Page 1 of 3 123 LastLast
Results 1 to 15 of 36
  1. #1
    2 Star Lounger
    Join Date
    Nov 2011
    Location
    Berkshire, UK
    Posts
    126
    Thanks
    18
    Thanked 0 Times in 0 Posts

    How to stop Snapdo 'cold calling'

    Why do I continually get a potentially unwanted program - PUPOptional.Snapdo.A . It ends up in my AppData\Local\Google\Chrome\User\Default\Preferenc es.

    Malwarebytes finds this on average two or three times a day and alerts me to quarantine it, which I do.

    I see that SnapDo is a malicious browser hijacker, which is bundled by free downloads, and once installed it will add the SnapDo Toolbar to my browser.

    Google lists tools to remove Snapdo, but so far - thanks to Malwarebytes - it has not (I think) installed.

    But does anyone know how to stop Snapdo invading my PC in the first place? How come it knows I am a target? (It's like trying to block 'cold callers' on my phone). I want to end the unnecessary 'quarantine' exercise three times a day. Can Malwarebytes just do it without asking my permission?
    Tim

    (Asus Transformer Aio. Win8.1. Galaxy S4. Samsung Galaxy Tab S 10.5)

  2. Subscribe to our Windows Secrets Newsletter - It's Free!

    Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Star Lounger
    Join Date
    Mar 2010
    Location
    Charlotte, NC
    Posts
    79
    Thanks
    0
    Thanked 12 Times in 11 Posts
    Have you run a scan with Malware bytes? If not do so and report back with the results. This thread may help http://malwaretips.com/blogs/snap-do-toolbar-removal/. Check Control Panel-->Programs and Features and uninstall Snap.do if found.

  4. #3
    2 Star Lounger
    Join Date
    Nov 2011
    Location
    Berkshire, UK
    Posts
    126
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by thomasjk View Post
    Have you run a scan with Malware bytes?
    Yes. Just done it again now with yet again the same result, given in detail below. As I said, I do not believe Snapdo has been installed - it is not listed in the uninstall programs list and has not affected my browsers in anyway. It's just the annoyance of the file being detected by Malwarebytes all the time and having to be quarantined.

    The scan log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 24/08/2014
    Scan Time: 16:26:46
    Logfile: mwbytes log.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.08.24.03
    Rootkit Database: v2014.08.21.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Tim

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 336642
    Time Elapsed: 5 min, 53 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.Snapdo.A, C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.google.co.uk/", "http://www.metoffice.gov.uk/", "https://news.google.co.uk/nwshp?hl=en&tab=mn", "http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uy24NiqVvkKen0VXX6DgNu1tCKM3e3YNAySM9HCx9FN8FLH 1_-hT06F2dWTkoF1-bVug8pzrot9qALDc4Go9hKswqni_PQFBB0tVh9hRtGMGh7nZQK WnA94EmeFS4R7r2oU3jwWkWZiW0JA3Olg,,", "about:newtab?source=home" ],), ,[86dd17b387f485b1a236ff1119ece31d]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    Last edited by timsinc; 2014-08-24 at 10:51.
    Tim

    (Asus Transformer Aio. Win8.1. Galaxy S4. Samsung Galaxy Tab S 10.5)

  5. #4
    3 Star Lounger KritzX's Avatar
    Join Date
    Jun 2014
    Posts
    378
    Thanks
    15
    Thanked 41 Times in 41 Posts
    Instead of quarantining it, why not just delete it?
    Fact of Life:

    “Real stupidity beats artificial intelligence every time.”
    Terry Pratchett

  6. #5
    Star Lounger
    Join Date
    Mar 2010
    Location
    Charlotte, NC
    Posts
    79
    Thanks
    0
    Thanked 12 Times in 11 Posts
    I suggest you start with step 3 and run Adwcleaner in the link I posted and work your way through the remaining steps.

  7. #6
    2 Star Lounger
    Join Date
    Nov 2011
    Location
    Berkshire, UK
    Posts
    126
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Thank you thomasjk. Wow, hope all works ok after AdwCleaner and Hitman deletes! Their logs:

    # AdwCleaner v3.308 - Report created 24/08/2014 at 17:11:41
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 8.1 (64 bits)
    # Username : Tim - ASUSPC
    # Running from : C:\Users\Tim\Downloads\adwcleaner_3.308.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\DriverCure
    Folder Deleted : C:\ProgramData\NCH Software
    Folder Deleted : C:\ProgramData\ParetoLogic
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\Uniblue
    Folder Deleted : C:\Program Files (x86)\Nosibay
    Folder Deleted : C:\Program Files (x86)\SearchPredict
    Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
    Folder Deleted : C:\Users\Tim\AppData\LocalLow\SimplyTech
    Folder Deleted : C:\Users\Tim\AppData\Roaming\SimplyTech
    File Deleted : C:\END

    ***** [ Scheduled Tasks ] *****

    Task Deleted : SomotoUpdateCheckerAutoStart

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribu te
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobj ect
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplayst ate
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Key Deleted : HKCU\Software\OCS
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\Somoto
    Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UpgradeCodes\5E8031606EB60A64C882918F8FF38D D4

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17239


    -\\ Mozilla Firefox v31.0 (x86 en-GB)

    [ File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profi les\r4akaqjd.default\prefs.js ]


    -\\ Google Chrome v36.0.1985.143

    [ File : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Startup_urls] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uy24NiqVvkKen0VXX6DgNu1tCKM3e3YNAySM9HCx9FN8FLH 1_-hT06F2dWTkoF1-bVug8pzrot9qALDc4Go9hKswqni_PQFBB0tVh9hRtGMGh7nZQK WnA94EmeFS4R7r2oU3jwWkWZiW0JA3Olg,,

    *************************

    AdwCleaner[R0].txt - [4369 octets] - [24/08/2014 17:08:48]
    AdwCleaner[S0].txt - [4162 octets] - [24/08/2014 17:11:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4222 octets] ##########

    -----

    Code:
    HitmanPro 3.7.9.221
    www.hitmanpro.com
    
       Computer name . . . . : ASUSPC
       Windows . . . . . . . : 6.3.0.9600.X64/8
       User name . . . . . . : asuspc\Tim
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Trial (30 days left)
    
       Scan date . . . . . . : 2014-08-24 17:21:03
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 3m 32s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 15
    
       Objects scanned . . . : 2,410,598
       Files scanned . . . . : 69,936
       Remnants scanned  . . : 946,985 files / 1,393,677 keys
    
    Potential Unwanted Programs _________________________________________________
    
       session/startup_urls[3]
       C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Preferences
    
       HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player) -> Deleted
       HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player) -> Deleted
       HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player) -> Deleted
       HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player) -> Deleted
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player) -> Deleted
       HKU\S-1-5-21-4029867339-3856966008-3241174293-1001\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player) -> Deleted
       HKU\S-1-5-21-4029867339-3856966008-3241174293-1001\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player) -> Deleted
    
    Cookies _____________________________________________________________________
    
       C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
       C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
       C:\Users\Tim\AppData\Local\Microsoft\Windows\INetCookies\3LTQ8LNX.txt
       C:\Users\Tim\AppData\Local\Microsoft\Windows\INetCookies\IGTHEJOX.txt
       C:\Users\Tim\AppData\Local\Microsoft\Windows\INetCookies\NEQAP7QP.txt
       C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\r4akaqjd.default\cookies.sqlite:doubleclick.net
       C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\r4akaqjd.default\cookies.sqlite:in.getclicky.com
    Tim

    (Asus Transformer Aio. Win8.1. Galaxy S4. Samsung Galaxy Tab S 10.5)

  8. #7
    2 Star Lounger
    Join Date
    Nov 2011
    Location
    Berkshire, UK
    Posts
    126
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Oh dear! After all that dramatic cleaning by AdwCleaner and HitmanPro yesterday, today Malwarebytes pops up after a few hours to warn me yet again that the Snapdo file has again wormed itself into the usual location and needs quarantining.

    Baffling.
    Tim

    (Asus Transformer Aio. Win8.1. Galaxy S4. Samsung Galaxy Tab S 10.5)

  9. #8
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,506
    Thanks
    7
    Thanked 220 Times in 208 Posts
    Have you removed the software that Snapdo came with?

    cheers, Paul

  10. #9
    2 Star Lounger
    Join Date
    Nov 2011
    Location
    Berkshire, UK
    Posts
    126
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Paul T View Post
    Have you removed the software that Snapdo came with?

    cheers, Paul
    I haven't the first idea what software that might be. Except for those security programs suggested above, I have not installed anything in the last week or so when this first started happening. There have been updates - java, Adobe and of course Windows-related ones.
    Tim

    (Asus Transformer Aio. Win8.1. Galaxy S4. Samsung Galaxy Tab S 10.5)

  11. #10
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,506
    Thanks
    7
    Thanked 220 Times in 208 Posts
    Fire the computer up with nothing running as see if MBAM pops up the warning. If so list the running programs from MBAM here and we can suggest.

    cheers, Paul

  12. #11
    Star Lounger
    Join Date
    Mar 2010
    Location
    Charlotte, NC
    Posts
    79
    Thanks
    0
    Thanked 12 Times in 11 Posts
    Here is another webpage that may help sort this out http://www.wikihow.com/Get-Rid-of-Snap-Do.

  13. #12
    2 Star Lounger
    Join Date
    Nov 2011
    Location
    Berkshire, UK
    Posts
    126
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Paul T View Post
    Fire the computer up with nothing running as see if MBAM pops up the warning. If so list the running programs from MBAM here and we can suggest.
    MBAM?

    I restarted. Nothing popped up but a Malwarebytes scan immediately found the offending file.

    In Windows task manager, Malwarebytes is the only app running, but there is a long list of background processes, including Google Chrome.

    Also checked out the Wikihow link, but all its instructions did not apply as Snapdo is not in my Chrome extensions and is not listed among the search engines.

    As I have repeatedly said, Snapdo has not installed itself on my PC. It is just the continual appearance of THAT file which needs quarantining that bugs me.
    Tim

    (Asus Transformer Aio. Win8.1. Galaxy S4. Samsung Galaxy Tab S 10.5)

  14. #13
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,506
    Thanks
    7
    Thanked 220 Times in 208 Posts
    MalwareBytes Anti Malware.

    Something is putting the file on your PC and you need to stop programs one at a time until you find the offending program.

    cheers, Paul

  15. #14
    Silver Lounger
    Join Date
    Aug 2012
    Posts
    1,607
    Thanks
    24
    Thanked 230 Times in 225 Posts
    You can do what Paul T suggests by performing a clean boot http://support.microsoft.com/kb/929135 and then run AdwCleaner and Hitman again.
    Last edited by Sudo15; 2014-08-26 at 15:52.

  16. #15
    2 Star Lounger
    Join Date
    Nov 2011
    Location
    Berkshire, UK
    Posts
    126
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Thanks for the tips. Will try those (when I get time!) One thing that's interesting: Add remove programs doesn't see it, Revo uninstaller doesn't list it, but CCleaner does see it (under tools>uninstall).

    When CCleaner tries to uninstall I get the message:
    The feature you are trying to use is on a network resource that is unavailable.

    Means nothing to me, but a clue?
    Tim

    (Asus Transformer Aio. Win8.1. Galaxy S4. Samsung Galaxy Tab S 10.5)

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •