Malware?

[Bill M.]

Pete, can you tell me (or us) about a nasty called "distromatic"? I don't know where it came from but blocked my net access and wouldn't let me log into my router? JRT removed it.
If this is in the wrong place, feel free to move it. Thanks.

 

[AWS]

I'd like to know too. I've see mention of this before yet no one seems to know what it is or how it works.

 

[Bill M.]

It has happened again. Both Antimalwarebyes, and JRT on the last run found nothing, I rebooted and my connection is back, for the moment. But it doesn't seem to last long.

 

[DSTM]

I have had that and removed it.

 

[Bill M.]

What did you use to remove it Dougie? I tried JRT but there seems to be some residual malice.

 

[DSTM]

Hi Bill. My Distromatic was the Amazon Smart Search Home page.
I would rather let Starbuck tell you how to remove it.

 

[starbuck]

Hi Bill,

Sorry for the delay..... we've had our son's future In Laws staying with us this weekend.
The problem with 'distromatic' is that is the name of the company that creates the browser extension.
They tailor it to suit different companies..... that's why Dougie had the 'Amazon Smart Search Home page'.
Although 'Distromatic' is flagged up and removed, this doesn't mean that the actual culprit is removed.
We need to look deeper.

Please run FRST and then post the results along with the report from JRT in the Malware Removal forum
That's a more appropriate forum for dealing with the future reports.

Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

• Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator
  
  
  
  
  
• When the tool opens click Yes to disclaimer.
  
  
  
  
  
• Make sure that Addition.txt is selected at the bottom
• Press Scan button.
  
  
  
  
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

Thanks

 

[Bill M.]

Hi Pete, I should tell you I took a shot and ran ADW cleaner which I have use before and it seems to have caught the nasty. I think I will wait for a day to see if it's really gone before I start. I will let you know Monday or Tuesday. Thanks for your offer, I might still have to take you up on it.

 

[starbuck]

Hi Bill

OK, that sounds like a good plan.
Adwcleaner and JRT do have a different set of definitions..... so it may well be that Adwcleaner has picked up something that JRT missed.
Thanks for letting us know.

 

[Bill M.]

Pete, this problem appears to be resolved. Thanks again.

 

[starbuck]