Spyhunter4 found 413 threats but cost to remove ????

Hewlett-packard / Hp compaq dc7100 sff(pk86...
April 24, 2015 at 17:51:26
Specs: w 8, 2.793 GHz / 503 MB
I googled viruses that effect Yandex.com and found this site - http://www.malwaretips.org/remove-y...

But this site did not tell me that I need a credit card and pay money to remove these threats before I downloaded and did the scan. Im running Bit defender with all the latest virus definitions , but it finds nothing. Can Malwarebytes also find these 413 threats ??? and deleted them for free ???

message edited by auto7890

See More: Spyhunter4 found 413 threats but cost to remove ????

Report •

April 24, 2015 at 18:25:25
Run these and retain any logs generated...




All freebies, safe to use.

The site you to which you refer sounds like a typical rip off site; and one that is setup to mislead; and extract cash...

Also invariably those sites create more problems too.

When you run install the above utils, use custom NOT automatic; and carefully uncheck any boxes already "helpfully prechecked" as you will then avoid installing assorted junk and ephemera - which again you will not need or want. Install only the util.

JRT will install itself to the desktop, from where you run it. It will open a dos window - followi instructions there; it will also reboot the system as part of its cleanout process.

Retain any logs generated for further use/examination.

message edited by trvlr

Report •

April 24, 2015 at 18:25:45
There's no need to pay. Run these freebies in the order given for starters:

(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Cleaning" button.

Junkware Removal Tool (JRT)
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

(green Download button top right - not anything else on the page)
Install and Run the program but before doing its Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds.

Please copy/paste the logs on here.

I see trvlr got in first.

Always pop back and let us know the outcome - thanks

message edited by Derek

Report •

April 24, 2015 at 19:23:38
Hi again auto7890.

My main point now is to emphasize the importance of seeing the logs, it is impossible to get the comp clean without viewing the logs.

message edited by Johnw

Report •

Related Solutions

April 24, 2015 at 21:26:16
You are in good hands now. The site you originally tried, if it is like many of them, make up that you are infected, exaggerate what infections you do have, or at worst, insert junk so that you now have to deal with paying them or your system will begin slowing worse if you don't. Just follow the recommendations above and post the logs for review and even if everything seems great, stick with it to the end to make sure that you are really clean.

You have to be a little bit crazy to keep you from going insane.

Report •

April 26, 2015 at 16:51:12
Malwarebytes Anti-Malware

Scan Date: 4/27/2015
Scan Time: 9:20:03 AM
Logfile: scan-log.txt
Administrator: Yes

Malware Database: v2015.04.26.05
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: budda

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335381
Time Elapsed: 19 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

Report •

April 26, 2015 at 16:57:46
# AdwCleaner v4.202 - Logfile created 25/04/2015 at 13:15:44
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 8 (x64)
# Username : budda - BUDDA1234
# Running from : C:\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : torchcrashhandler
[#] Service Deleted : 0282041366086498mcinstcleanup

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\f0255c0e000005ab
Folder Deleted : C:\ProgramData\{2364dbec-c5df-e764-2364-4dbecc5d6fb3}
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Super Optimizer
Folder Deleted : C:\Users\budda\AppData\Local\Rainmaker_Software_Group_
Folder Deleted : C:\Users\budda\AppData\Roaming\Rainmaker Software Group LLC.?

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\f128e191-e1c8-8793-733c-9fe6ea95655e
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17183

-\\ Mozilla Firefox v11.0 (en-US)

-\\ Opera v28.0.1750.51


AdwCleaner[R0].txt - [14699 bytes] - [12/02/2014 16:10:23]
AdwCleaner[R1].txt - [22637 bytes] - [27/08/2014 09:09:36]
AdwCleaner[R2].txt - [1152 bytes] - [28/08/2014 17:47:06]
AdwCleaner[R3].txt - [5680 bytes] - [27/02/2015 12:46:34]
AdwCleaner[R4].txt - [2115 bytes] - [25/04/2015 13:09:31]
AdwCleaner[S0].txt - [13387 bytes] - [12/02/2014 16:40:13]
AdwCleaner[S1].txt - [20866 bytes] - [27/08/2014 09:17:39]
AdwCleaner[S2].txt - [1214 bytes] - [28/08/2014 18:04:03]
AdwCleaner[S3].txt - [5682 bytes] - [27/02/2015 12:48:32]
AdwCleaner[S4].txt - [2027 bytes] - [25/04/2015 13:15:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2086 bytes] ##########

Report •

April 26, 2015 at 16:59:34
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.2 (04.24.2015:1)
OS: Windows 8 x64
Ran by budda on Sat 04/25/2015 at 13:20:40.14

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1124786098-999029380-289591431-1001
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\budda\appdata\locallow\pcdr
Successfully deleted: [Folder] C:\Users\budda\AppData\Roaming\pcdr

Scan was completed on Sat 04/25/2015 at 13:24:23.99
End of JRT log

Report •

April 26, 2015 at 17:16:10
Thanks for the logs.

In view of SpyHunters claim I am surprised these three didn't find a lot more.
My suspicion is that much of their claims were bogus.

Was there any specific reason you were looking at Yandex.com?

I see Johnw (#3) has tagged this post. He is most expert in security matters so no doubt he will have an input in due course.

Always pop back and let us know the outcome - thanks

message edited by Derek

Report •

April 26, 2015 at 18:11:30
Yes when ever I go to yandex.com my pc freezes for 2 minutes and my mouse will not move for that time , also I want to know why I just discovered that alot of my web browsing is Logged into my windows Registry ??? including www.computing.net - here -
HKEY_USERS\S-1-5-21-1124786098-999029380-289591431-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\computing.net

HKEY_USERS\S-1-5-21-1124786098-999029380-289591431-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yandex.com
and here -

HKEY_USERS\S-1-5-21-1124786098-999029380-289591431-1001\Software\Microsoft\Internet Explorer\TypedURLs url1 REG_ZS http://computing.net

HKEY_USERS\S-1-5-21-1124786098-999029380-289591431-1001\Software\Microsoft\Internet Explorer\TypedURLs url7 REG_ZS http://yandex.com

is this normal ??

message edited by auto7890

Report •

April 26, 2015 at 18:20:57
Presumably yandex.com is no better after ADW & JRT. If you have more than one browser is it the same on each one?

The registry entries are about "DOM Storage" - like a cookie any more ambitious.
Not a virus a malware though. This is how you clear it:

Always pop back and let us know the outcome - thanks

message edited by Derek

Report •

April 26, 2015 at 19:17:15
Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
Instructions on how to use ZippyShare.
A guide and tutorial on using ComboFix
Manually restoring the Internet connection
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Report •

Ask Question