Zurück   Trojaner-Board > Sonstiges > Lob, Kritik und Wünsche
Incredibar und Win 32/Somoto.A

Incredibar und Win 32/Somoto.A


Lob, Kritik und Wünsche: Incredibar und Win 32/Somoto.A

Windows 7 Wir helfen bei Windows Bluescreens oder Trojaner entfernen stets kostenlos. Hier nehmen wir Wünsche, Lob und Kritik zu unserem Forum und Experten entgegen und freuen uns über jede Meinung. Keine Bereinigung von Rechnern!

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.07.2012, 11:18   #1
Mark M.
 
Incredibar und Win 32/Somoto.A - Standard

Incredibar und Win 32/Somoto.A


Hallo "Gurus",
ja, so muss ich euch nennen :-)

Habe mir bei einem Download aus sonst sehr zuverlässiger Quelle (Schriftfonts) nicht nur die Incredibar sondern auch gleich den Win32/Somoto.A Virus gezogen.

Den Virus bin ich relativ schnell wieder los geworden, aber die sch**ss Incredibar hat mich Nerven gekostet.

"In der Ruhe liegt die Kraft" - nach dem (Lebens-)Motto bin ich vorgegangen und habe zum Glück dieses Forum gefunden. Habe mich durch die diversen Threads gelesen und bin dann eurer Anleitung gefolgt.

GMER: Nichts.
ESET: Nichts mehr (Virus erkannt und in die ewigen Jagdgründe geschickt).
MS Security Essentials (ja,ja, ich weiß): Nichts.

Nach der Analyse durch "AdwCleaner" hat's mir dann aber den Draht aus der Mütze gehauen. Ich schwöre, ich habe noch nie irgendwas bei dieser Drecksschleuder "Softtonic" runtergeladen; keine Ahnung wie der Mist auf meinen Rechner kam.
Muss mal meinen Neffen fragen...

Jedenfalls ist mein Rechner jetzt wieder sauber und die "Anti-Malware" werde ich mir dauerhaft zulegen.

Falls es interessiert, hier der Auszug von der "Müllabfuhr":
Code:
ATTFilter
# AdwCleaner v1.701 - Logfile created 07/13/2012 at 00:04:56
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Vatta - VATTAS-NOTEBOOK
# Running from : C:\Users\Vatta\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Vatta\AppData\Local\Babylon
Folder Deleted : C:\Users\Vatta\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Vatta\AppData\Roaming\kikin
Folder Deleted : C:\Users\Vatta\AppData\Roaming\pdfforge
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\kikin
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb167?a=6R8yEIXxuE&i=26 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Vatta\AppData\Roaming\Mozilla\Firefox\Profiles\xjjaowou.default\prefs.js

C:\Users\Vatta\AppData\Roaming\Mozilla\Firefox\Profiles\xjjaowou.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb167?a=6R8yEIXxuE&loc=FF_NT");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111304&tt=100512_2_");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 25);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "96ab6573000000000000e4115bfbc61e");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15470");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 25);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1715:25:09");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 76512167);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1715:25:09");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111304&tt=100512_2_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "96ab6573000000000000e4115bfbc61e");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "96ab6573000000000000e4115bfbc61e");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15470");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:25:09");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1342013619294");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10643");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "0F2A58ECF8E1E4F7A6A3CE016DCA496A");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "96ab65730000000000009439e532c544");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15532");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15532");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1412:26:27");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "1");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8yEIXxuE&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8yEIXxuE&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6R8yEIXxuE");
Deleted : user_pref("extensions.incredibar.upn2n", "92824686308102488");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1412:26:27");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1412:26:27");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10643");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "96ab65730000000000009439e532c544");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15532");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "1");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8yEIXxuE&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8yEIXxuE");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824686308102488");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:26:27");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Vatta\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :       "icon_url": "hxxp://mystart.incredibar.com/mb167/favicon.ico",
Deleted :       "keyword": "mystart.incredibar.com/mb167",
Deleted :       "search_url": "hxxp://mystart.incredibar.com/mb167/?loc=IB_DS&search={searchTerms}&a=6R8yEIXxu[...]

*************************

AdwCleaner[R1].txt - [11894 octets] - [12/07/2012 23:55:05]
AdwCleaner[R2].txt - [11955 octets] - [13/07/2012 00:04:00]
AdwCleaner[S1].txt - [11452 octets] - [13/07/2012 00:04:56]

########## EOF - C:\AdwCleaner[S1].txt - [11581 octets] ##########
Nachdem der Sch**ss endlich runter war, habe ich noch den CCleaner laufen lassen und den restlichen Dreck aus der Registry entfernt.

Nochmals ganz lieben Dank an euch!

 

Themen zu Incredibar und Win 32/Somoto.A
adwcleaner, anti-malware, diverse, download, explorer, firefox, forum, frage, google, home, icon, internet, internet explorer, logfile, microsoft, mozilla, nerven, opera, rechner, registry, searchscopes, security, software, start, system, virus, win32/somoto.a, windows


« Forums Frage, zu den psoudo Verkehrsschield ? | Ehrenamt... vielen Dank für die (ehrenamtliche) Arbeit! »


Ähnliche Themen: Incredibar und Win 32/Somoto.A


  1. Avira meldet Pua Somoto Gen 2
    Plagegeister aller Art und deren Bekämpfung - 06.07.2015 (15)
  2. PUP.Optional.Somoto.SID.A
    Plagegeister aller Art und deren Bekämpfung - 20.06.2015 (17)
  3. Windows 7: PUA/Somoto.Gen
    Plagegeister aller Art und deren Bekämpfung - 15.04.2015 (9)
  4. Pua/somoto.gen2 ? Virusentfernung
    Log-Analyse und Auswertung - 08.04.2015 (8)
  5. pup.optional.somoto und PUA/Linkury.gen2
    Log-Analyse und Auswertung - 23.03.2015 (13)
  6. PUA Somoto.Gen2 von Avira gefunden - Windows 8
    Log-Analyse und Auswertung - 21.03.2015 (28)
  7. Virus gefunden? / PUA/Somoto.Gen2 und PUA/Sponsor.Gen
    Plagegeister aller Art und deren Bekämpfung - 11.03.2015 (1)
  8. APPL/Somoto.hzis mit Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.10.2014 (9)
  9. PC extrem langsam / Popup Antivir Somoto
    Plagegeister aller Art und deren Bekämpfung - 30.09.2014 (1)
  10. Adware.Somoto - Unterstützung bei OTL
    Log-Analyse und Auswertung - 23.08.2014 (8)
  11. malwarebytes hat was entdeckt PUP.Optional.Somoto
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (5)
  12. PUP.Optional.Somoto gefunden
    Log-Analyse und Auswertung - 04.06.2014 (3)
  13. APPL/Somoto.Gen2 Infektion!
    Plagegeister aller Art und deren Bekämpfung - 26.10.2013 (7)
  14. PUP.Optional.Somoto
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (2)
  15. APPL/Somoto.Gen2 Infektion!
    Alles rund um Windows - 18.10.2013 (3)
  16. XingHaoLyrics; WIN32 Somoto - B/J [PUP]; etc
    Log-Analyse und Auswertung - 26.07.2013 (15)
  17. Infektion mit Adware.Somoto, was tun?!
    Log-Analyse und Auswertung - 11.06.2013 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Incredibar und Win 32/Somoto.A - Hallo "Gurus", ja, so muss ich euch nennen :-) Habe mir bei einem Download aus sonst sehr zuverlässiger Quelle (Schriftfonts) nicht nur die Incredibar sondern auch gleich den Win32/Somoto.A Virus - Incredibar und Win 32/Somoto.A...
Archiv
Du betrachtest: Incredibar und Win 32/Somoto.A auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131