Vshare toolbar ( virus / trojan ) Hardnekkig virus gekoppeld aan Chrome

Achoo · 2 jul 2012

Ik heb last van een Vshare.toolbar.home virus.

Als ik Chrome start verschijnt er een tweede tab met vshare.toolbar.home (de url verdwijnt daarna maar de tab blijft staan).
De ellende begon toen ik merkte dat mijn AVAST antivirus was verlopen, ik heb vervolgens AVG ANTIVIRUS erop gezet en flink gescanned. AVG vond een trojan (zie hieronder)

Scanbericht:
Objectnaam";"C:\Users\Downloads\Software\Microsoft Office + Key\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe"
"Detectienaam";"Trojaans paard Generic26.ATEG"
"Objecttype";"bestand"
"SDK-type";"Kern"

Hier staat wel hoe je stap voor stap dit lelijke virus kunt verwijderen maar bij mij gebeurt er niets. http://www.threatremoval.com/redire...-vshare-toolbarhome-com-completely/#more-3537 Ik zie hem niet staan in mijn taskmanager.

Weet iemand hoe ik het weg krijg?

Alvast dank!

djmaster329 · 2 jul 2012

Heb je al geprobeerd om in veilige modus te gaan, en dan het bestand handmatig te verwijderen?

bassie9 · 2 jul 2012

Dat scanresultaat wat je beschrijft is niet het virus Vshare waar je last van hebt. Dat is een crack om Office te activeren. Deze is niet schadelijk. Maar gek dat ie die Vshare trojan/virus niet vind. Even scannen met MBAM helpt wel. Zo niet, even recoveren met recovery-partitie. Werkt dit ook niet of heb je die niet, moet je Windows opnieuw installeren.

Achoo · 2 jul 2012

Thanks guys,

Hoe verwijder ik zoiets handmatig, in de veilige modus opstarten gaat nog wel maar hoe dan verder (welke stappen)?

@bassie9 Klopt misschien is die scan van iets anders. Ik zal dat MBAM eens proberen. Windows opnieuw installeren lijkt me wel erg omslachtig!

asusMan · 2 jul 2012

hallo achoo
als je chroom eraf haalt en opniew opzet haal je dan ook het virus eraf?

AsusMan

Achoo · 2 jul 2012

@asusMan. Dat ga ik nu proberen.

Ik heb net MBAM gedraaid en had deze infectie: C:\Users\Downloads\Software\DownloadSetup (8).exe (Affiliate.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.

De infectie ( deze: vshare.toolbarhome.com/?hp=df[/url] ) zit er nog steeds op.

Achoo · 3 jul 2012

Ik heb Chrome eraf gegooid en er weer opgezet. De vShare toolbar tab was weg. Vervolgens (aanmelden) log ik in bij Chrome en verschijnt het weer.

Nu heb ik via de Chrome settings gezien dat vShare toolbar tegelijk opstart met Chrome. chrome://settings/ Je kunt vanaf settings bij: Bij opstarten --> bij pagina's instellen de URL weghalen van vShare toolbar

Het lijkt erop dat dit het was (hoop ik).

:thumb: Laten we hopen dat het wegblijft.

Arretje · 3 jul 2012

Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.

Download AdwCleaner by Xplode naar je Bureaublad

Start AdwCleaner en klik Search
Na enige tijd opent een logfile (C:\ AdwCleaner[xx].txt) post de inhoud hier in het Forum

Achoo · 3 jul 2012

Ik zie in het log BABYLON TOOLBAR staan, dat is ook al zo'n irritant ding wat vaak verschijnt en lastig weggaat.

# AdwCleaner v1.701 - Logfile created 07/03/2012 at 10:42:52
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ls - LS-PC
# Running from : C:\Users\ls\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\ls\AppData\Local\AVG Secure Search
Folder Found : C:\Users\ls\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\ls\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\ls\AppData\Roaming\Babylon
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\IGearSettings
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\BabylonToolbar
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\S
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=113480&tt=270612_518&babsrc=HP_ss&mntrId=a436648800000000000018f46a279d28
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4

-\\ Mozilla Firefox v13.0.1 (nl)

Profile name : default
File : C:\Users\ls\AppData\Roaming\Mozilla\Firefox\Profiles\49olwoe2.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tt=270612_518&babsrc=NT_ss&[...]
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=270612_518");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "a436648800000000000018f46a279d28");
Found : user_pref("extensions.BabylonToolbar_i.id", "a436648800000000000018f46a279d28");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15519");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=27061[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:24:15");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bc4eb0ba8-ed99-48c2-bce1-cda4af79d099%[...]

-\\ Google Chrome v20.0.1132.47

File : C:\Users\ls\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "path": "C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\11.[...]

*************************

AdwCleaner[R1].txt - [11386 octets] - [03/07/2012 10:42:52]

########## EOF - C:\AdwCleaner[R1].txt - [11515 octets] ##########

Achoo · 3 jul 2012

Ok bedankt, ik heb met ADW Cleaner net even wat restanten weggehaald.

Arretje · 3 jul 2012

Verwijder AdwCleaner door op de “Uninstall” knop te klikken

Let er in de toekomst op,dat deze infectie's komen door "roque"installers,zelfs Panda Cloud doet eraan mee

Berucht zijn programma's van Bandoo

Haal je de vinkjes niet weg dan word de startpagina "ge-hijacked"

Achoo · 4 jul 2012

Ik haal eigenlijk altijd wel dit soort vinkjes weg, ik heb geen idee waar vShare toolbar vandaan kwam.

Ok, thank guys.

Spocky · 6 jul 2012

waarom heb je avast niet opnieuw geregistreerd en nadien geupdate en daarna een scan laten uitvoeren want AVG is echt eenn slechte antivirus, avast is stukken beter en lichter dan die rommel van AVG

Vshare toolbar ( virus / trojan ) Hardnekkig virus gekoppeld aan Chrome

Achoo

Gebruiker

djmaster329

Gebruiker

bassie9

Terugkerende gebruiker

Achoo

Gebruiker

asusMan

Gebruiker

Achoo

Gebruiker

Achoo

Gebruiker

Arretje

Gebruiker

Achoo

Gebruiker

Achoo

Gebruiker

Arretje

Gebruiker

Achoo

Gebruiker

Spocky

Gebruiker

Nieuwste berichten

Wij waarderen jouw privacy