Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware infection


  • Please log in to reply
3 replies to this topic

#1 joeday

joeday

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 04 April 2014 - 09:57 AM

I've been infected with adware but I am unable to determine what it is there is no homepage hijack so I don't know which one it is. Niether malwarebytes nor eset nor spybot were able to stop it, malwarebyest and spyobot found problems and 'fixed' them but the problems persisted.

 

The adware causes random tabs and popups to open, and makes random words and phrases spam links.

Any help would be appreciated.

 

I should have mentioned that the prolbme is occuring in firefox, I tried chorme and it occured there also after about 5 minutes, and I am running win 7 pro.

 

There was a service and a program component called highlightapp, I removed it thinking it would help because whenever one of the boxes from the text pop up it sas highlight app on it, but removing and disabling the service did not help.

 

 

I ran hijackthis startup listing full and apparently I have an infected regedit, REGEDIT.EXE.MUI.

 

 

For some reason it has stopped, but I dunno if I did anything that would have caused it to not work. I read the other thread under mine that has the same issue it seems, and did some of the stuff suggested there.

 

 

I restarted and it did not come back so I guess the only thing to do is lock this post, whatever I did happened to fix it I suppose.


Edited by joeday, 04 April 2014 - 11:30 AM.


BC AdBot (Login to Remove)

 


m

#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:44 PM

Posted 04 April 2014 - 07:24 PM

I ran hijackthis startup listing full and apparently I have an infected regedit, REGEDIT.EXE.MUI.

Hello joeday.

Not sure how HJT told you that REGEDIT.EXE.MUI was infected, as it only reads basic installed programs.

Also as you do not list your operating system, you will find that HJT is of little use with Windows 7 64bit.

 

The adware causes random tabs and popups to open, and makes random words and phrases spam links

Do you mean that there are certain Underlined words that cause advertising to seem to "pop - up" ??

 

 

Please download tools to desktop, Temporarily Disable Your Anti-virus if needed and Copy and Paste all logs.

Always Re - Enable your Antivirus when finished a program (even common tools are infected by the Bad Guys)

Vista/Windows 7/8 users right-click on most tools and select Run As Administrator.
 

 

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

Or, Temporarily Disable Your Anti-virus if required.

 

Next -

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 
Click Go and copy / paste the result (Result.txt).

 

Next -

Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

Please post the log it generates.

 

Important: Do not reboot your computer until you complete the next step.

 

Now: Please download AdwCleaner by Xplode and save to your Desktop.
* NOTE : Please close or save all work, as the computer will be Rebooted
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 
* If you see any which you do not want removed, remove the check mark next to it. 

Next: Click on the Clean button (only once) to remove the selected items. 
* You will receive a message telling you that all programs will be close so that the infections can be removed. 
* Click on OK, and then OK again to confirm the reboot.
* When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop. 
* Please copy and the paste this log in your next post.

* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Next -

Please scan your computer with ESET Online Scanner
Disable active Antivirus and Antimalware programs How To Temporarily Disable Your Anti-virus

This scan is best performed with Internet Explorer, as it uses ActiveX
If you will not (or do not) use Internet Explorer, then please read item #3 in this post

1 - Open Internet Explorer and hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 - Click the ESET Online Scanner button.
3 - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
a - Click on eset.exe to download the ESET Smart Installer. Save it to your desktop.
b - Double click on the  icon on your desktop.
4 - Check "YES, I accept the Terms of Use."
5 - Click the Start button.
6 - Accept any security warnings from your browser.
7 - Under scan settings, check "Scan Archives" and "Remove found threats"
8 - Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 - ESET will then download updates for itself, install itself, and begin scanning your computer.
10 - Please be patient as this will take some time (2 hour minimum) & first time scans are always longer.
11 - When the scan completes, click List Threats
12 - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
13 - Click the Back button and then Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
If you lose the log it can be found at C:\Program Files\ESET\EsetOnlineScanner\log.txt
If no infections are found then please tell me -
You can ignore any ESET detection of AdwCleaner...it is a false positive detection.

 

After you post these, we can review your problems -



#3 joeday

joeday
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 05 April 2014 - 05:44 PM

Oh I just decided to reformat instead, so you can go ahead and lock this thread.



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:44 PM

Posted 06 April 2014 - 05:43 AM

No Problem,

 

If you are sure, I will notify the correct people to prevent more posts being added to this topic.

Please start a New Topic if you require further help   :)


Edited by noknojon, 06 April 2014 - 05:48 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users