Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I Have a Virus Related to Windows 10 Upgrade - HELP!


  • Please log in to reply
13 replies to this topic

#1 MrsG94

MrsG94

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:31 AM

Posted 11 January 2016 - 10:59 AM

Hi and thanks for the help! I recently download the Windows 10 upgrade on my laptop after constant harassment messages from my desktop. I had been running Windows 8.

 

These are the computer's symptoms: 

 

1. Powering on when lid is opened when laptop had been completely shutdown (This option has never been enabled in my laptop settings and shows that it is disabled).

2. When I go to the internet, the computer acts like some kind of adware is on it by highlighting words and making them hyperlinks and ads popping up on sides of page.

3. If I try to find an answer to anything Windows 10 related by using the Windows 10 help on my laptop, I get redirected to a Bing page that has nothing to do with the topic I had a question about.

 

All this began after downloading the free Windows 10 upgrade.

 

Don't know if these symptoms are related to the upgrade or just a coincidence.

 

I have already run scans using Avast, Malwarebytes, Super Anti-Spyware, and Emsisoft anti-malware. I even ran a couple of them as boot scans. These scans found nothing other than the usual bothersome adware. After cleaning these, my computer is still acting the same way.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:31 AM

Posted 11 January 2016 - 01:18 PM

Give these programs a shot at finding the adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:31 AM

Posted 11 January 2016 - 02:07 PM

...When I go to the internet, the computer acts like some kind of adware is on it by highlighting words and making them hyperlinks and ads popping up on sides of page...

Please follow buddy215's instructions but you may want to read this topic which explains what you are dealing with...

About In-text advertising: Text Enhanced Ads & How To Remove Them


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:31 AM

Posted 11 January 2016 - 04:22 PM

Hi and thanks, Buddy215! And thanks for the link Quietman7. There is always much more to learn.
 
The following is the logfile from AdwCleaner. Please note that I ran this while still having protection software on in the background. It asked me a couple of times about my Emsisoft. I allowed it and kept going. Please advise if I should run the AdwCleaner again with all other things disabled...
 
# AdwCleaner v5.029 - Logfile created 11/01/2016 at 15:59:27
# Updated 11/01/2016 by Xplode
# Database : 2016-01-11.4 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Emily - EMILYSLAPTOP
# Running from : C:\Users\Emily\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37BE563C-6020-43A7-BB6C-3BEDE8BFA1BD}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : yahoo.com Search
[-] [C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : www.yahoo.com
[-] [C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : dts.search-results.com
[-] [C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dpjamkmjmigaoobjbekmfgabipmfilij
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1636 bytes] ##########
 
 
 
 
The following is the JRT.txt log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64 
Ran by Emily (Administrator) on Mon 01/11/2016 at 16:14:31.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 19 
 
Successfully deleted: C:\Users\Emily\AppData\Local\{01EC0E89-2FC5-43C8-B3E1-CD2085DE40BD} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\{17D4687F-2AF9-43C0-9C92-4915C328B794} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\{1A1A021E-DB16-4618-9F45-73446E0132CB} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\{1E12D92C-948E-4164-BB11-6C5579EBFAB4} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\{30BF7383-BE1E-49A7-91CC-26EFA6F6045A} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\{38CC615A-4C20-4A2F-9730-DA0996CBE30A} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\{4E588440-4A97-4DF1-AA71-A7AFE7FA3103} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\{5F53F9F3-73E9-4810-9317-B3FD38663F13} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\{7A2046D1-AFFE-4AE0-8ACD-40CD1C50A25A} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\{9ABE2DBB-B734-4B65-BAC7-87FFCB34DD67} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\{AF3FC380-B897-43C3-8773-50B596AA5FB4} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\{CF915B4C-996B-4F86-B8DA-5ABC643432A9} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\{F3491E24-B248-477B-A9B8-900DED379E7D} (Empty Folder)
Successfully deleted: C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij (Folder) 
Successfully deleted: C:\Users\Emily\Appdata\LocalLow\ytd (Folder) 
Successfully deleted: C:\Users\Emily\Documents\add-in express (Folder) 
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARINSTALLER_UPDATE-2A4F01F3.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_A6282D74-E499780F.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/11/2016 at 16:19:05.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Please let me know what you think about these. Thanks!!


#5 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:31 AM

Posted 11 January 2016 - 05:03 PM

Removed adware...Are you still seeing ads, etc. ??

 

Do you have Adblock Plus installed in Chrome?

Have you blocked Third Party cookies which are ad and tracking cookies from installing in Chrome?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:31 AM

Posted 11 January 2016 - 05:12 PM

Yes, the pesky ads and hyperlinks are still here. I just installed the Adblock Plus for Chrome. I didn't have that. Trying to locate the option to block Third Party cookies in my Chrome settings. Is it the option "Send a 'Do Not Track' request with your browsing traffic"? If not, I didn't see where that is located. Thanks!!



#7 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:31 AM

Posted 11 January 2016 - 05:20 PM

Use the info in the link below for blocking Third party ads.

How to disable third-party cookies in all major web browsers Once you have blocked from installing, run CCleaner to remove the existing ones.

 

Click on the ABP icon and choose Filter Preferences. UNcheck the box next to Allow some non-intrusive ads.

 

Reboot Chrome after doing the above and let me know if the ads are still appearing.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:31 AM

Posted 11 January 2016 - 05:40 PM

Hi! It appears that the ad problem has been resolved! Yay! I suppose that when I installed the Windows 10 upgrade, it completely redid my personal preferences. Do you think it had anything to do with the upgrade? Or was it just a plain 'ole case of adware attack? Just curious because this stuff makes me CRAZY when it happens, and I try to be so careful. Thanks!!



#9 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:31 AM

Posted 11 January 2016 - 05:59 PM

Good...difficult to say since the ads didn't disappear after removing some adware. Could of been a combo of both adware and just

ads being allowed until blocking with Adblock Plus...

 

You're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:31 AM

Posted 11 January 2016 - 06:10 PM

Thank you very, very much! Will this thread stay open for a couple of days just in case I have been too quick in thinking all is well?



#11 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:31 AM

Posted 11 January 2016 - 06:17 PM

Yes...it will stay open and if the problem does pop up again...let us know.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:31 AM

Posted 11 January 2016 - 06:22 PM

Great! Thank you very much, Buddy! Is there a specific area where I can make a donation? Do yall still take those? Yall have saved my rear-end more than once over the past few years, so when I can, I like to donate to the fight. Thank you again! 



#13 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:31 AM

Posted 11 January 2016 - 06:33 PM

The site is ad supported and the pros in the Malware Removal Forum accept contributions.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#14 MrsG94

MrsG94
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:31 AM

Posted 11 January 2016 - 06:38 PM

Ok, well I think everyone here is awesome, and I appreciate all that everyone does! Thanks again for a job well done! Hopefully, this will be the end of this particular issue. :) Have a great night!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users