Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect and ads


  • Please log in to reply
17 replies to this topic

#1 MarkC05

MarkC05

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 23 January 2014 - 02:17 PM

new laptop with windows 8, ie 10.  clicking on browser search bar tries to load another website.  I've ran the avast free anti-virus and ccleaner several times and they pick up nothing.  Tried to  download some free ad and malware removers but had difficulties doing so and got pop-ups during that.

 

any suggestions?



BC AdBot (Login to Remove)

 


#2 MarkC05

MarkC05
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 23 January 2014 - 02:32 PM

Avast just caught the system from going to http://bleepingcomputer.com/.net-offer.net

 

JS:ScriptIP [Trj]

 

Looks like a java trojan



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:24 PM

Posted 23 January 2014 - 02:52 PM

Hi Mark, I moved this from Win 8 to the Am I Infected forum so we can run these.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 smacl

smacl

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 24 January 2014 - 02:37 AM

MarC05 - have you had success with the suggestions.  I've become paranoid about downloading anything I'm not familiar with and I haven't heard of the suggested downloads.  I use CCleaner and Malwarebytes/Anti-Malware and neither of them are finding anything.  I've had some problems with ads since buying this computer but the redirects and opening new pages without reason just started this week and it seems they have multiplied significantly in the last couple of days.



#5 MarkC05

MarkC05
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 24 January 2014 - 08:47 AM

MarC05 - have you had success with the suggestions.  I've become paranoid about downloading anything I'm not familiar with and I haven't heard of the suggested downloads.  I use CCleaner and Malwarebytes/Anti-Malware and neither of them are finding anything.  I've had some problems with ads since buying this computer but the redirects and opening new pages without reason just started this week and it seems they have multiplied significantly in the last couple of days.


I have not gone thru the steps above suggested by boopme yet. I was already in the process of downloading/running Malwarebytes (free) when I posted the topic. It found like 46 PUP's after the scan which I removed. I've since gone back to the internet via bing browser and it hasn't redirected after a couple of attempts but I will try again today. That being said the Malwarebytes has given me subsequent pop-up notices that it blocked some sites or some attempts to access. So I guess that means something is still not totally clean.

Any council will be most appreciated. I was hoping not to have to go thru all the steps above from boopme but it looks like I might if it will clean the laptop properly. I also thought about doing a restore back to the day (Christmas) it was first used and then try to load the Avast (free version) and Malwarebytes (free version) two see if this would help.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:24 PM

Posted 24 January 2014 - 02:39 PM

Hello, unfortunately Malware removal is not a snap. We need to run several tools as no one tool does it all.

The tools I posted are created by the staff here and if you go to the download page you will see millions of times downloaded.
We remove malware here so we are not putting out tools to produce more..

CCleaner will not remove it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 MarkC05

MarkC05
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 24 January 2014 - 03:45 PM

Hello, unfortunately Malware removal is not a snap. We need to run several tools as no one tool does it all.

The tools I posted are created by the staff here and if you go to the download page you will see millions of times downloaded.
We remove malware here so we are not putting out tools to produce more..

CCleaner will not remove it.

 

Boop, major problem.  Started going down the list everything worked great until the junkmail removal tool.  Tried to download it from your link above and all hades broke loose.  It looked like it was working then it appear to load the Yahoo toolbar and then it kep redirecting me to other sites. It downloaded what appeared to be some type of registry cleaner and i could get rid of it.  Finally after disabling in task manager all my desktop icons wnet away and will not come back up, al least i can't see them.

 

Help!



#8 MarkC05

MarkC05
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 24 January 2014 - 04:20 PM

Can i somehow boot up in safe mode and just do a restore?



#9 MarkC05

MarkC05
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 24 January 2014 - 04:32 PM

after sitting with a blank screen for quite a while i get a pop-up screen fot something called Slow-PCfighter.  I never downloaded this unless it was somehow associated with the junkware removal tool boopme recommends above.

 

Dying over here, any suggestions?



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:24 PM

Posted 24 January 2014 - 04:47 PM

You can try a restore. That may help it run better,but probably will not kill the malware.Skip JRT and try running ESET.. It n=may take a few hours.. There is something inside.


Also TRY
Download Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Edited by boopme, 24 January 2014 - 04:48 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 MarkC05

MarkC05
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 24 January 2014 - 04:55 PM

i just had to do a hard start in safe mode (hitting F8?).  it came back up and i am trying to download spyhunter 4 to remove the slow-pcfighter but it looks like the installation is stalled.



#12 MarkC05

MarkC05
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 24 January 2014 - 05:00 PM

should i just stop and go thru the steps above, beginning at the top?



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:24 PM

Posted 24 January 2014 - 05:06 PM

Spyhunter may be the problem

Start at the top..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 MarkC05

MarkC05
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 24 January 2014 - 05:12 PM

ok



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:24 PM

Posted 24 January 2014 - 07:57 PM

See quietman7's post 14 here on spyhunter
http://www.bleepingcomputer.com/forums/t/521872/remove-avg-secure-search-page/#entry3269395
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users