Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chinese Adware/Malware Problems (also something blocking malwarebytes)


  • Please log in to reply
4 replies to this topic

#1 renoraider

renoraider

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 01 September 2017 - 09:25 AM

Good day,

 

So a casual download ended with something sneaking past my security (it's just windows defender) and installing into my Acer laptop. Firefox (default browser) starts redirecting to ad sites and other garbage and my first reaction is to disconnect from the net and use my phone for getting some info on what's happening. To start, I begin with uninstalling recent programs or deleting recent files that I'm pretty sure aren't from trusted sources like ones with random numbers and letters. In any case, I decide to download malwarebytes from a different device then install on my laptop. After scanning and quarantine I make my mistake and decline to reboot right away. So far, no more autorunning programs while firefox popup blockers do a good job of keeping the adware down for now. However, I can't run MWB anymore since running as admin brings a UAC blocking message that says the publisher is not trusted and I'm thinking this is malware doing this. Right now I'm trying Zemana, and I'm able to run the software for now. If it doesn't pan out I'm looking for a pc repair store or something and see if they can do anything without erasing nearly 1 TB of files. Barring that, I'm hoping people on BC can give me some advice (aside from being more careful with my downloads and my troubleshooting). I'm guessing you guys want a diagnosis or scan of my specs or perhaps some logs. If so, just tell me how you wanna go about that. Aside from that, thanks for taking the time to read this.

 

Best regards and a bit of hope,

Martin


Edited by hamluis, 01 September 2017 - 10:17 AM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 renoraider

renoraider
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 01 September 2017 - 09:33 AM

Also, here are my specs. Bought this laptop around 3 years ago. Still holding well enough I suppose.Attached File  DxDiag.txt   75.17KB   0 downloads



#3 Daniel_Boringcliffe

Daniel_Boringcliffe

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere deep in the heart of Europe
  • Local time:10:50 AM

Posted 01 September 2017 - 11:14 AM

1. Download and run RKill https://download.bleepingcomputer.com/dl/8a353e03b53ac60455bcf67a021644cf/59a97d39/windows/security/security-utilities/r/rkill/uSeRiNiT.exe (it has obfuscated name in case if malware tries to stop it from running)

 

2. Start adwcleaner https://toolslib.net/downloads/finish/1/ |, then run a scan with it and click "clean all threats" when it finishes. Don't reboot yet. If you do then run RKill again. 

 

3. Run a scan with Zemana again | https://www.zemana.com/en-US/ThankYou/Download?source=download&ProductID=2&IsFree=False&IsPortable=True | then hit "clean" when it finishes scanning. 

 

4. Run a scan with malwarebytes | https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/dl/344// |, clean.

 

5. Download and run JRT https://download.bleepingcomputer.com/dl/52107fea0fcb611e53602b5d5edf2950/59a97cfe/windows/security/security-utilities/j/junkware-removal-tool/JRT.exe

 

Then reboot. 

 

---

 

Windows Defender does not detect adware / potentially unwanted programs very well and pup detection is turned off by default. 

 

You can turn it on but it is a bit complicated. Read these : 

 

https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus

https://www.howtogeek.com/245717/how-to-make-windows-defender-scan-for-potentially-unwanted-programs/

http://www.thewindowsclub.com/harden-windows-defender-highest-levels-windows-10

 

Alternatively, you can install a different AV. I would recommend Avast for free or Eset, more functions, lighter on the system but paid. 

 

Whatever you choose to do, try downloading this file afterwards to verify that PUP detection works, it should trigger your AV http://amtso.org/feature-settings-check-potentially-unwanted-applications/ ( It is a test file, it won't harm your computer.  )


Edited by Daniel_Boringcliffe, 01 September 2017 - 11:20 AM.


#4 renoraider

renoraider
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 01 September 2017 - 04:41 PM

Thanks! I'll try it out and see what happens.



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,279 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:50 AM

Posted 03 September 2017 - 09:04 AM

@renoraider

 

The scan which were suggested will generate log of these scans.  Please post these in this topic.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users