Can't remove Some Malware...

By on January 2, 2015 11:45:03 PM from WinCustomize Forums WinCustomize Forums

kona0197

Join Date 02/2003
+58

So on the machine I use everyday I have an issue. I use Chrome. When in Chrome, I get constant redirects and popups. 

I have tried the following with these results:

AVG full scan - clean
MSE full scan - clean
Malewarebytes - clean
Superantispyware - clean
Spybot - clean
ADWcleaner - clean
Hitman PRO - clean

The popups and browser hijacks have to be some sort of virus. But all of these say the machine is clean??? 

32 Replies
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 12:03:08 AM from JoeUser Forums JoeUser Forums

Sucks to be you on Chrome, Kona.  Hope somebody here, unlike me, can be of help.

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 12:31:07 AM from WinCustomize Forums WinCustomize Forums

Check the add-ons of Chrome or unknown applications at "Add/Remove Programs" applet in your system. Also look for Task manager for nondescript .exe(s) or services which running on the background.  

Sometimes,the bothersome applets was/were piggybacked from other software you installed and masqueraded as legitimate which cannot be detected with its signature/code.  

 

The last,it's better share some informations of what's the popup about:its vendors,links for anyone whom might has similar encounters and know how to solve it straightaway.  

 

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 1:58:40 AM from WinCustomize Forums WinCustomize Forums

Try running an application called Hijack This. It will scan the system including Browsers and let you know all about any Addons that have infiltrated Browsers. Be careful before removing things though because the program makes no distinction between what is good or bad, It just scans the computer and generates a list of Addons, Browser hijacks (Of which some are legitimate). And if in doubt you can submit the results to the Hijack This forums for some expert advice on what is what and what can be safely removed.

 

Oh and it's completely free, Did i mention that

 

http://www.majorgeeks.com/files/details/trend_micro_hijackthis.html

 

Good luck Kona

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
January 3, 2015 6:35:17 AM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

kona, it sound like you might have 'toolbar hell', I would suggest using the iobit uninstaller and looking through the list for ANY items that have the following words 'tool' 'bar' 'toolbar' 'search protect' ,'ask'

then uninstall ALL the items that have those words (I also suggest the deep scan after the standard unistall and select all the found items and delete all of the found items.

then go through ALL the browser addons and remove ALL that are NOT vital for what YOU want to do

hope this helps you kona

harpo the NON-subscriber

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 8:07:01 AM from WinCustomize Forums WinCustomize Forums

Quoting harpo99999,

kona, it sound like you might have 'toolbar hell', I would suggest using the iobit uninstaller and looking through the list for ANY items that have the following words 'tool' 'bar' 'toolbar' 'search protect' ,'ask'

I am sorry,I have biased towards IObit software or any software from China. Said I am paranoid whatsoever,the experiences I have are not good.  

 

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 8:14:04 AM from WinCustomize Forums WinCustomize Forums

Hopefully Hijack This will help, if not... try a herdProtect scan...more engines to look at your machine. 

Perhaps you can give us more info. What did you install or site did you visit before all this started?

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 9:40:46 AM from WinCustomize Forums WinCustomize Forums

I personally do not recommend HiJackThis. I used to use it for years, but then all of a sudden, regardless of version, it would not work correctly. You would do a fix on an item for instance a "Missing File" item and it would complete, but when you did another scan that same item shows up again. Even running in administrator mode did not work. Also, unless you know exactly what you are doing, you can easily screw your system up with it as it displays a lot of items that are perfectly fine.

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 10:37:30 AM from WinCustomize Forums WinCustomize Forums

system restore?

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 10:52:04 AM from WinCustomize Forums WinCustomize Forums

might try looking at your proxy settings to see if something redirected you.

Open Chrome settings, Show Advanced settings. Under Network, hit the Change proxy settings buttons. (which opens IE internet settings..). Go to LAN settings.

It should just have the Automatically detect settings box checked. NOTHING else. If you have something in the other boxes, that would be your culprit and something else is changing it.

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 11:41:23 AM from WinCustomize Forums WinCustomize Forums


Either you do what Nimbin suggested and go for hijack this or you go the good old routine tour
YOu should also check if your tools are up to date:
Get these tools on a USB drive from a clean system

OTL= Link
Tutorial in german if you need help scream
http://www.trojaner-board.de/85104-otl-otlogfile-by-oldtimer.html 

----------------------------------------------------------------------------------

Malwarebytes Antimalware + Anti Rootkit = http://filepony.de/download-malwarebytes_anti_malware/
http://filepony.de/download-malwarebytes_anti_rootkit/

----------------------------------------------------------------------------------
AdwCleaner = http://filepony.de/download-adwcleaner/
Junkware removal tool http://filepony.de/download-junkware_removal_tool/

----------------------------------------------------------------------------------
Kaspersky (root)

TDSKILLER - http://filepony.de/download-tdsskiller/

(Even though MB Anti Rootkit and Kaspersky TDSKILLER will find certain kits, it is sometimes wiser to just start again.)


After getting those tools


1. If the system is not booting normaly anymore (BKA/GVU trojan) Any other problems it is highly suggested that you load windows in safemode
safemode with command prompt to be exact.

2.Make a restore point or better make a systemimage as backup!
Now you can launch OTL.exe as Admin and make a logfile for me or ~
~When done run Malwarebytes Antimalware you can run antiroot aswell, you can either go and delete the findings or gimme a pm with the log.txt report first.

However if you feel im not trustworthy/ or you do not have enough time to do so you can simply delete all of that nasty shit.
(since you have made a backup)

3.Now since you reported trouble with your browser:
Run AdwC+Junkware Removal these are your friends when it comes to that.
Even if you had run AdwC already run it in savemode... and make sure it is updated or at least the latest version of it

If the Problem persists = open the browser without the cable plugged
clean the cache temp cookies and so on.
Now Chrome: C:\Users\[USERNAME]\AppData\Local\Google\Chrome\User Data\Default\Cache
IE: C:\Users\USERNAME\AppData\Local\Microsoft\Windows\INetCache
Or C:\Users\<your user name>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5.  (once you reach this folder you will find a number of folders ) like kjnwxiunis and so on, feel free to delete them all. 
Firefox: 
google said you can find the folder if you enter this in the URL =  about:cache?device=disk

IF a folder can not be deleted it is because your browser is still open or because there is a protected file sitting in one of them.
If so let me know the filename and i will tell you how to proceed.

I just list these extra because i will from now on use copy and paste...

Sometimes nasty stuff will not be deleted through the settings in your browser navigate to the folder above and delete it. (Shift+del)

Uninstall your browser and install the newest version.

----------------------------------------------------------------------------------

May i ask what protection you have for your system? Since it might be time to get something better.


 

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 11:46:03 AM from WinCustomize Forums WinCustomize Forums

Of course, more often than not, it is simply faster to wipe your drive and re-install Windows than to jump through the diagnostic hoops.

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 11:48:33 AM from WinCustomize Forums WinCustomize Forums

Constant redirects and popups does sound like a browser add-on.  I would direct your attention there as previously suggested. 

I know lots of folks like to use browser add-ons and some can be very helpful others just get added in when you download a new piece of software or probably go to a site, most of use fail to check for them, myself included. 

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 2:23:20 PM from WinCustomize Forums WinCustomize Forums

Chrome has NO extensions or ad-ons installed. I can't wipe the computer, it's not mine. Internet settings under LAN settings are just what they should be. No new software installed, that requires a password I do not have. 

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 4:15:03 PM from WinCustomize Forums WinCustomize Forums

Did you see post #10 ?

You said when in chrome you get constant redirects and popups.
Did you yet check the number of selected startuppages ? And search engines selected.

If not go to properties /then rider "settings"/
You have three options here under "At Start" you can choose if you want a new empty tab opened or the last page visited or you can define a page
Press define now you will see proxy underneath that option if you have a proxy addon installed it will show it automatically as selected you can also deactivate it right there 
underneath the proxy thingy you will have
display-characterizeation im not sure what it is called in english
make sure that the checkbox "show startpage" is selected if not check it.
select your startpage by clicking change
select one

On "Search" select a searchengine of your choice 
Scroll down until you read show advanced settings
there are bunch of checkboxes make sure the Phising and Malware protection is checked.


If all doesnt help you will also find a button at the very bottom that will reset the whole settings to default. But there is realy normally no need to do that.
Im still waiting for an answer about what protection software is installed.

Also i would like to know how many Addons are installed and what kind.
Since in the first post you said 

So on the machine I use everyday I have an issue. I use Chrome. When in Chrome, I get constant redirects and popups. 

While one post before this one you said "I can't wipe the computer, it's not mine.
 
 

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 4:57:35 PM from WinCustomize Forums WinCustomize Forums

So I will take it kona that even though you said no extensions or add-ons are installed you did check?  If that's the case then it would seem that the only recourse that you can suggest to the owner of the computer is to do a restore, if one is available or in worst case a wipe and clean reinstall of the OS. 

I went and re-read your posts kona.  Are you attempting to repair this computer or do just have the use of it?  I understand you don't have the proper passwords to install any software but did the owner install something?

 

EDIT:  Here is another thought, you listed in the OP the software you ran to try and find the maleware.  Were they tried in normal or safe mode?  If you didn't try safe mode you might give that a try.

 

 

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 5:37:42 PM from WinCustomize Forums WinCustomize Forums

Quoting Philly0381,

safe mode

That is what i wrote in #10 
Quoting benmanns,

1. If the system is not booting normaly anymore (BKA/GVU trojan) Any other problems it is highly suggested that you load windows in safemode

But with No details or any more information to the issue you can only suggest steps in hope to resolve and eliminate the issue.
While resolving the problem would be way easier if proper information would be provided.

I was waiting for a reply of Kona but without any reply there is either no help wanted or the problem has been solved.

Also problems like these would not be an issue if proper protection would be used, this may sound harsh but in most cases it is the truth.
I have repaired enough computers in my years where trials had been installed that had run out of testing time for years where no updates had been done, or no users with no protection software at all, since it seemed to slow down the computer, therefore it had been easier for certain individuals to uninstall and run the computer without it. With breaking results.
 

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 9:10:40 PM from WinCustomize Forums WinCustomize Forums

Quoting kona0197,

I can't wipe the computer, it's not mine.

Now, what I'd suggest is to seriously look for another occupation other than ineffectually attempting to fix computers other than your own.

Like most things it's entirely 'fair game' to waste your life screwing up/with your own computer [I do it all the time] but it's a case of the blind leading the inept to take on something beyond your own capabilities....

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 10:02:54 PM from Stardock Forums Stardock Forums

Just in case someone else hasn't mentioned these methods:

http://malwaretips.com/blogs/remove-browser-redirect-virus/

 

 

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 10:13:10 PM from WinCustomize Forums WinCustomize Forums

http://www.bleepingcomputer.com/download/junkware-removal-tool/

 

 

BleepingComputer Review:

Junkware Removal Tool is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer.  A common tactics among freeware publishers is to offer their products for free, but bundle them with PUPs in order to earn revenue.  This tool will help you remove these types of programs.

Junkware Removal Tool has the ability to remove the following types of programs:

  • Ask Toolbar
  • Babylon
  • Browser Manager
  • Claro / iSearch
  • Conduit
  • Coupon Printer for Windows
  • Crossrider
  • Facemoods / Funmoods
  • iLivid
  • IncrediBar
  • MyWebSearch
  • Searchqu
  • Web Assistant

When run, Junkware Removal Tool will remove all traces of these programs including their files, Registry keys, and folders.

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 11:02:33 PM from WinCustomize Forums WinCustomize Forums

I was also going to recommend BleepingComputer if all else fails. They are the only site that was able to help me when I had a virus I could not remove. The best thing is all services are free. http://www.bleepingcomputer.com/

Reason for Karma (Optional)
Successfully updated karma reason!
January 3, 2015 11:04:40 PM from WinCustomize Forums WinCustomize Forums

Uninstall Chrome, run a reg cleaner, reinstall Chrome and tell it to NOT keep your old settings. If you can't do that and/or have no Admin privileges, you're pissing in the wind and you are wasting your time, and ours.

In the future, if you want to run Chrome on some rig other than your own, I suggest putting PortableApps on a flashdrive and use the portable version.

Reason for Karma (Optional)
Successfully updated karma reason!
January 4, 2015 2:41:46 PM from Stardock Forums Stardock Forums

Quoting Jafo,

Now, what I'd suggest is to seriously look for another occupation other than ineffectually attempting to fix computers other than your own.

Like most things it's entirely 'fair game' to waste your life screwing up/with your own computer [I do it all the time] but it's a case of the blind leading the inept to take on something beyond your own capabilities....

 

Amen.  Seriously....

 

Also kona if you are indeed 'repairing' someone else's system learning the system registry and how to effectively navigate/modify it would be invaluable.  Many software related issues (ie. software not behaving as it should etc. etc.) can either be completely fixed by editing/adding/modifying/removing a registry entry or at least you'll be pointed in the right direction for a fix.  Of course you should never go spelunking around in a system registry unless you know what you're doing and unless you are willing to accept responsibility for any/all potential results.

Reason for Karma (Optional)
Successfully updated karma reason!
January 4, 2015 3:39:47 PM from WinCustomize Forums WinCustomize Forums

Quoting the_Monk,

Of course you should never go spelunking around in a system registry unless you know what you're doing and unless you are willing to accept responsibility for any/all potential results.



Why not I´ll ask?
As long as it is your own system and you made a backup it will be the way to learn it. 
 

Reason for Karma (Optional)
Successfully updated karma reason!
January 4, 2015 3:45:43 PM from Stardock Forums Stardock Forums

 

benmanns,

I'm sure you can appreciate that part of my post was a bit of a disclaimer and/or warning especially since it appears that the system in question (regarding kona's OP) is not actually 'his'. 

Reason for Karma (Optional)
Successfully updated karma reason!
January 6, 2015 1:45:45 PM from WinCustomize Forums WinCustomize Forums

OK guys I think I have it handled. Ran all of the programs you mentioned and I guess one of them did the trick. Everything is back to normal. It's my Sister's computer. I no longer have one of my own so I use hers.

Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #108433  walnut3   Server Load Time: 00:00:00.0000297   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2016 Stardock Corporation. All Rights Reserved.