Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please make this thing go away


  • Please log in to reply
4 replies to this topic

#1 Davidwhodosentknow

Davidwhodosentknow

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 09 August 2018 - 12:44 AM

Whenever I use the google chrome it comes up with this things where I wants me to go there other web sites. but I don't need them. it just wants me to other parts where I can get some stuff I don't even need to use. It just comes up on my computer. It even stays up when I don't even use them. I have to click on it and it goes away.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Mason21

Mason21

  • Members
  • 390 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:32 AM

Posted 09 August 2018 - 04:49 AM

You can go into Chrome ....click the three dots in the upper right hand corner. Click on "settings" ..scroll down to the bottom and select "advanced" . you can choose "restore settings to their original defaults" ...You will have to re-add back in your bookmarks and such. Or right under that is "Clean up Computer" doing this will get rid of harmful apps.


Edited by Mason21, 09 August 2018 - 04:51 AM.


#3 Rocky Bennett

Rocky Bennett

  • Members
  • 2,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:10:32 AM

Posted 09 August 2018 - 06:22 AM

That looks like a virus. I would use Malwarebytes and perform a ivrus scan.


594965_zpsp5exvyzm.png


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:32 AM

Posted 09 August 2018 - 12:26 PM

This looks like a browser redirect virus.  Please run the scan below and post the results in your topic.  If this does not resolve the problem you will need to open a topic in the Virus, Trojan, Spyware, and Malware Removal Help forum.  If turns out to be the case you will need to use the instruction immediately below.

 
If you believe that your computer is infected you need to start a topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum.  
 
You will need to do the following prior to starting your topic.
 
 
   * If you cannot complete a step, then skip it and continue with the next.
   * In Step 6 there are instructions for downloading and running FRST which will create two logs.
 
When you have done this, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.
 
Start a new topic and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.
 
After doing this, please reply back in this thread with a link to the new topic so this topic can be closed by a Moderator.
 
DO NOT bump your new topic. Wait for a response from one of the Malware Response Team Members.  The MRT members look for topics which have not been addressed.  If you bump your topic it will make it appear that your topic is being addressed
 

 

 

Please run the scans suggested below in the order that they are requested and post the logs in the same order.  Unless otherwise instructed post the logs in your topic, do not use a host website to post these logs.   Please do not wrap your logs in quotes or code brackets or use use spoilers.
 
 
Please download and run RKill
 
RKill attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.  RKill will not remove any of the processes it stops, you will need to run security scans to remove any malware found.  These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is restarted.  
 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
icHPxaT.png
 
After this has run you will see another image explaining that RKill has finished running and you should be able to run the scan.  You need to click/tap on OK.
 
2Q1rnlf.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
AttentionAt this time you need to run your security applications listed below.  When the scan has finished running a lot will be posted in Notepad.  Copy and paste this log in your topic.
 
Importanat: There is a possibility that malware may recognize RKill and keep it from running, if this is the case do the following.
 
If while RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run successfully and you have run the requested scans you should reboot the computer to restore the processes and Windows Registry entries. 
 
 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
3.  Click Start Scan and allow the scan process to run.
 
yEt9i3P.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.  If threats are not found you will see a screen like the one below.
 
DOrb0BK.png
 
***Do NOT select Delete!
 
Click on Continue.
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (in most cases this is c: Drive) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log in your topic.
 
 
 
Please run Malwarebytes AntiMalware
 
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  
 
4YSU8ND.png
 
3)  Click on Settings, you will see a image like the one below.
 
35AFYEE.png
 
When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits
 
4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.
 
5)  When the scan is complete the results will be displayed.  Click on Delete All.
 
jEVtTTK.png
 
6)  Please post the Malwarebytes log.
 
To find the Malwarebytes log do the following.  Copy and paste the log in your topic.
 
*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
 
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens click on Scan to start the scan.
 
ZQk62WV.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.
 
If there are no malicious programs are found you will receive a message informing you of this.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
CsqnoTW.png
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 
 

Please run the ESET OnlineScan
 
This scan takes quite a long time to run, so be prepared to allow this to run 
till it is completed.
 
***Please note. If you run this scan using Internet Explorer you won't need 
to download the Eset Smartinstaller.***
 
ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that 
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  •  
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.

  • Edited by dc3, 09 August 2018 - 12:33 PM.

    Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

     

     

     

     


    #5 jenae

    jenae

    • Members
    • 831 posts
    • OFFLINE
    •  
    • Local time:03:32 AM

    Posted 09 August 2018 - 11:09 PM

    Hi, while waiting for the doc's to arrive I read your post. I wrote a cmd for you. You may like to do a little detective work, the advice offered so far has been sound, Dc3's should find the culprit.

     

    Without downloading anything and much more educational (after experience you can find the nasty in sec's).

     

    Press win + r keys together in the run dialogue box type:- cmd

    Then press ctrl + shift + enter keys together, cmd.exe opens as administrator, (this used to exist in earlier versions of windows v1803 has bought it back, applies to ALL executables).

     

    Copy the following cmd and right click, anywhere in the cmd window,  paste the cmd, & it will append to the prompt, press enter.

     

    echo > 0  & netstat -abfo 4 >> 0 & tasklist /v >> 0 & echo >> 0 & notepad 0

     

    NOTE:- You would run this just after the problem shows and leave the site running:-

     

    Nothing will happen as the system is running a TCP and UDP trace, the 4 in the cmd indicates this trace runs every 4 sec's, let it run for 20 odd sec's. To stop press the ctrl + c keys together. At this stage a notepad will open.

     

    The first section tells you (we are only interested in TCP) listening and established, for your issue the connection would have been established, you can note the PID (this is the process ID number, and applies to all processes running on your machine), most will be your browser, you are looking for a site you don't recognize OR you do from the address header of the errant page that opens on your computer. Note the suspicious PID number, or the PID number of any you do not recognize.

     

    The second part is a tasklist, this shows the names of ALL running processes on your machine, It also shows their PID number, all you do is match the suspicious PID number from the first section to the PID in tasklist and note the process name this is the culprit, you can post the details here if you wish or locate the path to the process and delete it, for this post back with details and we can show you how to easily delete it.

     

    This is offered as a educational post, I will endeavor to more fully explain what some of the cmd's I ask for do, and how they might be applied. It does not mean you should not run AV or malware protection utils, prevention is better then cure.






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users