To Customer Support To Customer Support
Solved

EXTREME Toolbar Malware Infection

C
Rank
Well. I just discovered yesterday that our computer had tons of adware and malware.
 
First, I came on and I saw 2 things: 1, a fake PC scanner program, and 2 something called 'Yontoo.'
I did a quick search on Yontoo and found it was malicious. I asked my Dad if he installed anything, and he said Adobe popped up, saying he had to install the latest software. He believed it since it was Adobe, and his only options were 'OK.' I did a scan with Webroot and found no threats, but when I tried deleting Yontoo Webroot continuously popped up about security. Then I decided to turn off the computer and boot it into Safe Mode. I restored the computer to 05/10/13. As I left Safe Mode I discovered another adware program on our desktop about "Best FaceBook Messenger." I deleted that with no problems afterwards. I guess I never really noticed it, but when we opened Firefox it lead us to start.conduit.com, another malicious toolbar. I deleted it on Firefox and a 'Java Script' that I found when I searched conduit in the Start Menu. Anyways, since Webroot wouldn't do anything, I installed Malwarebytes and did a quick scan with that. I had 26 threats, including lots of adware, atleast 1 malware and spyware. Another was Browser Hijacker. Obviously I removed those. Now today, I went to Internet Explorer which we rarely use since it never responds. I guess I found out why. That one lead me to start.sweetpacks.com, yet ANOTHER malicious toolbar. It wasn't really installed, but it was set to our homepage which I believe adware does sometimes. I never knew our computer was so infected. I did switch both homepages to Yahoo. And with all these infections, I just want to know how I can remove and find all the threats. I keep finding more, as I've said, and I just don't know if we're safe right now. Any advice on this? How can I find all the infections if there are so many? How do I know I'm safe...? :8
icon

Best answer by Rakanisheu Retired 16 May 2013, 13:28

View original

10 replies

RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Sorry for the issues that you are having but I would suggest you Submit a Support Ticket so that the Malware Experts can have a look at your scan logs and be able to make sure you are clean of malware.
 
Regards,
 
TH
C
Rank
How exactly do I give scan logs in a support ticket?
 
On a side note, I deleted Conduit and Whitesmoke files from Registry Editor and %ProgramFiles%.
Anything else I can do to check?
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
They will send you a link to the log gathering tool with instructions on how to use it. Also if you become infected for what ever reason you should contact support and they will help you clean your system free of charge with your subscription. Using other cleaning tools can do more damage than good. IMHO
 
TH
JimM
Userlevel 7
It doesn't look like you've opened a support case yet ClassicRock_FTW (at least not under the same email address with which you signed up to the community). Once you put in the ticket, please reply back. One of our threat researchers will be assisting you with the case, but I'm curious to see what happened here as well.

As a rule, it's best to reach out to support prior to removing files by hand since there is potential to cause harm to your computer by making bad edits to the registry.
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
Rakanisheu Retired
Userlevel 7
Both of those toolbars arent malicious but are classified as PUA. The Yontoo one is easy to remove the sweetpack one can be a little more tricky. If you submit a ticket I can collect logs. In the meantime run the folllowing to remove Yontoo.
 
You will also need to check the Windows add/remove control panel for a entry relating to Yontoo. You may also have to reset the default search provider back to what is was before this was installed. If you are struggling you can reset IE as it will remove all plugins. Its worth removing all 3rd party toolbars in the Add/Remove control panel.
 
Remember that you will have to do this for every browser installed even if you dont use it.

1) In Internet Explorer, click "Tools," then click "Manage Add-ons." Click Yontoo," then click "Disable" and click "OK."

2)For Firefox, click the "Tools" menu, open "Add-ons" and click "Extensions." Click the "Remove" button next to "Yontoo"

3)In Chrome, click the wrench icon, then click "Settings" and "Extensions." Click "Uninstall" next to Yontoo.

Thanks,
Roy
C
Rank
Thanks, I removed Yontoo when I did the system restore. As for the sweetpacks, I actually found something related to it with a lock on it on our desktop. I'm not sure if there's more traces of it. None of the malicious toolbars are in use on all 3 browsers as of now. Also, I made a list of the possible threats I found:
-conduit
-WhiteSmoke
-sweetpacks
-DomaIQ
-SmartBar

Thanks for your help. I will try entering a ticket when I can!
Rakanisheu Retired
Userlevel 7
If I had my way I would block every single toolbar but technically speaking most of the do actually uninstally hence why they are Pontentially unwanted applications (PUA) and not malware. Since its not your PC I would have a quick word with the user telling them to not to download any toolbars or "tune-up" programs. Install Firefox/Chrome+adblock and remove the Internet Explorer icon from the desktop 😃
C
Rank
We didn't install the toolbars. Though, I remember I installed a screen recorder on the computer and that had WhiteSmoke (which is apparently part of conduit) attached with it... I thought I removed it but I don't know. I definitely did now. Also, I can't submit a ticket now, I'll have to do it later. Thanks!
C
Rank
I apologize if this is considered a double post, but I got AdBlock Plus and it removed certain ads from Yahoo Answers I usually see, and I wasn't sure if it was adware. For example, based on the question, underneath an answer it will say like,"Searching for why is the sky blue?" and it will give links related to it below. Wasn't sure if Yahoo Answers always does that, or if my PC is supposed to do that?
 
Also, I did enter a ticket. They looked at my logs and said there were no malicious items.
Rakanisheu Retired
Userlevel 7
This is only my personal opinion but I wouldnt use Yahoo answers ever. Adblock has a feature that you can click on if you think it is legimately blocking good stuff "report issue on this page" or you could try disabling it for a minute and reloading the page to see if it comes back.

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.