Pricechop removal

[Hell Patrol]

Hi, going to keep this short here but I could really use some help.

 

A younger family member of mine wanted to play Minecraft on my computer. I said okay and let them, while I was away they installed some mods, and in the process happened to get quite the load of adware on my computer. Immediately I went to malwarebytes and removed as much of the malware as possible, however one resilient specimen remains.

 

Pricechop.

 

This genuine piece of garbage adware redirects me constantly, inserts ads onto webpages, and refuses to die no matter how many times it is deleted from chrome or anything else. While malwarebytes did detect it and remove it, it continues to stay. Being a gigantic nuisance in the process. Upon further scans with malwarebytes it is undetected.

 

Can someone, anyone, help me get this trash off of my computer?

 

Edit: I wonder if it is something installed specifically to chrome. As this didn't seem to happen on another browser I opened.

[William12h]

Did you check to uninstall it from your System via Control panel? Maybe use a forced Uninstaller like iObit Uninstaller. 

Make sure to delete and change the settings in chrome so it wont re direct your or open as a new page etc 

[Hell Patrol]

Did you check to uninstall it from your System via Control panel? Maybe use a forced Uninstaller like iObit Uninstaller. 

Make sure to delete and change the settings in chrome so it wont re direct your or open as a new page etc 

 

The first thing I did was uninstall it via control panel actually. I'm wondering if this thing might just be latched onto chrome somehow, as I can disable it within chrome. But I can't delete it or it comes back immediately, and I can't seem to get rid of it or find it any other way/anywhere else

[William12h]

The first thing I did was uninstall it via control panel actually. I'm wondering if this thing might just be latched onto chrome somehow, as I can disable it within chrome. But I can't delete it or it comes back immediately, and I can't seem to get rid of it or find it any other way/anywhere else

Check on   Chrome://Plugins  And Chrome://Extensions and disable/Remove it from there

But also in Chrome Settings go to: 

1. Search Engines and Delete it all
2. Open Specific Page or Tabs, remove the text and use Google etc or whatever u want

Check for other Software that might be junk and keeping it there. You can also use the software sugested on this site http://www.2-spyware.com/remove-pricechop.html

[W-L]

The first thing I did was uninstall it via control panel actually. I'm wondering if this thing might just be latched onto chrome somehow, as I can disable it within chrome. But I can't delete it or it comes back immediately, and I can't seem to get rid of it or find it any other way/anywhere else

I had the same virus on my laptop probably form forgetting to unchceck one of those boxes before installing a program, It hides it's file so it will come back even if you delete it in the control panel. You need to find the location of your extension folder on your computer for chrome and go through those folders, you should be able to find one with the same extension ID number as the price chop one. Once you find the extensions folder I suggest to save a copy on the desktop just incase you delete the wrong folder but go ahead and manually remove the folder with the same ID number as price chop.

[Hell Patrol]

I had the same virus on my laptop probably form forgetting to unchceck one of those boxes before installing a program, It hides it's file so it will come back even if you delete it in the control panel. You need to find the location of your extension folder on your computer for chrome and go through those folders, you should be able to find one with the same extension ID number as the price chop one. Once you find the extensions folder I suggest to save a copy on the desktop just incase you delete the wrong folder but go ahead and manually remove the folder with the same ID number as price chop.

 

 

Check on   Chrome://Plugins  And Chrome://Extensions and disable/Remove it from there

But also in Chrome Settings go to: 

1. Search Engines and Delete it all
2. Open Specific Page or Tabs, remove the text and use Google etc or whatever u want

Check for other Software that might be junk and keeping it there. You can also use the software sugested on this site http://www.2-spyware.com/remove-pricechop.html

 

Well, I ended up reinstalling Chrome fully. The problem was fixed from there on.

 

Ended up doing a second scan with malwarebytes and even installing avast just to do a full scan. While the first scan that I mentioned I did in my OP found 36 pieces of adware and two Trojans, and dealt with them. The second scan and avast picked up nothing so I can only assume my PC is as clean as I can get it. There isn't any particularly weird network/cpu/ram use it would seem so I can assume that I'm clear.

 

Apparently the website he installed from was called Minecraftdl, they're extremely sketchy. They just use a crawler to get mods from around the internet, then create a page for them on their site. I looked at the installer he used as well, it doesn't even install the mod. It just gives you a bunch of adware and then links you to the mod download.

 

I guess I'm clear here, but does anyone think there's a chance anything stayed behind?

[Fliggle_Slaps]

There's always the chance, but chances are you won't know until their effect takes place. You may want to try some other software to be sure but you're probably fine.

[Hell Patrol]

There's always the chance, but chances are you won't know until their effect takes place. You may want to try some other software to be sure but you're probably fine.

 

I went through my PC, luckily they knew the exact time of the install and I was able to go through a lot of folders, sort by date, inspect for suspicious material, and then delete. They haven't came back, so I'd imagine whatever had placed them there and made them work as actual viruses had been removed by previous scans and they were just leftover files. Is there a way to see every file (and maybe even registry edit, though I wouldn't get my hopes up) that was added/changed on my computer from a certain time? If I can see a list of edits made between 6:39 and 7:35 pm (the dates the files seem to have) on November 18th, I can make sure I clean out everything that's left.

[TDP_Equinox]

OP.
Download my tools folder: https://www.dropbox.com/sh/6eftoutzp7abmbo/AACItIX-uRxZB1u2L9zl0Xh3a?dl=0
Run ADWCleaner.
Adware removal tool
Combo fix
Hitman Pro
And RogueKiller.

Running each is fairly straight forward.
Normally, i recommend running every tool in that folder, but i simply do not think it is needed in this case.
Run them, check all the items, delete each one, and restart after each scan. 
Once you have run them, reset all your browsers to default (your bookmarks are saved and synced when you sign in to chrome again, don't worry), remove any added home pages and search engines, and open up REVO Uninstaller. 
Look for anything shady, run the advanced removal, and delete all the leftover files and registry entries. 

Run CCleaner, and you're good.

[Hell Patrol]

Tempted to start a new thread on what I'm about to mention in this post. But after three full virus scans across every file on my PC, and finding a way to view every file installed on November 18th 2014 and then deleting the virus ones. I've noticed that, during the Malwarebytes scan, a large quantity, in fact the majority of the files it caught and deleted were registry files. I have some registry files that look a little suspicious and I'm wondering if I can also sort those by date, or if there are any particularly good programs tailored to killing registry edits by viruses/trojans/malware.

 

Considering that I've fully cleaned any file based adware/malware from the install, and none of it has come back (coupled with malwarebytes hitting about 20 registry keys during its scan and removing them). I'm firmly willing to bet that any registry files left are orphans. But I'd still be interested in seeing which ones came with the virus that was installed so I can clean what's left.

 

 

[TDP_Equinox]

Tempted to start a new thread on what I'm about to mention in this post. But after three full virus scans across every file on my PC, and finding a way to view every file installed on November 18th 2014 and then deleting the virus ones. I've noticed that, during the Malwarebytes scan, a large quantity, in fact the majority of the files it caught and deleted were registry files. I have some registry files that look a little suspicious and I'm wondering if I can also sort those by date, or if there are any particularly good programs tailored to killing registry edits by viruses/trojans/malware.

 

Considering that I've fully cleaned any file based adware/malware from the install, and none of it has come back (coupled with malwarebytes hitting about 20 registry keys during its scan and removing them). I'm firmly willing to bet that any registry files left are orphans. But I'd still be interested in seeing which ones came with the virus that was installed so I can clean what's left.

I think i am going to start a thread that outlines instructions on how to clean viruses, and request a sticky.

[Hell Patrol]

I think i am going to start a thread that outlines instructions on how to clean viruses, and request a sticky.

 

Do it, but I'd be interested to know like I said if it is possible to sort files in the registry by date added/modified.

 

That would make cleanup of anything left very very simple.

[TDP_Equinox]

Do it, but I'd be interested to know like I said if it is possible to sort files in the registry by date added/modified.

 

That would make cleanup of anything left very very simple.

Alright, i will.

As far i know there is no way to sort it like that.

[Hell Patrol]

Alright, i will.

As far i know there is no way to sort it like that.

 

I found a program that does it actually. Unfortunately despite all being associated to the time the virus came onto my machine, many of them are confusing, and questionable as if they even were new registry keys or edits of old windows registry keys.

 

Obviously deleting a windows registry key simply because it was edited by a virus would be a bad idea.

 

I looked in a program I have, process explorer. To see if the offending registry keys were being accessed at any time by any programs. They did not seem to be being accessed, though I will have to test this at computer startup considering they may only be needed upon startup.

 

I also found a few files on my computer that seemed to have been edited by the virus. Registry.pol in group policy was one. The only line of text it had was "PReg   [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e   ; M e t r i c s R e p o r t i n g E n a b l e d   ;   ;   ;     ] "

 

I looked it up, while the line turned up nothing though it turns out that the registry.pol file seems quite normal.

 

Honestly I wonder if these are all just dormant files considering how badly I had to have crippled the virus at this point. I doubt they're even a threat. What do you think?

[TDP_Equinox]

I found a program that does it actually. Unfortunately despite all being associated to the time the virus came onto my machine, many of them are confusing, and questionable as if they even were new registry keys or edits of old windows registry keys.

 

Obviously deleting a windows registry key simply because it was edited by a virus would be a bad idea.

 

I looked in a program I have, process explorer. To see if the offending registry keys were being accessed at any time by any programs. They did not seem to be being accessed, though I will have to test this at computer startup considering they may only be needed upon startup.

 

I also found a few files on my computer that seemed to have been edited by the virus. Registry.pol in group policy was one. The only line of text it had was "PReg   [ S o f t w a r e \ P o l i c i e s \ G o o g l e \ C h r o m e   ; M e t r i c s R e p o r t i n g E n a b l e d   ;   ;   ;     ] "

 

I looked it up, while the line turned up nothing though it turns out that the registry.pol file seems quite normal.

 

Honestly I wonder if these are all just dormant files considering how badly I had to have crippled the virus at this point. I doubt they're even a threat. What do you think?

If multiple runs of the CCleaner registry section doesn't get it (scan, delete, scan, delete, repeat until none are found) then it is probably fine.