Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


i am infected.... about.... how i do?

  • Please log in to reply
4 replies to this topic

#1 giancai


  • Members
  • 26 posts
  • Local time:09:45 AM

Posted 22 December 2017 - 04:59 AM

hi all my friends.... i have a problem.... when i open www.libero.it without i open another page, automatically open another page that i attach. the problem is the same with firefox, chrome and microsoft edge. i have tried a scan with malwarebytes, adwcleaner, junker remove tool, tdskiller and spyhunter. but i don't have resolve... i have windows 10 pro. it's possible to help me??? i attach screenshot...

best regards. 



BC AdBot (Login to Remove)


#2 Unworn_Kilt


  • Members
  • 237 posts
  • Gender:Male
  • Location:Australia
  • Local time:06:45 PM

Posted 22 December 2017 - 06:29 AM

G'day Giancai,




I have had a look at your screenshots and that looks very much like a scam to me.


I believe it was probably designed to make you buy a particular type of software. A little like a Tech Support Scam.


It's likely that you don't actually have the infections, but, we can check if you would like, just to be sure?


I am just an ordinary member, like you. I am Not a Trained Malware Removal Expert. I have been working on and with computers since the 1970s.


Please advise me if you would like to proceed?




Kilt   :thumbup2:






:santa: I'd like to wish all Bleeping Computer Members a Very Merry Christmas and a Happy New Year! :santa:

Edited by Unworn_Kilt, 22 December 2017 - 06:34 AM.



I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.





** Walk Softly and Carry a Big Stick **




#3 Unworn_Kilt


  • Members
  • 237 posts
  • Gender:Male
  • Location:Australia
  • Local time:06:45 PM

Posted 22 December 2017 - 07:00 AM

Here is a little more information for you:


Have a read of this topic. Pay particular attention to the last section by "Quietman7."







Tech Support Scamming through unsolicited phone calls, browser pop-ups and emails from "so-called Support Techs" advising "your computer is infected with malware", all your files are encrypted" and other fake messages has become an increasing common scam tactic over the past several years. The scams may involve web pages with screenshots of fake Microsoft (Windows) Support messages, fake reports of suspicious activity, fake warnings of malware found on your computer, fake ransomware and fake BSODs all of which include a tech support phone number to call in order to fix the problem. If you call the phone number (or they called you), scammers will talk their victims into allowing them remote control access of the computer so they can install a Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.

For more information about how these scams work and resources to protect yourself, please read Beware of Phony Emails & Tech Support Scams...there are suggestions near the bottom for dealing with scams and a list of security scanning tools to use in case the usual methods do not resolve the problem or you allowed remote access into your computer.



Let me know if you need some help.

Edited by Unworn_Kilt, 22 December 2017 - 07:09 AM.



I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.





** Walk Softly and Carry a Big Stick **




#4 giancai

  • Topic Starter

  • Members
  • 26 posts
  • Local time:09:45 AM

Posted 24 December 2017 - 09:46 AM

sure friends.... i want proceded.... the problem verify on all my pc.... i have changed also modem, but it's the same.... open the same pages and antivirus block the address : ak.imgfarm.com on all the pc of my network, also android...i wait

#5 Unworn_Kilt


  • Members
  • 237 posts
  • Gender:Male
  • Location:Australia
  • Local time:06:45 PM

Posted 24 December 2017 - 12:33 PM

Hello Giancai,



Thank you for getting back to me.


Please follow the instructions below as a starting point. I will then review the log files you submit after my Christmas (it's very early Christmas moring here in Australia.)



Please read all information carefully and thoroughly.



We will be working on ONE computer at a time:


Please disconnect all affected devices from the Network by disabling WiFi or disconnecting cables.


The first thing I want you to do is to Reset your Router/Modem/Gateway.

Please follow instructions from your Internet Service Provider(ISP) and/or the Manufacturer regarding how to do this.

Please note that if you perform a Hard Reset by data loss may occur and you may lose Internet Connectivity.

You may require Settings from your ISP in order to setup your device again.


If you do not wish to perform a Hard Reset, please power down the Router/Modem/Gateway and unplug all cables and power

for a minimum of 60 seconds. After this time please connect One Device at a time to the Router/Modem/Gatway. This is to prevent



When you have completed the Reset and Established an Internet Connection, please select the first computer to be worked on and

re-connect it to the Router/Modem/Gateway.


Please, once starting this process do not connect ANY further devices other than the one currently being worked on.


You may wish to wait until after Christmas to commence this if you require use of the Internet during the next 48 hours or possibly 72 hours.


Please DO NOT assume that the detection or removal of one or more Viruses implies that a device is "Clean." I will advise you when I believe

​your device is clean, or, refer you on accordingly.



Be aware that I will be away for approximately 24-72 hours from a short time after posting these instructions.

If you would rather wait until I return after Christmas please message me below and advise.





Do Not Enclose Reports In Quotes or Delete or Insert Any Characters - No Redaction!

Please Post All Reports in Plain Text. Ensure You Include All Report Headers.

Please Press the Return Key 3 Times Between Reports.

Don't Attach them either.....Pleeeez!



Please make sure you have Backed Up your Files and Save any Work you have Open before proceeding!

You can find Free Back Up Software available on the Web.

(It's unlikely that anything I ask you to do will wipe your data, but better to be safe than sorry.)



Some Tools May Close Down Any Open Windows or Programs, Please Be Aware of This!




Remember that there is no such thing as a "Stupid Question." If you encounter ANY problems or difficulties along the way, STOP and Message Me!!




**Read All Notes Under Individual Instructions BEFORE Running the Tools.**


You might find it useful to print these instructions for reference.






Let's start........



​Malware removal can be complex. I'm including a larger number of tools that I normally would so you can try to get

one device working should you decide to start the cleaning process prior to my return. The tools are not hard to use.

Work through them, step by step, following the instructions. That is why there is such a long list.

If multiple reports will not fit in one reply, please put one or two reports in separate replies.




Download a copy of a program called RKill (Courtesy of Grinler at Bleeping Computer) which is available at the links below:

(This program attempts to stop any running malware processes so other tools may function efficiently, plus a few other things.)


Save it to your Desktop so you can easily locate it.


(If one won't run, download the other. Malware sometimes recognises RKill.exe and tries to interfere with it.)



RKill.exe                              <<== Try this first.


RKill as iExplore.exe         <<== Try this one if option one doesn't work.


  • Right Click RKill and Select "Run As Administrator."
  • Soon after a Black Box will appear while RKill Runs. (This is normal. RKill may appear to hang. It's just working.)
  • When RKill has finished it will Open a Report in Notepad.
  • RKill will also save a copy of its log to your Desktop called "RKill.log"
  • After RKill has run successfully Don't Restart your computer until the other tool(s) have run.
  • Please Copy and Paste the contents of the Report into your Next Reply.
  • If the RKill will not run in Normal Windows Mode, Restart in Safe Mode and Repeat the above Steps.
  • ​If you need to restart your computer for any reason, please run RKill again.




Please Ignore any warnings from about RKill containing Viruses or Trojans etc. If necessary, shut down or temporarily disable your Antivirus while RKill runs. Don't forget to Re-enable your Anti-Virus once RKill completes, unless I ask otherwise.


If RKill still won't run, please Post back here and advise me.(After trying both versions and Safe Mode.) Please note any Error messages or other useful information and Include it in your Reply.







Please download Security Check (by screen317) from HERE & save it to your Desktop.



  • Right Click SecurityCheck and Select "Run As Administrator."
  • Follow the Prompts in the Black Box which opens on your screen.
  • When the program is complete a Notepad Document called Checkup.txt should open Automatically in Notepad.
  • Please Copy & Paste the Contents of Checkup.txt into your Next Reply.


Please Note the Following:


If you receive an "UNSUPPORTED OPERATING SYSTEM! ABORTED!," please Restart Windows and Security Check should Run Fine.

Should a problem persist, please Post Back Here and include any Error Messages & Other Useful Information.


Security Check may require you to permit "Dig.exe" to access the internet. Please allow access through your Firewall if necessary.

It is not uncommon for Security Check to generate "false positives" from  some Anti-Virus/Anti-Malware Programs. Please Ignore These if They Occur.








Download Farbar Service Scanner onto your Desktop (FSS)  HERE



Please Ensure the following Options are Selected:



  • RpcSs and PlugPlay <= (May be greyed out.)
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services

(Please Don't Click the "Search Files" or "Export Service Buttons")

  • Click the Scan button to start scanning.
  • (FSS may take a short while to complete.)
  • When the Scan is Complete, a Report should Pop-Up in Notepad.
  • Please Copy and Paste the Contents into your Next Reply.


*(The Tool will create a log file called FSS.txt in the Folder the Tool is Run from.

That log will be saved. If there are any problems with the Pop-Up one, Copy from FSS.txt.)







Download MiniToolBox(By FARBAR) to your Desktop:  HERE



Right Click the Blue\Black MiniToolBox Icon and Select "Run as Administrator."

(The Tool will show Version: 17-06-2016 in the title bar.)



Select the following Check-boxes:



  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings (Make sure IE is closed first please.)
  • Report FF Proxy Settings
  • Reset FF Proxy Settings (Make sure Firefox is closed first please.)
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (DO NOT change any settings for this - Only "Problems" should be set by Default.)
  • List Users, Partitions and Memory size
  • List Minidump Files
  • List Restore Points


Click the "Go" Button.


  • Report should Pop-Up on your Screen in Notepad after a short wait.
  • Please Copy an Paste the Report Contents into your Next Reply.

(If you accidentally "kill" the Notepad Report, all is not lost, it should be saved on your Desktop as MTB.txt)









Now I'd like you to download the JRT (Junkware Removal Tool)HERE

Save it to your Desktop so it's handy.


  • Right click on the JRT.exe Icon and select "Run as Administrator."
  • A black box will open and ask you if you want to continue. Do so. (Hit Enter I believe.)
  • The tool will do some work. Just be patient please.
  • When it's finished, a report should pop up in Notepad.
  • Please copy and paste the contents of the report into your Reply.


Ignore any warnings about the tool containing viruses etc.







Please download this tool and Run it if you accept the disclaimer below. Make sure you read the points below so you're ready.


There is a slight chance this program may cause problems with Windows 10, although

I've used it many times with no ill effect, I need to make you aware of this. The decision to

run the tool (or not) is ultimately yours.


Download TFCHERE



  1. Download TFC from the download link above and save the file on your desktop.
  2. Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  3. Double-click on the TFC icon.
  4. When the program starts, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  5. When done, press OK to reboot your computer and finish the cleanup. The reboot may or may not be required.

Note 1: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

Note 2: This program will not delete your Cookies or Browser History.








Download AdwCleaner(from Xplode.

(If you had to Reboot after Running ESET

re-run RKill - That was Step 1


From here: AdwCleaner.exe



Save to your Desktop so you can easily locate it.


  • Before Starting Ensure You've Saved Anything You Have Open that you Wish to Keep!!
  • Right Click AdwCleaner.exe & Select "Run As Administrator"
  • Please Click on the Tools Menu. There should be 2 Tabs: Options & Advanced.
  • In Options under DeleteSelect Tracing Keys(Usually pre-selected,) and, under RESET select all Options on the Right Hand Side.
  • Do Not select any other Options with Square Boxes.
  • There should be Options for Mode and Debug. You can leave these at their Defaults. Press OK.
  • Next, you should see Two main Buttons, Scan and Logfiles. Please Press Scan.
  • AdwCleaner will Start to Update the Database if required. This may take a little while.
  • The Progress Bar will gradually move to the right as the scan progresses. It can take a while.
  • Next you should receive a Popup Notification advising of the Scan Result.
  • Select any Items AdwCleaner may have found for DeletionorDeselect anything you may wish to keep.
  • Under the Popup there will be a Log. Please Copy and Paste the Contents into your next Reply.
  • NextClick Clean. Even if nothing was detected. This will require you to reboot the machine. Please do so.
  • Once the computer has rebooted,second Log should appear. Please Paste into your Reply as well.


  • If you need to access Logs again, Open the Tool and Click the LogFiles Button. They are stored there.


The Logs can be a tad confusing at first. They all contain a number such as [S0] which is Log One. They are also accompanied by a date to the left side column. The lower the number in the square brackets, the earlier the Log. For example, I may have Logs; AdwCleaner[S0].txt (Earliest) to AdwCleaner[S27].txt (Most Recent.) Double Click a Log to Open it.








Download and run the ESET Free Online Virus Scanner from:  HERE

​(If you had to restart for any reason between running RKill and this step,

​Please re-run Rkill.)


  • Turn off your antivirus program. See here how to do this.
  • Accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating Memory, Autostart Locations and drive(s) C:\ D:\ etc., to be scanned
    • Click Start to begin the Scan.
  • The ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • Push the SAVE to TEXT FILE button and save the file to your desktop using a unique name, such as ESETScan+Date.txt. Include the contents of this report in your next reply.
  • CLEAN any THREATS found.
  • If a log is produced After Cleaning, Please Save that in as also.
  • Click Back, then Finish to exit ESET Online Scanner.
  • ​Do NOT delete the ESET scanner at this stage please.

Please re-enable your antivirus when the scan is complete.


Let me know if you encounter any problems.



After you've finished the ESET Online scan:

  • Please ensure you've saved the Log File(s) to your desktop.
  • Post the Log File(s) content(s) in your Reply, assuming there was one/two.
  • Close down any other open programs.
  • Reboot.








If you have Malwarebytes installed on your Machine, please do the following:

(Otherwise download Malwarebytes: HERE  and install it.)
*Note: It is not necessary to activate the trial unless you want to activate auto-scanning and extra features.
  • Start the Malwarebytes Application.
  • Open the Malwarebytes Dashboard.
  • Ensure that Malwarebytes is Updated to the Most Recent Definitions and Version.(Version Update may require license or Trial.)
Click Settings, then Application:
Enable the Following Options If Not Enabled:
(If you do not have a license or trial activated some options will not be able to be set.)
  • Automatically download and install application updates
  • Notify me when full version updates are available
  • Show Malwarebytes notifications in the Windows System Tray
  • Show Notifications when Real Time Protection settings are turned off
  • Set Manual Scans have high priority
  • Configure Proxy Server if you use one. (If you don't know what this means you likely don't. If in doubt, CHECK!)
Now switch to the Protection Tab and where possible Enable:
(The same license note as above applies here too.)
  • Web Protection
  • Exploit Protection
  • Malware Protection
  • Ransomware Protection
  • Scan for Rootkits.
  • Scan within Archives.
  • Use Signature-Less anomaly detection for increased protection
  • Always detect PUPs
  • Always detect PUMs
  • Automatically check for updates (Select Check every 15 Mins.)
  • Notify if time since last update exceeds 24 hours
  • Start Malwarebytes at Windows Startup
  • Enable Self Protection Module
  • Enable Self Protection Early Start
  • Automatically Quarantine detected Malware
I suggest, when in this situation, using Threat Scan. Select Scans Tab. Select all Drives(C: D: etc.,) and ensure scanning for Rootkits is enabled. (The Rootkit option MAY not be available to you if you haven't activated Trial, or, don't have a license.)
  • If you'd rather not Use Threat Scan, Return to Dashboard and Click Scan Now.
  • Once Scan is complete, please Ensure any Threats found are Selected and Removed. Reboot if required.
  • Please obtain a copy of your Scan Report from the Reports section and Paste in to your Next Reply.








Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.


From Here: Malwarebytes Anti-Rootkit

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.


(My Thanks to Broni, Bleeping Computer Advisor for the use of the above, mostly pilfered without notice, MBAR Notes.




I would like to wish you and your family a Very Merry Christmas and a Happy and Prosperous New Year!

I'll look over your log file(s.)


Log back in to your thread for further instructions please.


We're in different time zones, so there may be a delay.

If I don't respond in 48 hours Please Personally Message Me.

If you don't hear back after 3 days, please post: HERE


I am a Volunteer and do my best to be here. This is sometimes interrupted by sleep, eating, outages.......









Kilt :thumbup2: 




:santa: I'd like to wish all Bleeping Computer Members a Very Merry Christmas and a Happy New Year! :santa:




I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.





** Walk Softly and Carry a Big Stick **




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users