spam tabs on google chrome

So, you post this so we can also be "infected"?

I have removed the url to prevent other members being infected

no, of course not...i thought you had to click on it to be infected. not sure how to get help for it, otherwise. sorry. : (

Hello, Ann. Just to see if your problem derives from a Chrome extension, you might run ADWCleaner from http://www.bleepingcomputer.com/download/adwcleaner/
It is simple to use, just press Scan, then when it finishes press Report; post that notepad content.

Thank you - I just tried IObit malware fighter. I'll try bleeping computer next.
Thanks, everyone!

-dead topic rises-

My colleague handed me this machine. She was having trouble installing the programs required by our internship manager. So instead of looking for the source, she just kept on formatting it in hopes she could install the programs easily. In the end, she gave up and asked me to clean up her mess.

Long story short, I had the same problem, used JRT and I am now bumping this topic because gerbil asked for notepad content.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Admin on 23-05-2014 at 10:04:18,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_vlc-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_vlc-media-player_RASMANCS



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23-05-2014 at 10:05:33,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hi blackmiau,

Are you sure that you were experiencing exactly the same problems that the Oringinal Poster in this thread was experiencing?

It's hard for me to tell because the original post was deleted by the moderators, but regardless... you'll probably get more immediate attention if you start your own thread on your problem rather than tagging on to the bottom of a 7-month old post. If you do decide to start you own thread, please include as much specific information about your problem as possible.

For the moment though- the log you posted does seem to indicate that JRT did succefully fix some probelmatic items.

Do any errors/issues still persist after running JRT? If so, post the full and exact details of the problems and we'll take it from there, OK?

I browsed the forum for topics on this and found some advice on the existing ones. I can assume it was the same problem, since I had mysterious tabs popping up aswell.

It worked fine after running JRT.

I only bumped this topic just for the code :)

Cool- so everything is good with your system now, yes?

Yup. It's one of the machines I'm preparing to be handed out tomorrow. It only happened because my colleague was downloading programs from suspicious sites since she doesn't understand english at all.

Yeah- it can be hard to find reputable download sites that don't bundle any "crapware" with their downloads.

Your JRT log shows a few references to "softonic", which is a relatively popular download site that unfortunately is kown to bundle adware, toolbars, "download helpers", etc. with their downloads. :-(

It's harder trying to get some work done and constantly being called by the colleague almost every 5 minutes to translate something for her.

It's harder trying to get some work done and constantly being called by the colleague almost every 5 minutes to translate something for her.

I totally understand. One company that I'm working with does a lot of business with partners in China, so I know how problematic translation can be :-(

That's different. Here we are taught english as second language which becomes optional on 9th grade. So... how does someone who always refused to take english classes and is not one bit interested in learning, choose an IT path? She's in for a rough time, I'll say...

So... how does someone who always refused to take english classes and is not one bit interested in learning, choose an IT path?

Mmmm... I definitely see your point there!

Right. Um.. avoid Softonic and their file downloader. Sure, you get the file, but you also get some ads.... I wonder, though, about the subkeys in \Tracing, and why Softonic would be interested in remote access.

I wonder, though, about the subkeys in \Tracing, and why Softonic would be interested in remote access.

Interesting question about the \Tracing subkeys, gerbil- and a question to which I wasn't able to find a definite answer when I looked.

Still curious about those entries myself...

Why not create a spin-off topic of this one, sort of a "quest for the Softonic tracers" thing? Maybe someone can find the answer.

\Tracing\backupstack_rasapi32
\Tracing\backupstack_rasmancs
\Tracing\au__rasapi32
\Tracing\au__rasmancs
Mmm... these entries are obviously? concatenations with au.exe (dropped by Bagle worm?) and backupstack.exe (probably valid...).
I cannot locate info on rasmancs... everywhere rasmancs is the subject of outright deletion. They are then likely nothing to do with Softonic. But if not legal, why would they have a subkey created for them, or would the Remote Access Service do that automatically?
Anyway, they're gone.