Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm getting swarmed by pop ups. Malwarebytes is not finding anything! Help!


  • Please log in to reply
9 replies to this topic

#1 MAZACOTE71

MAZACOTE71

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 29 July 2015 - 08:01 PM

I have a Dell Inspiron 7000 running on Windows 8. I have a separate profile set for our kid. Every time we're logged in there browsing on Firefox ads keep popping up like crazy. It seems to happen only on her profile. So far nothing on my Admin account. I have both AVG and Malwarebytes Premium. I ran Mbytes and results came back clean. Not sure what else to do. I would appreciate any input. Thanks.


Edited by MAZACOTE71, 29 July 2015 - 08:04 PM.


BC AdBot (Login to Remove)

 


m

#2 JohnC_21

JohnC_21

  • Members
  • 21,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 29 July 2015 - 08:08 PM

On her profile download and run Adwcleaner. After running Adwcleaner run Junkware Removal Tool.

 

In her profile type Run in the Search Box. Then type %temp% in the open box. Delete all files in the temp directory. 



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:24 PM

Posted 29 July 2015 - 08:26 PM

Moved this topic to the Am I Infected forum from Win8 as it is malware removal


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 MAZACOTE71

MAZACOTE71
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 29 July 2015 - 08:42 PM

Done. Still getting all kinds of pop ups. FYI I keep seeing this sidebar with "Related Search by Faster Light". This is the Jware log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 8.1 x64
Ran by Carlos on Wed 07/29/2015 at 20:28:31.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Faster Light
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Faster Light



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/29/2015 at 20:35:19.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Edited by MAZACOTE71, 29 July 2015 - 08:43 PM.


#5 JohnC_21

JohnC_21

  • Members
  • 21,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 29 July 2015 - 08:50 PM

Download and run HitmanPro. It's free for 30 days and needs an active internet connection. After the scan and any cleaning reset/refresh firefox.

 

Backup all your daughters bookmarks then do a firefox reset. Any add-ons will have to be reinstalled. I would install Noscript and Adblock Plus extensions after the reset.

 

https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings


Edited by JohnC_21, 29 July 2015 - 08:51 PM.


#6 MAZACOTE71

MAZACOTE71
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 29 July 2015 - 09:16 PM

Done and done! So far so good. I installed the add ons. Thank you so much.



#7 JohnC_21

JohnC_21

  • Members
  • 21,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 29 July 2015 - 09:32 PM

No Problem, did HitmanPro find anything?



#8 MAZACOTE71

MAZACOTE71
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 29 July 2015 - 09:46 PM

It found one threat and other items. I deleted everything it found just in case:

HitmanPro 3.7.9.242
www.hitmanpro.com

   Computer name . . . . : CATROOM
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : CATROOM\Carlos
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (31 days left)

   Scan date . . . . . . : 2015-07-29 21:01:35
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 56s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 73

   Objects scanned . . . : 1,432,151
   Files scanned . . . . : 33,407
   Remnants scanned  . . : 305,966 files / 1,092,778 keys

Malware remnants ____________________________________________________________

   HKU\S-1-5-21-2524336364-3660247090-1061705593-1001\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com\ (SuperFish) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Anabella\AppData\Roaming\Mozilla\Firefox\Profiles\cimwqam6.default\cookies.sqlite:ads.stickyadstv.com
   C:\Users\Anabella\AppData\Roaming\Mozilla\Firefox\Profiles\cimwqam6.default\cookies.sqlite:adtechus.com
   C:\Users\Anabella\AppData\Roaming\Mozilla\Firefox\Profiles\cimwqam6.default\cookies.sqlite:advertising.com
   C:\Users\Anabella\AppData\Roaming\Mozilla\Firefox\Profiles\cimwqam6.default\cookies.sqlite:atdmt.com
   C:\Users\Anabella\AppData\Roaming\Mozilla\Firefox\Profiles\cimwqam6.default\cookies.sqlite:casalemedia.com
   C:\Users\Anabella\AppData\Roaming\Mozilla\Firefox\Profiles\cimwqam6.default\cookies.sqlite:doubleclick.net
   C:\Users\Anabella\AppData\Roaming\Mozilla\Firefox\Profiles\cimwqam6.default\cookies.sqlite:media6degrees.com
   C:\Users\Anabella\AppData\Roaming\Mozilla\Firefox\Profiles\cimwqam6.default\cookies.sqlite:revsci.net
   C:\Users\Anabella\AppData\Roaming\Mozilla\Firefox\Profiles\cimwqam6.default\cookies.sqlite:ru4.com
   C:\Users\Anabella\AppData\Roaming\Mozilla\Firefox\Profiles\cimwqam6.default\cookies.sqlite:serving-sys.com
   C:\Users\Anabella\AppData\Roaming\Mozilla\Firefox\Profiles\cimwqam6.default\cookies.sqlite:tribalfusion.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:247realmedia.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ad.360yield.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ad.dmm.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ad.jamloop.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ad.pxlad.io
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ads.ad-center.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ads.adamoads.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ads.ibtracking.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ads.mediade.sk
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ads.p161.net
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ads.pointroll.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ads.stickyadstv.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ads.traffichunt.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ads.trafficjunky.net
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ads.undertone.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:adtech.de
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:adtechus.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:adultadworld.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:adultfriendfinder.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:advertising.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ar.atwola.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:as.sexad.net
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:at.atwola.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:atdmt.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:atwola.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:burstnet.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:casalemedia.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:cbs.112.2o7.net
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:collective-media.net
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:doubleclick.net
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:engine.phn.doublepimp.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:exoclick.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:fastclick.net
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:googleadservices.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:in.getclicky.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:justporno.tv
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:livejasmin.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:media6degrees.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:mediaplex.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:pointroll.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:pornhub.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:questionmarket.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:revsci.net
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:ru4.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:serving-sys.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:smartadserver.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:statcounter.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:stats.complex.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:sunnyleonexxxporn.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:tds.justporno.tv
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:track.adform.net
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:track.trkn1.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:tribalfusion.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:warnerbros.112.2o7.net
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:www.burstnet.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\v24sb9ad.default\cookies.sqlite:yadro.ru

Edited by MAZACOTE71, 29 July 2015 - 09:47 PM.


#9 JohnC_21

JohnC_21

  • Members
  • 21,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:24 PM

Posted 29 July 2015 - 09:52 PM

You may want to add one more extension called Ghostery and enable everything in settings.

 

https://addons.mozilla.org/en-us/firefox/addon/ghostery/



#10 MAZACOTE71

MAZACOTE71
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:07:24 PM

Posted 29 July 2015 - 10:11 PM

Cool! Thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users