Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware that malwarebytes and adwcleaner is not able to get rid of


  • Please log in to reply
3 replies to this topic

#1 distantcousin

distantcousin

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 08 March 2016 - 12:07 PM

I have a particularly robust and intrusive adware on Firefox that I just can't get rid of and I'm now really concerned.

When opening new tabs, after a few seconds things start to freeze, I am getting ads for the following coming up:
Reimageplus

As well as a mock warning that I've entered blue screen mode with a looped audio message saying my windows security has been compromised. With a url of windowscrashreport.co/uk0803/new_blue_3407/

What else can I do

It tries to connect to as viva.kamaihd.net every time.

I have also tried finding a secret program on Control Panel

I am operating Windows 10 with Windows Defender.

Thank you

BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:45 PM

Posted 08 March 2016 - 12:27 PM

distantcousin:

:welcome: to the Bleeping Computer Am I Infected Forum. My name is Phil, and if you would permit, since we will be working together, I would like to address you by your first name, if that is alright with you.

I am sorry to hear of the issues you are having with your computer. ReimagePlus is classified as adware and is a PUP (potentially unwanted program). In your case, it is definitely unwanted. You can see more information on the thread here.

Let's do an online scan to check for anything more nefarious on your computer, and follow that with a Malwarebytes scan and clean which "should" resolve the problem. If not, there are other adware removal utilities available that we can use.


:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!



:step2: Download and install Malwarebytes Anti-Malware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.2.*.****.exe and follow the prompts to install the program ( * = program version numbers may vary - always get the latest version).
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard
  • Paste the contents of the clipboard into your next reply.

 

 

I would like you to paste the logs from both scans into your next reply. I will examine those and determine what our next step should be. If there is evidence of serious infection, you might have to open a new thread in the Virus, Trojan, Spyware and Malware Removal Logs Forum, but let's not get ahead of ourselves yet.

If I haven't responded to your reply in 24 hours, please send me a personal message.

Have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 distantcousin

distantcousin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 15 March 2016 - 03:18 PM

Hi there

 

thanks for your response.

 

it seems it's a malware only Firefox is vulnerable to.  I had to sign up with ESET. Their system scan did not pick it up though, and it had to be done by one of their agents over the phone and it took some time to fix - not good.

 

It has been fine for nearly a week but it has returned! have reported this to ESET. This doesn't inspire me with much confidence at the level of their scanning and blocking!



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:45 PM

Posted 16 March 2016 - 07:30 AM

distantcousin:

Thank you for your post. You might have a more serious infection, since Malwarebytes and AdwCleaner are both reputed to clean the Reimageplus issue that you are reporting.

Let's try a couple of things before we push the panic button and refer you to the "Logs" Forum.


:step1: Please download Junkware Removal Tool to your desktop. :step2:

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

:step2: Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Please paste both logs into your next reply. Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users