Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 17540 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why can't I clean up?

SoFedUp
So, maybe this has been asked but having not found an answer after trawling the forums for days, I am going to ask it any way.
How do you clean up something from quarantine that only has the option to authorise? It is adware, and possibly a trojan. I have configured the full scan to clean up adware when it finds it. I have turned off the Internet and run a scan everyday for the past 4 days. Each scan finds something new and puts it in quarantine. I have been to the control panel and uninstalled everything I didn't recognise and more besides. My Web browsers have had their home page changed to tikotin - don't know how to get rid of it - and each new tab opened gets at least 10 pop up adverts that talk and scroll around and take up so much space on top of each other that I am left with a patch about the size of a business card to view the page I am looking at.
So, my first question is the one at the top. My second is - how do I fix the rest?
Someone please help because I am very close to throwing my laptop out the window...
:54581


This thread was automatically locked due to age.
  • 0

    Hello,

    What is the name of the item detected in the QM that only has an Authorize action?

    Is it of class Potentially Unwanted Application (PUA)?  Does it have a path, if so what is that?

    Can you attach the SAV.txt file from:

    C:\Programdata\Sophos\Sophos Anti-Virus\logs\

    It could be that the entry in the QM is not related to the symptoms you are seeing.

    Regards,

    Jak

    :54583
  • 0

    There are 4 items:

    TUTO4PC of type other

    Silent Installer of type other

    Eorezo of type Adware

    108solutions of type Adware

    I don't know about Paths.

    The ads that keep popping up say Ads by Info if that helps

    :54585
  • 0

    Hi,

    SAV.txt for TUTO4PC shows:

    ================

    Line 394: 20141108 140343 File "C:\Users\MoonlightFairy\AppData\Local\Temp\24DFtmp\freesofttoday.exe\FILE:0001" belongs to adware or PUA 'TUTO4PC' (of type Other).
    Line 395: 20141108 140343 File "C:\Users\MoonlightFairy\AppData\Local\Temp\24DFtmp\freesofttoday.exe\FILE:0002" belongs to adware or PUA 'TUTO4PC' (of type Other).
    Line 396: 20141108 140343 File "C:\Users\MoonlightFairy\AppData\Local\Temp\24DFtmp\freesofttoday.exe\FILE:0003" belongs to adware or PUA 'TUTO4PC' (of type Other).
    Line 400: 20141108 142459 Adware or PUA 'TUTO4PC' is not removable.

    ================

    Potentially Unwanted Applications (PUA) items are really up to you if you want them, you can choose to authorize them or remove them.

    Looking at all the entries in the log for TUTO4PC to get rid of that you just need to delete the file: freesofttoday.exe under:

    C:\Users\MoonlightFairy\AppData\Local\Temp\24DFtmp\

    For "Silent Installer", it's the same story really:

    ================

    Line 392: 20141108 140140 File "C:\Users\MoonlightFairy\AppData\Local\Temp\VOPackage.exe\FILE:0000" belongs to adware or PUA 'Silent Installer' (of type Other).
    Line 397: 20141108 140343 File "C:\Users\MoonlightFairy\AppData\Local\Temp\25CBtmp\vopackage.exe\FILE:0000" belongs to adware or PUA 'Silent Installer' (of type Other).
    Line 398: 20141108 142459 Adware or PUA 'Silent Installer' is not removable.

    ================


    It's a PUA, so again up to you if you want it (authorize) or if you just want to remove it, then delete the following files:

    C:\Users\MoonlightFairy\AppData\Local\Temp\VOPackage.exe

    C:\Users\MoonlightFairy\AppData\Local\Temp\25CBtmp\vopackage.exe

    Same for PUA "Eorezo". 

    ================

    Line 134: 20141103 133555 File "C:\Users\MoonlightFairy\AppData\Local\Temp\24DFtmp\freesofttoday.exe\FILE:0000" belongs to adware or PUA 'Eorezo' (of type Adware).
    Line 140: 20141103 140251 Adware or PUA 'Eorezo' is not removable.
    Line 267: 20141106 172035 File "C:\Users\MoonlightFairy\AppData\Local\Temp\24DFtmp\freesofttoday.exe\FILE:0000" belongs to adware or PUA 'Eorezo' (of type Adware).
    Line 273: 20141106 174253 Adware or PUA 'Eorezo' is not removable.
    Line 393: 20141108 140343 File "C:\Users\MoonlightFairy\AppData\Local\Temp\24DFtmp\freesofttoday.exe\FILE:0000" belongs to adware or PUA 'Eorezo' (of type Adware).
    Line 399: 20141108 142459 Adware or PUA 'Eorezo' is not removable.

    ================

    Just deleting:
    C:\Users\MoonlightFairy\AppData\Local\Temp\24DFtmp\freesofttoday.exe

    Note: this is the same file as the detection for TUTO4PC.

    So in summary if you don't want any of these I would suggest:

    Delete the following items will clear all 3:

    C:\Users\MoonlightFairy\AppData\Local\Temp\24DFtmp\freesofttoday.exe

    C:\Users\MoonlightFairy\AppData\Local\Temp\VOPackage.exe

    C:\Users\MoonlightFairy\AppData\Local\Temp\25CBtmp\vopackage.exe

    They are all in the user's temp location.

    Hope it helps,

    Regards,

    Jak

    :54587
  • 0

    ah, but therein lies another problem.

    I cannot find the location of those files, nor the folders containing them and therefore cannot just delete them.

    It's ok, I have run a few different adware removal softwares, returned the web browsers to original settings and blocked some websites. So my computer seems to be working ok now (I hope)

    Thanks anyway

    :54589
  • 0

    HI,

    Using Explorer you may not "see" them. However, if you hit "Windows Key + R" to bring up the Run box.

    Type:

    %temp%

    and hit enter you'll be in:

    C:\Users\MoonlightFairy\AppData\Local\Temp\

    You would then be table to possibly see the directories:

    • 24DFtmp
    • 25CBtmp

    and the file: VOPackage.exe in order to remove them.

    An application that clears the users %temp% directory would have cleared this location I suspect so they may not longer exist.

    Regards,

    Jak

    :54591
  • 0

    ooo ok :)

    once there, do I just delete them? and then empty the trash?

    :54593
  • 0
    I'd probably do a shift+delete. that will bypass the need to clear the recyle bin.
    regards,
    jak
    :54595