utop.it - wow search in internet explorer

[ore262]

I picked it up while installing a program from internet to watch free movies.

 

I don't understand what this means, especially about firefox, I don't playWorld of WarCraft: 

Sometimes this will happen with 2 things.

1. Something wrong with Firefox so  they will reset it !

2. From playing World of WarCraft, they delete it !

 

I have not seen utop.it or wow search in IE or firefox since I started this post but I had removed it from IE homepage using superantispyware and removed the wow search from FF by managing search engines

 

Will uninstall combofix per your directions.

 

Question: Am I STILL INFECTED FROM WHAT YOU SEE?

[flashh4]

Ore, lets run 1 more scan !!

 

ESET online scannner >>> http://www.eset.com/onlinescan/


Note: You can use either Internet Explorer or Mozilla FireFox for this scan.


   1. Firstly please Disable any Antivirus you have active , as shown in This topic.
   2. Note: Don't forget to re-enable it after the scan.
   3. Next please click on the following link to open a new window to ESET online scannnerhttp://www.eset.com/us/online-scanner/features
    4. Then click on:
 

 

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

 5. Select the option YES, I accept the Terms of Use then click on:
 
 6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:

      * Scan for potentially unwanted applications
      *  Scan for potentially unsafe applications
      *  Enable Anti-Stealth Technology
    
  9. Now click on:

    10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    11. When completed the Online Scan will begin automatically.
    12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
    13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

    14. Now click on:

    15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
           or may be ESETSmartInstaller@High as CAB hook log:

    16. Copy and paste that log as a reply to this topic.
 

 

 
==========================

 

1. Something wrong with Firefox so  they will reset it !

2. From playing World of WarCraft, they delete it !

Those are 2 of the things that could cause "wow" to show up on your computer !

 

But i think we got rid of it as far as i see !

[ore262]

Chuck, I have used Eset online scanner quite a few times just to back up other scans. I ran it prior to posting here and don't remember that it came up with anything other than an Eicar file I had saved for test purposes, anyway here is the report from today... Oscar

 

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-18 12:45:39
# local_time=2012-09-17 08:45:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 56684589 99469250 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120274
# found=8
# cleaned=8
# scan_time=3339
C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\edogkopmmbiomlflahmmpchnobahleib\npFreeWorkzGC.dll    a variant of Win32/Adware.Gamevance.CS application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\FreeWorkzFirefox.dll    a variant of Win32/Adware.Gamevance.CS application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected]\components\FreeWorkzFirefox.dll    a variant of Win32/Adware.Gamevance.CS application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\Desktop\downloads\audacity_installer_1912.exe    a variant of Win32/InstallIQ application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\Downloads\New folder\SoftonicDownloader_for_google-voice-and-video-chat.exe    a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\Music\installed programs\installer_nokia_pc_suite.exe    multiple threats (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\Music\installed programs\openofficesuite-setup.exe    Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\Users\Oscar\Music\installed programs\vlcmediaplayer-setup.exe    Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-18 02:37:38
# local_time=2012-09-17 10:37:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776574 100 94 56688291 99472952 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120400
# found=0
# cleaned=0
# scan_time=6355
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-06 02:00:34
# local_time=2012-12-06 09:00:34 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 94 2910092 130594306 0 0
# compatibility_mode=5893 16776574 100 94 63561223 106345884 0 0
# scanned=121306
# found=0
# cleaned=0
# scan_time=3338
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not open internetOnlineCmdLineScanner.exe@High:Finished.    3.0.2
lost connection with clientESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# engine=13093
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-10 10:28:52
# local_time=2013-02-10 05:28:52 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=774 16777213 100 94 8642990 136327204 0 0
# compatibility_mode=5893 16776574 100 94 69294121 112078782 0 0
# scanned=37089
# found=0
# cleaned=0
# scan_time=3660
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# engine=13795
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-10 02:05:27
# local_time=2013-05-09 10:05:27 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 1141287 143943399 0 0
# compatibility_mode=5893 16776574 100 94 326771 119694977 0 0
# scanned=139286
# found=0
# cleaned=0
# scan_time=6399
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# engine=14689
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-07 06:23:02
# local_time=2013-08-07 02:23:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 680950 151688054 0 0
# compatibility_mode=5893 16776573 100 94 0 127443232 0 0
# scanned=157161
# found=0
# cleaned=0
# scan_time=6767
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# engine=16985
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-07 09:15:03
# local_time=2014-02-07 04:15:03 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 1765850 2586506 0 0
# compatibility_mode=5893 16776573 100 94 0 143351153 0 0
# scanned=164068
# found=1
# cleaned=1
# scan_time=8304
sh=3395856CE81F2B7382DEE72602F798B642F14140 ft=0 fh=0000000000000000 vn="Eicar test file (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Oscar\Desktop\ff downloads\eicar.com.txt"
 

[ore262]

I made a copy of the infection found by Eset, don't know that you need it...............

C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a6b    HTML/ScrInject.B.Gen virus

 

Chuck, I ran a second scan with Eset and found more stuff. Presently it has found 11 infections

Edited February 18, 2014 by ore262

[flashh4]

Oscar you need to delete the cache in Chrome, do you know how ??

 

Chuck

[flashh4]

Thought i would drop this link off !! Watch the video on how to clear cache !!

 

https://support.google.com/chrome/answer/95582?hl=en

 

That should do it ! Your clean !

 

Happy Surfing Oscar

Chuck

 

I will lock this in 5 days so there is no drive bys !

[ore262]

Second scan found this:

 

C:\Users\Oscar\AppData\Local\Downloaded Installations\{4175787A-9EE1-4D7D-9D00-F80F59573684}\The Weather Channel App.msi    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a6b    HTML/ScrInject.B.Gen virus
C:\Users\Oscar\Desktop\chrome downloads\driverbooster-cnet-setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Oscar\Desktop\chrome downloads\rcsetup150.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Oscar\Desktop\chrome downloads\WOWTrojanRemovalTool.exe    a variant of Win32/SecurityStronghold.A potentially unwanted application
C:\Users\Oscar\Desktop\downloads\Shockwave_Installer_Slim(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Oscar\Downloads\cbsidlm-cbsi176-Revo_Uninstaller-SEO-10687648.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Oscar\Downloads\downloads\FlashPlayerPro (1).exe    a variant of Win32/AirAdInstaller.A potentially unwanted application
C:\Users\Oscar\Downloads\downloads\FlashPlayerPro.exe    a variant of Win32/AirAdInstaller.A potentially unwanted application
C:\Users\Oscar\Music\installed programs\openofficesuite-setup.exe    Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Oscar\Music\installed programs\vlcmediaplayer-setup.exe    Win32/DownloadAdmin.G potentially unwanted application
 

[ore262]

Yes, I cleared cache

[flashh4]

Oscar are you sure you are checking the option Remove found threats is ticked !!! Those all should of been removed/quareentened by ESET ??

 

Chuck

[ore262]

Got this from your post when you told me to run Eset:

 

  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:

 

Will run Eset again with the box to remove threats checked

Edited February 18, 2014 by ore262

[flashh4]

Yep i never posted second partof ESET which is the same except >>> Remove found threats is ticked !!

 

My fault !!

 

Chuck

[ore262]

Chuck, I have never made a mistake, ha ha, ran Eset again and came up with this:

 

C:\Users\Oscar\AppData\Local\Downloaded Installations\{4175787A-9EE1-4D7D-9D00-F80F59573684}\The Weather Channel App.msi    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application    deleted - quarantined
C:\Users\Oscar\Desktop\chrome downloads\driverbooster-cnet-setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    deleted - quarantined
C:\Users\Oscar\Desktop\chrome downloads\rcsetup150.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Oscar\Desktop\chrome downloads\WOWTrojanRemovalTool.exe    a variant of Win32/SecurityStronghold.A potentially unwanted application    deleted - quarantined
C:\Users\Oscar\Desktop\downloads\Shockwave_Installer_Slim(1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\Oscar\Downloads\cbsidlm-cbsi176-Revo_Uninstaller-SEO-10687648.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
C:\Users\Oscar\Downloads\downloads\FlashPlayerPro (1).exe    a variant of Win32/AirAdInstaller.A potentially unwanted application    deleted - quarantined
C:\Users\Oscar\Downloads\downloads\FlashPlayerPro.exe    a variant of Win32/AirAdInstaller.A potentially unwanted application    deleted - quarantined
C:\Users\Oscar\Music\installed programs\openofficesuite-setup.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
C:\Users\Oscar\Music\installed programs\vlcmediaplayer-setup.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined

 

Hope that's good.

Thanks for all your time and help, Oscar

[flashh4]

OK............ Oscar re-run Eset to make sure everything comes back clean !!

 

If it does then you are good to go !!

 

Chuck

[ore262]

Thanks for all the help Chuck. Ran Eset again and it came up clean.

Thank you, be safe, Oscar

[flashh4]

I will lock this topic after 5 days !!

 

Chuck