Virus viceice.com
liliumeleven
Posted messages
4
Status
Member
-
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention -
Hello,
For the past few days, when opening Mozilla, a viceice.com page opens, impossible to remove, it always comes back, it doesn't appear anywhere on the PC and there is no information on the net...
Could you please help me?
Thank you in advance.
For the past few days, when opening Mozilla, a viceice.com page opens, impossible to remove, it always comes back, it doesn't appear anywhere on the PC and there is no information on the net...
Could you please help me?
Thank you in advance.
5 answers
Hello,
You have installed adware and potentially unwanted programs on your PC that open ads and slow down the computer and web browsers.
Here’s the procedure to follow to remove them:
Start with this:
Follow the AdwCleaner tutorial (by Xplode)
This program allows you to remove adware and potentially unwanted programs:
If that doesn’t work, use the site http://pjjoint.malekal.com to host the report, provide the link to the report in a new message.
Note: The report is also saved under C:\AdwCleaner[S1].txt
then reset your browsers:
==================================
Reset your browsers and/or manually reconfigure your web browsers (homepage, search engine, etc.) and also remove/disable unnecessary/unwanted extensions:
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
You have installed adware and potentially unwanted programs on your PC that open ads and slow down the computer and web browsers.
Here’s the procedure to follow to remove them:
Start with this:
Follow the AdwCleaner tutorial (by Xplode)
This program allows you to remove adware and potentially unwanted programs:
- Download it to your desktop or download folder.
- Run AdwCleaner, click on [Scan].
- The scan may take several minutes, please wait.
- Once the scan is complete, do not uncheck anything, click on [Clean]
- After the cleaning process is finished, a report will open. Copy/paste the contents of the report into your next reply by copying and pasting.
If that doesn’t work, use the site http://pjjoint.malekal.com to host the report, provide the link to the report in a new message.
Note: The report is also saved under C:\AdwCleaner[S1].txt
then reset your browsers:
==================================
Reset your browsers and/or manually reconfigure your web browsers (homepage, search engine, etc.) and also remove/disable unnecessary/unwanted extensions:
- Firefox: https://www.malekal.com/reparer-firefox/?t=36057&start=
- Google Chrome: https://www.malekal.com/reparer-google-chrome/?t=35837&start=
- Internet Explorer and add-ons/search engines: https://forum.malekal.com/viewtopic.php?t=41399&start=
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Reset the web browsers and then:
Follow the FRST tutorial.
(Make sure to take the time to read it thoroughly in order to apply it correctly - everything is explained there).
Download and run the FRST scan, which will generate three FRST reports:
Send these three reports to the site http://pjjoint.malekal.com as explained, and in return, provide the three pjjoint links leading to these reports in a new response so that we can consult them.
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Follow the FRST tutorial.
(Make sure to take the time to read it thoroughly in order to apply it correctly - everything is explained there).
Download and run the FRST scan, which will generate three FRST reports:
- FRST.txt
- Shortcut.txt
- Additional.txt
Send these three reports to the site http://pjjoint.malekal.com as explained, and in return, provide the three pjjoint links leading to these reports in a new response so that we can consult them.
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
here you go =)
https://pjjoint.malekal.com/files.php?id=20150820_k8y13h9p9z12
https://pjjoint.malekal.com/files.php?id=20150820_l8w9y15i15w10
https://pjjoint.malekal.com/files.php?id=20150820_u5i6s6s13l9
thanks to those who can understand all this, it's really cool of you to take the time to help =)
https://pjjoint.malekal.com/files.php?id=20150820_k8y13h9p9z12
https://pjjoint.malekal.com/files.php?id=20150820_l8w9y15i15w10
https://pjjoint.malekal.com/files.php?id=20150820_u5i6s6s13l9
thanks to those who can understand all this, it's really cool of you to take the time to help =)
Look in your Mozilla extensions and run scans with adwcleaner and roguekiller
hoping to have helped you.
hoping to have helped you.
Uninstall McAfee Security Scan.
Here’s the correction to be made with FRST.
You can refer to this explanatory note with screenshots to help you: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Open Notepad: Press Windows + R, in the run field, type notepad and click OK.
Copy/paste the following into it:
CHR Extension: (High Stairs) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\njeofdgmbhbojilblfpjipbkcipccehj [2015-08-20]
R2 Service Mgr HighStairs; C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugincontainer.exe [1198816 2015-08-20] ()
R2 Update Mgr
HighStairs; C:\Program Files (x86)\Common Files\b4bc9939-75e9-422b-af5c-653de35c4f4b\updater.exe [704224 2015-08-20] ()
2015-08-20 02:07 - 2015-08-20 19:34 - 00000000 ____D C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b
2015-08-15 19:55 - 2015-08-18 15:50 - 00000000 _RSHD C:\Users\Pierre\AppData\Roaming\taskmgr
2015-07-28 23:43 - 2015-07-28 23:43 - 00061312 _____ (TermCoach) C:\Windows\system32\Drivers\tcfd_vt_1_10_0_21.sys
2015-07-28 23:43 - 2015-07-28 23:43 - 00057728 _____ (TermCoach) C:\Windows\system32\Drivers\tcfd_vw_1_10_0_21.sys
Once the text is pasted into Notepad.
File menu then Save As.
On the left, navigate to the desktop.
In the field at the bottom, file name enter: fixlist.txt
Click Save - this will create a fixlist.txt file on the desktop.
Restart FRST and click the Fix button
Depending on the circumstances a restart is necessary (not mandatory).
A text file will appear, copy/paste the content here in a new message.
Restart the computer
then reset your browsers:
==================================
Reset your browsers and/or manually reconfigure your web browsers (homepage, search engine, etc.) as well as delete/disable unnecessary/parasitic extensions:
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Here’s the correction to be made with FRST.
You can refer to this explanatory note with screenshots to help you: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Open Notepad: Press Windows + R, in the run field, type notepad and click OK.
Copy/paste the following into it:
CHR Extension: (High Stairs) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\njeofdgmbhbojilblfpjipbkcipccehj [2015-08-20]
R2 Service Mgr HighStairs; C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugincontainer.exe [1198816 2015-08-20] ()
R2 Update Mgr
HighStairs; C:\Program Files (x86)\Common Files\b4bc9939-75e9-422b-af5c-653de35c4f4b\updater.exe [704224 2015-08-20] ()
2015-08-20 02:07 - 2015-08-20 19:34 - 00000000 ____D C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b
2015-08-15 19:55 - 2015-08-18 15:50 - 00000000 _RSHD C:\Users\Pierre\AppData\Roaming\taskmgr
2015-07-28 23:43 - 2015-07-28 23:43 - 00061312 _____ (TermCoach) C:\Windows\system32\Drivers\tcfd_vt_1_10_0_21.sys
2015-07-28 23:43 - 2015-07-28 23:43 - 00057728 _____ (TermCoach) C:\Windows\system32\Drivers\tcfd_vw_1_10_0_21.sys
Once the text is pasted into Notepad.
File menu then Save As.
On the left, navigate to the desktop.
In the field at the bottom, file name enter: fixlist.txt
Click Save - this will create a fixlist.txt file on the desktop.
Restart FRST and click the Fix button
Depending on the circumstances a restart is necessary (not mandatory).
A text file will appear, copy/paste the content here in a new message.
Restart the computer
then reset your browsers:
==================================
Reset your browsers and/or manually reconfigure your web browsers (homepage, search engine, etc.) as well as delete/disable unnecessary/parasitic extensions:
- Firefox: https://www.malekal.com/reparer-firefox/?t=36057&start=
- Google Chrome: https://www.malekal.com/reparer-google-chrome/?t=35837&start=
- Internet Explorer and add-ons/search engines: https://forum.malekal.com/viewtopic.php?t=41399&start=
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
It's all good for me, Malekal is dead, you are a god, problem solved, thank you for everything, the explanations were super clear, the steps to follow... great, thank you really.
I'm still posting the last report:
Farbar Recovery Scan Tool (x64) Version:20-08-2015 Correction Results
Executed by Pierre (2015-08-20 22:30:58) Run:1
Executed from C:\Users\Pierre\Desktop
Loaded profiles: Pierre (Available profiles: Pierre & lison_s3)
Boot mode: Normal
==============================================
fixlist content:
CHR Extension: (High Stairs) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\njeofdgmbhbojilblfpjipbkcipccehj [2015-08-20]
R2 Service Mgr HighStairs; C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugincontainer.exe [1198816 2015-08-20] ()
R2 Update Mgr
HighStairs; C:\Program Files (x86)\Common Files\b4bc9939-75e9-422b-af5c-653de35c4f4b\updater.exe [704224 2015-08-20] ()
2015-08-20 02:07 - 2015-08-20 19:34 - 00000000 ____D C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b
2015-08-15 19:55 - 2015-08-18 15:50 - 00000000 _RSHD C:\Users\Pierre\AppData\Roaming\taskmgr
2015-07-28 23:43 - 2015-07-28 23:43 - 00061312 _____ (TermCoach) C:\Windows\system32\Drivers\tcfd_vt_1_10_0_21.sys
2015-07-28 23:43 - 2015-07-28 23:43 - 00057728 _____ (TermCoach) C:\Windows\system32\Drivers\tcfd_vw_1_10_0_21.sys
C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\njeofdgmbhbojilblfpjipbkcipccehj => successfully moved
Service Mgr HighStairs => Unable to stop the service.
Service Mgr HighStairs => service successfully deleted
R2 Update Mgr => Error: No automatic fix found for this item.
HighStairs; C:\Program Files (x86)\Common Files\b4bc9939-75e9-422b-af5c-653de35c4f4b\updater.exe [704224 2015-08-20] () => Error: No automatic fix found for this item.
"C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b" folder move:
Unable to move "C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b" => Scheduled for move on reboot.
C:\Users\Pierre\AppData\Roaming\taskmgr => successfully moved
C:\Windows\system32\Drivers\tcfd_vt_1_10_0_21.sys => successfully moved
C:\Windows\system32\Drivers\tcfd_vw_1_10_0_21.sys => successfully moved
Results of the scheduled file moves (Boot mode: Normal) (Date&Time: 2015-08-20 22:32:30)<=
C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b => successfully moved
I'm still posting the last report:
Farbar Recovery Scan Tool (x64) Version:20-08-2015 Correction Results
Executed by Pierre (2015-08-20 22:30:58) Run:1
Executed from C:\Users\Pierre\Desktop
Loaded profiles: Pierre (Available profiles: Pierre & lison_s3)
Boot mode: Normal
==============================================
fixlist content:
CHR Extension: (High Stairs) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\njeofdgmbhbojilblfpjipbkcipccehj [2015-08-20]
R2 Service Mgr HighStairs; C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugincontainer.exe [1198816 2015-08-20] ()
R2 Update Mgr
HighStairs; C:\Program Files (x86)\Common Files\b4bc9939-75e9-422b-af5c-653de35c4f4b\updater.exe [704224 2015-08-20] ()
2015-08-20 02:07 - 2015-08-20 19:34 - 00000000 ____D C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b
2015-08-15 19:55 - 2015-08-18 15:50 - 00000000 _RSHD C:\Users\Pierre\AppData\Roaming\taskmgr
2015-07-28 23:43 - 2015-07-28 23:43 - 00061312 _____ (TermCoach) C:\Windows\system32\Drivers\tcfd_vt_1_10_0_21.sys
2015-07-28 23:43 - 2015-07-28 23:43 - 00057728 _____ (TermCoach) C:\Windows\system32\Drivers\tcfd_vw_1_10_0_21.sys
C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\njeofdgmbhbojilblfpjipbkcipccehj => successfully moved
Service Mgr HighStairs => Unable to stop the service.
Service Mgr HighStairs => service successfully deleted
R2 Update Mgr => Error: No automatic fix found for this item.
HighStairs; C:\Program Files (x86)\Common Files\b4bc9939-75e9-422b-af5c-653de35c4f4b\updater.exe [704224 2015-08-20] () => Error: No automatic fix found for this item.
"C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b" folder move:
Unable to move "C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b" => Scheduled for move on reboot.
C:\Users\Pierre\AppData\Roaming\taskmgr => successfully moved
C:\Windows\system32\Drivers\tcfd_vt_1_10_0_21.sys => successfully moved
C:\Windows\system32\Drivers\tcfd_vw_1_10_0_21.sys => successfully moved
Results of the scheduled file moves (Boot mode: Normal) (Date&Time: 2015-08-20 22:32:30)<=
C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b => successfully moved
concerning the Firefox add-ons, I have one that keeps coming back and adds ads (extremely annoying ...) and regarding the analysis, I'm afraid it might have come up empty... here is the report
# AdwCleaner v5.002 - Report created on 08/20/2015 at 18:28:20
# Updated on 08/18/2015 by Xplode
# Database: 2015-08-18.2 [Server]
# Operating System: Windows 10 Home (x64)
# Username: Pierre - DESKTOP-DV9HSQK
# Executed from: C:\Users\Pierre\Downloads\adwcleaner_5.002.exe
# Option: Clean
[-] File Deleted: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\hco2a54n.default\searchplugins\starter.xml
[-] Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted: HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
[-] Key Deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{E104B9E4-01BA-4AAF-9957-6A525CC5451A}
[-] Key Deleted: HKCU\Software\PRODUCTSETUP
[!] Key Not Deleted: [x64] HKCU\Software\PRODUCTSETUP
:: Proxy settings reset
:: Winsock settings reset
:: Chrome policies removed
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1269 bytes] ##########