Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post Clean Up Check request / Win 7 eMachine


  • Please log in to reply
4 replies to this topic

#1 Winterland

Winterland

  • Members
  • 995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:12:36 AM

Posted 26 January 2015 - 07:42 AM

Hello.

 

Helping a friend try to clean her computer and it's the most generically infected machine I've seen in a while.

 

It is a eMachine EL1852G running Windows 7 Home Premium.

 

Upon booting it up, it had the usual suspects, Optimzer Pro, SpeedUpMyComputer, etc. and her 2 browsers (IE and Chrome) both opened to the Trovi "search" page.

 

I've managed to remove the bulk of the spyware/adware and infections and after resetting the Proxy settings, I'm back online and all three browsers (I installed Firefox) are up and running with no pop-ups and/or redirects. I checked all three browsers for extensions/add-ons and have removed and/or disabled all of the ones that were there.

 

 

Initially I ran a Full Scan from MBAM (Free) which found well over 20 infections and a bunch of PUP's and PUM's. A couple of reboots later and things started getting better.

 

 

I removed all the other out-dated AVs that were on there and installed Avast (Free) which ran it's Quick Scan. That found several other items and also recommended running a Boot Time scan, which I did (moving everything to the Chest) and that helped also.

 

After that I ran another Full Scan with MBAM and that found less items than the first scan, but I was startled to find that there were still infected items on the computer.

 

 

 

As it stands now, I've run another Full Scan with Avast which came up with a "some files could not be scanned" message and currently my Chest is chock full o' items.

 

I also went ahead and ran my 3rd Threat Scan with MBAM, which came up with a message "656 non-Malware Items detected."

Each time I run MBAM it seems to be coming up with less and less items but they are still there, so...

 

 

I was going to go ahead and also run the ESET Online Scanner, but at this point it feels like I'm in the weeds and need to reach out to the Professionals.

 

Another item to note, the machine itself is running fine (not slow) and as I mentioned previously, all three browsers are not redirecting or subject to the pop-ups.

 

So, there you go.

 

My guess is that I need some more investigation and possibly some deep cleaning but do not know where to start.

 

Ideas? Suggestion?

 

I'll be in and out all day and work in the afternoon, so if I don't get back to you today, I'll be back logged in early tomorrow morning (U.S. Eastern Seaboard Time).

 

Much thanks,

 

Winterland

 

 

 

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:36 AM

Posted 26 January 2015 - 10:46 AM

Hi , I find it fastest with a TRovi infection to post in malware removal.. As this infection has many tentacles..You may think it's gone but it comes back.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Winterland

Winterland
  • Topic Starter

  • Members
  • 995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:12:36 AM

Posted 26 January 2015 - 11:39 AM

Great. That's kind of what I was thinking.

 

Appreciate the advice. I'm headed off to Prep the Machine.

 

 

Much thanks.

 

Winterland


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#4 Winterland

Winterland
  • Topic Starter

  • Members
  • 995 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:12:36 AM

Posted 02 February 2015 - 06:43 AM

@boopme - well, the friend I was helping become a little impatience but nasdaq was an amazing helper and we got that machine cleaned up & running.

 

Thanks again for pointing me in the right direction.

 

I love this place.

 

Winterland

 

 


Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:36 AM

Posted 02 February 2015 - 05:30 PM

You're welcome and thanks!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users