Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware that hides from every scan, but is all over my browser


  • This topic is locked This topic is locked
3 replies to this topic

#1 Griffin175

Griffin175

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 04 September 2015 - 09:43 PM

First a few specs:

Operating system: Windows 10

Drive C: Boot drive, 100gb solid state, infected with adware

Drive G: 500gb just for Steam games, noting goes in or out unless i tell it to, most likely not infected

Default browser: Chrome, extensions adblock, adware gets around it

Ram: 8GB single channel, about 25% used on idle

Adware name: DNSUnlocker, followed all removal tutorials, still can't find it. text link ads for damn near every word and popups telling me my computer is at risk if i don't call them. No doubt they'll spam my phone if i do.

 

Currently running processes:

Windows 10 wont allow for me to copy and paste because they like to piss me off, so ill just type out all the unknowns.

Name                                                                 Memory use

ActionUni OOP Server                                           2.8MB

Host Process for Setting Synchronization              3.2MB

IAStorDataSvc(32bit)                                             15.2MB      *very suspicious to me

IAStorIcon(32bit)                                                    5.6MB

Reminders WinRT OOP Service                            2.8MB        *From what i know windows RT is only for mobile devices

Runtime Broker                                                     3.4MB

 

Many svchost.exe things, but i think that's just windows, nothin else looked very suspicious. I ended the IAStor things but then i realized it's for RAID configuration. Lucky me im not using RAID

 

I have scanned using Microsofts virus scanner, nothing. Scanned with Panda antivirus, a few suspicious cookies. Scanned with AVG, nothing. Scanned with MalwareBytes, 46 suspicious HKLM/Software things and 1 malware which was actually just a game thing. But if the scanner picked it up i erased it even if i recognized it as a precaution. All scans were total scans of all my drives and still ads by DNSUnlocker EVERYWHERE! There is no chrome extension and it is affecting my Steam as well. In Uninstall a program there is nothing there i dont recognize. But it is pretty clear that windows doesn't want to give me a complete list. I tried installing that FRSCT thing but my antivirus keeps shooting it down, ironically. But if it's really important ill remove the antivirus and try again. Right now my only hope is to move everything to another drive, set the old one on fire and toss it out the window (or just clear it)  but i dont know if i can move windows 10 around like that since there is no disk or stick for it. If you dont see a way to pick off the adware and clearing the entire drive would work, let me how to move my operating system onto my secondary drive. It wont be to hard to wipe it and redownload only what i need. And sorry if this question isnt up to par for this forum. I'm new and im looking for help not criticism. I know how aggressive people can get when a post on their forum isnt in line.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:09 AM

Posted 06 September 2015 - 10:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If not already done please stop the AdwCleaner process.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


Wait for further instructions.

#3 Griffin175

Griffin175
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 06 September 2015 - 06:25 PM

I did a factory reset on my computer. It's all gone



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:09 AM

Posted 07 September 2015 - 06:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users