe    multiple threats (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\Music\installed programs\openofficesuite-setup.exe    Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\Music\installed programs\vlcmediaplayer-setup.exe    Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-18 02:37:38
# local_time=2012-09-17 10:37:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776574 100 94 56688291 99472952 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120400
# found=0
# cleaned=0
# scan_time=6355
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-06 02:00:34
# local_time=2012-12-06 09:00:34 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 94 2910092 130594306 0 0
# compatibility_mode=5893 16776574 100 94 63561223 106345884 0 0
# scanned=121306
# found=0
# cleaned=0
# scan_time=3338
[email protected] as downloader log:
Can not read file from [email protected] as downloader log:
Can not read file from internet.Can not open [email protected]:Finished.    3.0.2
lost connection with [email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# engine=13093
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-10 10:28:52
# local_time=2013-02-10 05:28:52 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=774 16777213 100 94 8642990 136327204 0 0
# compatibility_mode=5893 16776574 100 94 69294121 112078782 0 0
# scanned=37089
# found=0
# cleaned=0
# scan_time=3660
[email protected] as downloader log:
all ok
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# engine=13795
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-10 02:05:27
# local_time=2013-05-09 10:05:27 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 1141287 143943399 0 0
# compatibility_mode=5893 16776574 100 94 326771 119694977 0 0
# scanned=139286
# found=0
# cleaned=0
# scan_time=6399
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# engine=14689
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-07 06:23:02
# local_time=2013-08-07 02:23:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 680950 151688054 0 0
# compatibility_mode=5893 16776573 100 94 0 127443232 0 0
# scanned=157161
# found=0
# cleaned=0
# scan_time=6767
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# engine=16985
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-07 09:15:03
# local_time=2014-02-07 04:15:03 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 1765850 2586506 0 0
# compatibility_mode=5893 16776573 100 94 0 143351153 0 0
# scanned=164068
# found=1
# cleaned=1
# scan_time=8304
sh=3395856CE81F2B7382DEE72602F798B642F14140 ft=0 fh=0000000000000000 vn="Eicar test file (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Oscar\Desktop\ff downloads\eicar.com.txt"
 

Share this post


Link to post
Share on other sites

I made a copy of the infection found by Eset, don't know that you need it...............

C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a6b    HTML/ScrInject.B.Gen virus

 

Chuck, I ran a second scan with Eset and found more stuff. Presently it has found 11 infections

Edited by ore262

Share this post


Link to post
Share on other sites

Second scan found this:

 

C:\Users\Oscar\AppData\Local\Downloaded Installations\{4175787A-9EE1-4D7D-9D00-F80F59573684}\The Weather Channel App.msi    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a6b    HTML/ScrInject.B.Gen virus
C:\Users\Oscar\Desktop\chrome downloads\driverbooster-cnet-setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Oscar\Desktop\chrome downloads\rcsetup150.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Oscar\Desktop\chrome downloads\WOWTrojanRemovalTool.exe    a variant of Win32/SecurityStronghold.A potentially unwanted application
C:\Users\Oscar\Desktop\downloads\Shockwave_Installer_Slim(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Oscar\Downloads\cbsidlm-cbsi176-Revo_Uninstaller-SEO-10687648.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Oscar\Downloads\downloads\FlashPlayerPro (1).exe    a variant of Win32/AirAdInstaller.A potentially unwanted application
C:\Users\Oscar\Downloads\downloads\FlashPlayerPro.exe    a variant of Win32/AirAdInstaller.A potentially unwanted application
C:\Users\Oscar\Music\installed programs\openofficesuite-setup.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Oscar\Music\installed programs\vlcmediaplayer-setup.exe    Win32/DownloadAdmin.G potentially unwanted application
 

Share this post


Link to post
Share on other sites

Oscar are you sure you are checking the option Remove found threats is ticked !!! Those all should of been removed/quareentened by ESET ??

 

Chuck

Share this post


Link to post
Share on other sites

Got this from your post when you told me to run Eset:

 

  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:

 

Will run Eset again with the box to remove threats checked

Edited by ore262

Share this post


Link to post
Share on other sites

Yep i never posted second partof ESET which is the same except >>> Remove found threats is ticked !!

 

My fault !!

 

Chuck

Share this post


Link to post
Share on other sites

Chuck, I have never made a mistake, ha ha, ran Eset again and came up with this:

 

C:\Users\Oscar\AppData\Local\Downloaded Installations\{4175787A-9EE1-4D7D-9D00-F80F59573684}\The Weather Channel App.msi    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application    deleted - quarantined
C:\Users\Oscar\Desktop\chrome downloads\driverbooster-cnet-setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    deleted - quarantined
C:\Users\Oscar\Desktop\chrome downloads\rcsetup150.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Oscar\Desktop\chrome downloads\WOWTrojanRemovalTool.exe    a variant of Win32/SecurityStronghold.A potentially unwanted application    deleted - quarantined
C:\Users\Oscar\Desktop\downloads\Shockwave_Installer_Slim(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Oscar\Downloads\cbsidlm-cbsi176-Revo_Uninstaller-SEO-10687648.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
C:\Users\Oscar\Downloads\downloads\FlashPlayerPro (1).exe    a variant of Win32/AirAdInstaller.A potentially unwanted application    deleted - quarantined
C:\Users\Oscar\Downloads\downloads\FlashPlayerPro.exe    a variant of Win32/AirAdInstaller.A potentially unwanted application    deleted - quarantined
C:\Users\Oscar\Music\installed programs\openofficesuite-setup.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
C:\Users\Oscar\Music\installed programs\vlcmediaplayer-setup.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined

 

Hope that's good.

Thanks for all your time and help, Oscar

Share this post


Link to post
Share on other sites

OK............ Oscar re-run Eset to make sure everything comes back clean !!

 

If it does then you are good to go !!

 

Chuck

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this