Jump to content

IMinent Toolbar


Guest LilBambi

Recommended Posts

Guest LilBambi

Have any of you seen this piece of work?

 

It was not in the Control Panel Remove a Program area under Windows 7 as noted here.

 

Uninstalled the redirector and popup creator in Remove a Program; Session and Tab browser addon's that were under Remove a Program for Internet Explorer, and in Firefox.

 

The browsers now are working right but I looked up IMinent toolbar and it gave me info regarding a potential rootkit installation.

 

Malwarebytes didn't find anything, and ESET Nod32 didn't find anything; at least it doesn't now. Client said ESET was complaining but when I got into it, there were no complaints and nothing in the Quarantine.

 

I downloaded gmer and it came back with the following (I changed user name to protect client):

 

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-06-23 16:48:55

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931.51GB

Running: 62crk0iq.exe; Driver: C:\Users\username\AppData\Local\Temp\fxdiruob.sys

---- Processes - GMER 2.1 ----

Library C:\Program Files (x86)\IMinent Toolbar\TbHelper2.exe (*** suspicious ***) @ C:\Program Files (x86)\IMinent Toolbar\TbHelper2.exe [4000]	 0000000000260000

Library C:\Program Files (x86)\IMinent Toolbar\TbCommonUtils.dll (*** suspicious ***) @ C:\Program Files (x86)\IMinent Toolbar\TbHelper2.exe [4000] 00000000716c0000

---- EOF - GMER 2.1 ----

 

NOTE: There is no folder by that name. There is a folder that I can see called IMinent with a subfolder in it called inst or something like that. and bootstrapper.exe is in that folder. But NO folder called IMinent Toolbar and gmer said those were running. I was not able to see those files or that folder. I tried to stop a TBHelper process but it wouldn't allow me to end it.

 

Any thoughts?

 

She said a friend told her to download Windows Photo Gallery. She apparently got it from the wrong site, the installer didn't have the right icon. It apparently complained she already had it installed, and she did BTW.

 

It started installing emoticon stuff, and those session and tab things that changed up her home page to present ads, and interject disgusting ads in pages, and provide popups that were bad.

Edited by LilBambi
Link to comment
Share on other sites

Guest LilBambi

As I say I got the session and tab things uninstalled but am left with this 'thing' that only gmer sees...rootkit maybe eh?

Link to comment
Share on other sites

IMinent is in the Junkware Removal Tool definitions. Both JRT and AdwCleaner are great tools but fresh copies need to be downloaded regularly since members of the security community submit new files to the developers on a regular basis.

 

JRT Instructions:

 

Please download Junkware Removal Tool to your desktop.

  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

It wouldn't hurt to run AdwCleaner too. It has three options, search, delete and uninstall. The instructions below are for delete. Note that if your friend has a group of tabs set to open with the browser, AdwCleaner will remove them so I suggest making a note if that's the case.

 

Please download AdwCleaner by Xplode to your Desktop.

  • Double-click AdwCleaner.exe to run the tool.
  • Click Delete.
  • Everything that was found will be deleted.
  • Save any open files and approve the reboot. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.

Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

Link to comment
Share on other sites

Guest LilBambi

Thanks Corrine. Will it get rid of that hidden stuff that gmer found?

 

OK I will do so.

 

Thanks!

 

I would have run those but that rootkit type hidden item through me a curve I wasn't expecting for that. ;)

Link to comment
Share on other sites

If "C:\Users\username\AppData\Local\Temp\fxdiruob.sys" remains, run TFC:

 

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Link to comment
Share on other sites

Guest LilBambi

Yea! Got rid of it!

 

And all the things I was concerned about removing in the wrong order that could have caused problems is gone. And of course the file I couldn't kill is gone too.

Link to comment
Share on other sites

Guest LilBambi

Very true.

 

Thanks! And all is well! :blissysmile:

 

It's great to have posts like this here. Other folks may also run into this sort of thing.

Link to comment
Share on other sites

It is not hard to keep windows clean.You just limit downloads to certain known clean sites like File Hippo and Major Geeks. Then you do a custom install and don't blindly click buttons without reading the screens.

Link to comment
Share on other sites

How about the cleaning industry? One has to pay and pay for this cleaner or that cleaner or that fixer-upper. And they sure don't come cheap! Windows is like a rug. Anything which enters it. leaves some dirt behind. And you know how well rugs collect dirt!

 

Cheers!

Link to comment
Share on other sites

How about the cleaning industry? One has to pay and pay for this cleaner or that cleaner or that fixer-upper. And they sure don't come cheap! Windows is like a rug. Anything which enters it. leaves some dirt behind. And you know how well rugs collect dirt!

 

Cheers!

 

If that's the case, you're using the wrong tools or paying for scareware -- scan for free and show hundreds of fake problems. All of the tools I use helping people are free. As to programs leaving dirt behind, yes, that part is correct when it come to the profit-mongering bums who create the unwanted add-ons.

Link to comment
Share on other sites

Guest LilBambi

If that's the case, you're using the wrong tools or paying for scareware -- scan for free and show hundreds of fake problems. All of the tools I use helping people are free. As to programs leaving dirt behind, yes, that part is correct when it come to the profit-mongering bums who create the unwanted add-ons.

 

Me too. And the tools specific to certain types of malware problems are done by some wonderfully gifted people.

 

Even the antivirus software from Microsoft is free (Microsoft Security Essentials - free for any current version of Windows prior to Windows 8, and Windows Defender is built-in to Windows 8).

Edited by LilBambi
Link to comment
Share on other sites

The only tool I pay for is Malwarebytes and that is my choice. The free version cleans just as well as the paid version. Since I want real time protection, I have purchased the program (4 times) and installed it on 4 computers. The other computers in the house use the free version.

Link to comment
Share on other sites

I've been using ZoneAlarm (free) for years. Never had any problems with it. And now it's come out with built-in virus checker, which is a plus. So I've been able to drop my (free) virus checker. One less item to maintain. I used to go to PCPitStop. They used to be good in removing things that an anti-virus coudn't find. But now that they have gone highly commercial, I don't trust them anymore, except to test my PC speed, and other computer operating system parameters. They don't fix anythig anymore.

Link to comment
Share on other sites

Guest LilBambi

JRT, ADWCleaner and TFC to the rescue again for a malware cocktail today that included things like Conduit and a bunch more!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...