Get rid of Find-it.pro

Solved
Saintemarie46 Posted messages 50 Registration date   Status Member Last intervention   -  
bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   -

My two browsers Firefox and Chrome that I use with Windows 11 are, in my opinion, infected by a certain Find-it.pro that hijacks my searches.

Can I follow the procedure given on February 9, 2022, by bazfile to get rid of it?

Or has the procedure changed?

Thank you for any help.

Sincerely

14 answers

  1. bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   20 266
     

    Hello @Saintemarie46 StatusMember.

    Download FRST.

    Once downloaded, save it to the desktop then right-click on FRST and choose Run as administrator, you will see this:

    Wait for the message the tool is ready to go to appear, then click on Scan


    Be careful, wait for the messages saying that the scan is complete to display.

    At the end of the scan, you will have two text files on the desktop: FRST and Addition.

    Then send the FRST and ADDITION reports to https://www.cjoint.com/ and provide the two links generated by https://www.cjoint.com/ in your response.


    bazfile
    Moderator/Security Contributor.
    a hello, a response, a thank you always bring joy.

    0
  2. Saintemarie46 Posted messages 50 Registration date   Status Member Last intervention  
     

    https://www.cjoint.com/c/NEAob4x06Pg

    I think that's it..

    2 times Addition? Yet the links are different, the first one ...PL6..

    The other one ...TYy...

    Strange,

    Thanks for the help

    0
  3. bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   20 266
     

    @Saintemarie46 StatusMember.

    It's good, I have the FRST report.

    2 times Addition? Yet the links are different the first ...PL6..

    That the links are different is normal since you uploaded the same file twice on cjoint, click on the links and you will see.

    Procedure to follow in the indicated order:

    1- Open FRST as an administrator by right-clicking on FRST and choosing run as administrator
    2 - Copy the entire script that is in the box below:

      Start:: CreateRestorePoint: CloseProcesses: File: C:\Program Files (x86)\npNmYjtMU\hQuOXR.dll File: C:\Program Files (x86)\AfaEkywlsxAU2\VhIQauNOzXKRR.dll File: C:\Program Files (x86)\vzBDZHBYsrGDnLSmMyR\xTbIBNZ.dll File: C:\Program Files (x86)\xFfZxkujbxxjC\xGMrxOL.dll HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall: Restriction GroupPolicy: Restriction - Chrome Policies: C:\ProgramData\NTUSER.pol: Restriction HKLM\SOFTWARE\Policies\Google: Restriction HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe (No file) HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\ASUS\ROG Live Service\vga\AacVga_UserApp_x64.exe /RestartByRestartManager:1AD14EED-F1BA-4f3f-B069-7770A86DED10 (No file) Task: {B9D17ED0-93B1-46FC-973B-3FC763BE6166} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No file) Task: {08AA4513-8F42-407F-9980-BCFE6E7E327A} - System32\Tasks\Opera GX scheduled Autoupdate 1707407781 => C:\Users\Albert\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0) (No file) Task: {ACA2237B-6A5F-4D8E-8A25-CB15FC7A39A2} - System32\Tasks\IeOJvWmSeoRPcCO2 => C:\Windows\system32\rundll32.exe [73728 2022-05-13] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\npNmYjtMU\hQuOXR.dll",#1 Task: {098CA2B5-39C5-4378-9DE0-D6EA1CEBD38C} - System32\Tasks\qFzXfCkYIObIkx => C:\Windows\system32\rundll32.exe [73728 2022-05-13] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\AfaEkywlsxAU2\VhIQauNOzXKRR.dll",#1 Task: {34925776-2467-4EF7-80F8-8C803BD11E1F} - System32\Tasks\yLkCcjvaurQLrvwXY2 => C:\Windows\system32\rundll32.exe [73728 2022-05-13] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\vzBDZHBYsrGDnLSmMyR\xTbIBNZ.dll",#1 Task: {001D80B3-F899-4D64-89AC-A7E70342E219} - System32\Tasks\zzjzbgIdYrIEMHAbruR2 => C:\Windows\system32\rundll32.exe [73728 2022-05-13] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\xFfZxkujbxxjC\xGMrxOL.dll",#1 Task: {C79F484B-4E8D-4DAC-ABB6-2FBC037CDF6A} - System32\Tasks\ZLWyphSYBXIoH2 => C:\Windows\System32\forfiles.exe [69632 2022-05-13] (Microsoft Windows -> Microsoft Corporation) -> /p C:\Windows\system32 /m wscript.exe /c "cmd /C @FNAME ^"C:\ProgramData\ZVyJIAgVzYZVmRVB\qKIJwqQ.wsf^"" Edge HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m Edge StartupUrls: Default -> "hxxps://find-it.pro/?utm_source=distr_m" Edge DefaultSearchURL: Default -> hxxp://search-cdn.net/fip/?q={searchTerms} Edge DefaultSearchKeyword: Default -> cdn Edge DefaultSuggestURL: Default -> hxxps://www.google.ru/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&q={searchTerms} CHR StartupUrls: Default -> "hxxps://mail02.orange.fr/appsuite/#!&app=io.ox/mail&folder=default0//yixl6LWIWZ2Mi%C3%B2i3Voir2Xvy7Od%C3%AFn&id=42","hxxps://find-it.pro/?utm_source=distr_m" CHR HomePage: System Profile -> hxxps://find-it.pro/?utm_source=distr_m CHR StartupUrls: System Profile -> "hxxps://find-it.pro/?utm_source=distr_m" CHR DefaultSearchKeyword: System Profile -> cdn CHR DefaultSuggestURL: System Profile -> hxxps://www.google.ru/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&q={searchTerms} S2 ElevationService; C:\ProgramData\Wondershare\wsServices\ElevationService.exe [X] S2 WirelessBackupService; C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\WirelessBackupService.exe [X] S2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [X] S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X] CustomCLSID: HKU\S-1-5-21-3912252802-1353675308-2067236856-1001_Classes\CLSID\{b72e6f5e-f6e0-a9eb-461b-6118363bd15c}\localserver32 -> "C:\Users\Albert\AppData\Local\0install.net\implementations\sha256new_7ATQFYMYISD5LU42STURHNI33TRSMJBHVQPLEAO3EX4R5WPI6GTQ\DeepL.exe" -ToastActivated => No file FirewallRules: [{AE5C2FBD-14E8-4847-8744-B96036541954}] => (Allow) C:\program files (x86)\wondershare\drfone\drfonetoolkit.exe => No file FirewallRules: [{82B84440-191E-4A1C-B3EC-DB3EB2F47A85}] => (Allow) C:\Users\Albert\AppData\Local\Programs\Opera GX\106.0.4998.76\opera.exe => No file FirewallRules: [{3C4EADDA-5881-4005-A2DB-2ED4C3F65A9B}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No file FirewallRules: [{38436208-8BA2-467A-AB0B-04403EA58524}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No file C:\Program Files (x86)\npNmYjtMU C:\Program Files (x86)\AfaEkywlsxAU2 C:\Program Files (x86)\vzBDZHBYsrGDnLSmMyR C:\Program Files (x86)\xFfZxkujbxxjC C:\ProgramData\ZVyJIAgVzYZVmRVB EmptyTemp: End::

    3- Once the script is copied click on Correct, FRST automatically takes the script that is in the clipboard.


    Let the correction take place once it is finished you will be asked to restart your PC, do it as soon as you are asked, see below.

    Then once your computer has restarted:
    4- You will have a Fixlog file on your desktop then send this fixlog report to https://www.cjoint.com/ then provide the generated link from https://www.cjoint.com/ in your response.

    5- CHECK AND LET ME KNOW IF YOUR ISSUE IS STILL PRESENT

    0
  4. Saintemarie46
     

    I did what was requested and here is the link generated by Fixlog:

    https://www.cjoint.com/c/NEAoVHPdw1g

    0
  5. bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   20 266
     

    @Saintemarie46 StatusMember .

    Redo the FRST correction, it was not done correctly, then provide the link to the fixlog.


    bazfile
    Moderator/Security Contributor.
    a hello, a response, a thank you are always appreciated.

    0
  6. Saintemarie46
     

    Correction redone and the link:

    https://www.cjoint.com/c/NEApfwkpzig

    0
  7. Saintemarie46
     

    Always present; as soon as I open a tab, I get:

    https://find-it.pro/?utm_source=distr_m

    0
    1. bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   20 266
       

      @Saintemarie46 StatusMember .

      It's normal, do a new FRST analysis and provide the links to the FRST and Addition reports so we can see where things stand.

      0
  8. Saintemarie46
     

    Ok

    Result in a moment

    0
    1. bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   20 266
       

      OK.

      0
  9. Saintemarie46
     

    Thank you for your patience and your help.

    Also, if the problem persists, I'll give up.

    You probably have other more serious issues to resolve.

    So let's see what comes next.

    0
  10. bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   20 266
     

    @Saintemarie46 StatusMember .

    You should never give up.

    Nothing too serious, it's still in Firefox to fix it does the following:

    Hello.

    Procedure to follow in the indicated order:

    1- Open FRST as an administrator, to do this right-click on FRST and choose run as administrator
    2 - Copy the entire script that is in the box below:

      Start:: CreateRestorePoint: CloseProcesses: FF SearchPlugin: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\x3eh2x2n.default\searchplugins\cdnsearch.xml [2024-05-26] FF Homepage: Mozilla\Firefox\Profiles\uowr16z6.default-release-1639582109830 -> hxxps://find-it.pro/?utm_source=distr_m FF Notifications: Mozilla\Firefox\Profiles\uowr16z6.default-release-1639582109830 -> hxxps://web.whatsapp.com; hxxps://www.dominicancupid.com; hxxps://www.instagram.com; hxxps://community.lecrabeinfo.net; hxxps://mail-notification.info; hxxps://zarabotok-online.xyz; hxxps://supertopfreegames.com; hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://mnthor.xyz; hxxps://www.instacams.com; hxxps://assiste.com EmptyTemp: End::

    3- Once the script is copied, click on Fix, FRST will automatically take the script from the clipboard.


    Let the fix run, once it is completed you will be asked to restart your PC, do it as soon as prompted, see below.

    Then, once your computer is restarted:
    4- You will have a Fixlog file on your desktop, then send this fixlog report to https://www.cjoint.com/ and then provide the link generated by https://www.cjoint.com/ in your response.

    5- CHECK AND TELL ME IF YOUR ISSUE IS STILL PRESENT


    bazfile
    Moderator/Security Contributor.
    A hello, a response, a thank you are always appreciated.

    0
  11. Saintemarie46
     

    Fixlog Link:

    https://www.cjoint.com/c/NEAqdS6dgEg

    0
  12. bazfile Posted messages 58491 Registration date   Status Moderator Last intervention   20 266
     

    @Saintemarie46 StatusMember .

    The fixlog is OK, you should not have any problem with find-it.pro anymore, let me know if your issue is still present or not.

    Your PC was also infected by this:

    https://virusscan.jotti.org/filescanjob/0ruslhkugr

    https://virusscan.jotti.org/filescanjob/cyn067vwlw

    Out of caution, change your sensitive and important online passwords.


    For your information:

    Your version of Windows 11 is not up to date, you should be on version 23H2, go to Windows Update, version 23H2 should be offered to you.


    If everything is OK for you.


    Uninstall FRST, rename the FRST file you downloaded, rename it to uninstall, then once the file is renamed, open it, the uninstallation will occur automatically via a PC restart.


    bazfile
    Moderator/Security Contributor.
    a hello, a reply, a thank you are always appreciated.

    0