TB Host Support Removal

Solved
Thread Status:
Not open for further replies.
  1. Patrick Burke

    Patrick Burke New Member Bronze Member

    Joined:
    Dec 6, 2013
    Posts:
    6
    Likes Received:
    0
    Local time:
    00:54
    My System
    Loading...

    I can't seem to get rid of TB Host Support using AVG or Malwarebytes. Malwarebytes picks it up during its scan and I remove it as prompted but it comes back after I reboot and access the internet using either IE and Chrome. When I access the internet, the WinPatrol that I have running picks it up and warns me that TB wants to become a start up program. I reject that request but that tells me that AVG and Malwarebytes are not completely removing it. Please help me get rid of TB. I completed the pre-work (hopefully correctly) and uploaded the text files. Thanks!
     

    Attached Files:

  2. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,425
    Likes Received:
    0
    Local time:
    14:54
    My System
    Loading...

    Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Clean.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.
    ===============================

    Lets reset the Hosts file back to the default, follow these steps:
    1.Click Start, click Run, type %systemroot% \system32\drivers\etc, and then click OK.
    2.Rename the Hosts file to Hosts.old.
    3.Create a new default hosts file. To do this, follow these steps: a.Right-click an open space in the %WinDir%\System32\Drivers\Etc folder, point to New, click Text Document, type hosts, and then press Enter.
    b.Click Yes to confirm that the file name extension will not be .txt.
    c.Open the new Hosts file in a text editor. For example, open the file in Notepad.
    d.Copy the following text in the code box to the file:

    Code:
    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    #      102.54.94.97     rhino.acme.com          # source server
    #       38.25.63.10     x.acme.com              # x client host
    127.0.0.1       localhost
    
    Save and then close the file

    ================================


    Download Combofix from any of the links below, and save it to your desktop.
    Link 1
    Link 2
    When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

    Refer to this image:
    To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click PCHelpForum.exe to run it.
      You will see the following image:
    [​IMG]

    Click I Agree to start the program.
    ComboFix will then extract the necessary files and you will see this:

    [​IMG]

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
    It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    If you did not have it installed, you will see the prompt below. Choose YES.

    [​IMG]

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.
    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
     
  3. Patrick Burke

    Patrick Burke New Member Bronze Member

    Joined:
    Dec 6, 2013
    Posts:
    6
    Likes Received:
    0
    Local time:
    00:54
    My System
    Loading...

    I am having a hard time with the step that involves changing the Hosts file. I don't see a file named Hosts when I perform this step:
    Lets reset the Hosts file back to the default, follow these steps:
    1.Click Start, click Run, type %systemroot% \system32\drivers\etc, and then click OK.
    2.Rename the Hosts file to Hosts.old.
    I stopped at this step.
    I did run AdwCleaner and uploaded the log.
    Please let me know if I should skip the Hosts step or try to go about a different way - sorry, not very fluent at this!
     

    Attached Files:

  4. driver_ian

    driver_ian Guest

    Local time:
    23:54
    My System
    Loading...

    Let's see if we can help you with the Hosts File issue before Pancake returns.. ;)

    Please run OTL.exe.
    • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :commands
      [resethosts]
      [reboot]
    • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
    • Click the red Run Fix button.
    • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTL.exe

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Once your done with this please continue with the other instruction in post #2
    Good Luck.
     
  5. Patrick Burke

    Patrick Burke New Member Bronze Member

    Joined:
    Dec 6, 2013
    Posts:
    6
    Likes Received:
    0
    Local time:
    00:54
    My System
    Loading...

    I ran OTL with the custom scan/fix code as instructed and clicked Run Fix. It rebooted but a fix log never opened. I returned to follow Pancake's instructions to reset the Hosts file but it still is not there???
     
  6. driver_ian

    driver_ian Guest

    Local time:
    23:54
    My System
    Loading...

    You will be able to find the OTL fix log in the following Location C:\_OTL\Moved Files

     
  7. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,425
    Likes Received:
    0
    Local time:
    14:54
    My System
    Loading...

    As in post #1 can you run and post a new OTL.? That will tell us if the host files have been reset.
     
  8. Patrick Burke

    Patrick Burke New Member Bronze Member

    Joined:
    Dec 6, 2013
    Posts:
    6
    Likes Received:
    0
    Local time:
    00:54
    My System
    Loading...

    Below is OTL fix text file.

    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 12082013_150342

    I was able to find the Host file and reset it. I also completed the rest of the instructions of Post 2. I have uploaded the ComboFix log.

    My AVG gave me warnings about PCHelpForum\Regt.3xe. There was another warning too but I missed the whole file name - something like PCHelpForum\CatchMe or something like that. Anything to worry about???
     

    Attached Files:

    • log.txt
      File size:
      14.3 KB
      Views:
      1
  9. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,425
    Likes Received:
    0
    Local time:
    14:54
    My System
    Loading...

    There is no need to worry about the AVG message.Your host files have all been reset and all should be fine now. :)
     
  10. Patrick Burke

    Patrick Burke New Member Bronze Member

    Joined:
    Dec 6, 2013
    Posts:
    6
    Likes Received:
    0
    Local time:
    00:54
    My System
    Loading...

    OK - Am I all cleaned up now?
    Do you recommend that I download any additional protection or incorporate some type of preventative practices to reduce the risk of future infections? I'm currently using AVG 2014 Free Edition and WinPatrol and run a MalwareBytes scan periodically but the TB Host got through them.
     
  11. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,425
    Likes Received:
    0
    Local time:
    14:54
    My System
    Loading...

    Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.
    Afterwork
    Malware Prevention
    How Did I Get Infected
    More Tips on Prevention

    You can now uninstall ComboFix

    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /uninstall
    [​IMG]

    (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

    • Then, press Enter, or click OK.
    • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
     
  12. Patrick Burke

    Patrick Burke New Member Bronze Member

    Joined:
    Dec 6, 2013
    Posts:
    6
    Likes Received:
    0
    Local time:
    00:54
    My System
    Loading...

    Thank you!!!
     
  13. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,425
    Likes Received:
    0
    Local time:
    14:54
    My System
    Loading...

    you're welcome.
     
Similar Threads
Forum Title Date
AntiVirus, Firewalls & System Security dllhost.exe*32 problems Feb 25, 2014
AntiVirus, Firewalls & System Security dllhost.exe *32 Description: COM Surrogate Feb 19, 2014
AntiVirus, Firewalls & System Security svchost.exe High Memory Usage! Jan 5, 2014
AntiVirus, Firewalls & System Security dllhost.exe has stopped working Dec 17, 2013

Thread Status:
Not open for further replies.