Hello I've not been to a tech help forum in awhile. I wouldn't say I'm a professional in any regaurd, but as I and my friends are decent with computers, we tend to manage okay on our own normally. However, recently I've had an issue that I can't resolve and I'm hoping someone here can. I have a problem with some malware that has somehow entered my computer. It was first noticed as adware but is clearly more than that.
My computer is the only computer in the house atm, which is chiefly used by me and my girlfriend. It was she who first witnessed the symptoms of an infection on my computer. She claims that firefox was acting "werid." As I was not present, I'm not sure exactly what happened, but she claims it was being super slow and locking up. At some point it claimed it needed updated. She allowed this to occur and then restarted the computer, because the browser was still being slow.
When she booted my computer back up, firefox showed many ads and adblock plus was disabled. Hearing this, I was instantly concerned. When I got on the computer to take a look, I noticed that my adblocker was not even listed in my firefox add ons and there clear signs that my browser was being affected by adware. Ads from untrustworthy sites were showing up on all webpages (like tremdous sales for example) I was also getting redirects to fake virus scan sites. I know she doesn't go to any of these sites, as her use of the computer is usually limited to sites I know cause no trouble already, so this errounous behavior was quite obvious.
So right away, I suspected something had been installed on my computer. I went to my programs list in the control panel. Sure enough, I saw several programs, which I know to be adware. (like tredmous sales, BrWOWser, and incermedit to name a few) I uninstalled these and tried my browser again. No such luck, the adware was less, but still there and for some reason a google chrome window appeared although I had not clicked on chrome at all. After running anti-spyware and virus scans, it became clear I was infected with a gen of some kind, because these adware programs kept reappearing and the redirect was still present.
I went ahead and got the trial to avast! premier to hold everything at bay, even doing a boot scan, which did indeed pick up malware gens. Although most of the adware doesn't seem to be showing up in my programs list now, I must have something masking itself, because the infection persists. Avast firewall has to block redirects regularly. Believeing my firefox might be affected, I even reset it.. no luck. I tried to reinstall it while in safe mode, still no luck.
Thinking back on google chrome, I don't recall if I installed it or not. I may have, I just don't use it much. As the reinstall of firefox did not help much, I chose to look for additional tools to help me with my problem. This led me combofix. In the spirit of full disclosuer, I did run it, because after talking with a friend of mine, I was told it can help take infections out of chrome and by this point, I was feeling rather frustrated. I hope having already run the program does not bar me from help here.. I ran it before I decided I needed to post online.
Now that I know I need some assistance, I will leave chrome alone for now and my log from combofix will be made available. As per the prep work that is often asked for I installed farbar and ran it. The "addition.txt" from farbar is also available.
It is worth noting that so far, combofix appears to have deleted something off of chrome because I saw chrome files listed in the program. I no longer see the ads or the links that the adware was placing down in firefox. I do see the ocassional popup, but this could be due to the lack of an adblocker. (since I did reinstall my browser) I have left chrome alone since the combofix scan, but although my firefox browser appears fuctional again, it's not over. Avast's active protection is still needing to block several redirects, even when all I do is leave firefox open for awhile.
Also in case it helps, here are some of the results of my avast scans, which occured before I ran combo fix:
(Before boot scan)
(Boot Scan Results)
(Example of what avast's active protection is still blocking)
Edited by Maholix, 11 April 2015 - 05:30 PM.