Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website blocked due to Trojan - Malwarebytes pop-up every 2 seconds


  • This topic is locked This topic is locked
30 replies to this topic

#16 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:11 PM

Posted 15 October 2018 - 04:55 AM

Weekends tend to be a bit hectic but thanks for getting back and letting me know.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


BC AdBot (Login to Remove)

 


#17 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 15 October 2018 - 11:19 AM

Good day Satchfan...

 

I have removed Chrome and decided to test my browsing experience using IE...

 

I still have a problem...  Whenever I click on links, a new tab would pop up taking me to a strange website... Only after the 3rd click will the correct link actually open...

 

I get directed to sites like:  (for some reason I can't paste the links here... see txt file attached)

 

I also see get adds from "Powered by "rightcoupon"

 

I don't know anymore :(  :(  :(

 

 

 

Attached Files



#18 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:11 PM

Posted 15 October 2018 - 03:56 PM

This is becoming tedious for us both!!!!

Reset Microsoft Edge

  • open the ‘Settings’ menu by clicking the three horizontal dots in the upper right corner of the Edge window and choose Settings
  • under ‘Clear browsing data’, click Choose what to clear then click Show more
  • although there are a lot of data types, select them all and click Clear
  • restart the computer.

================================================

Reset Internet Explorer

  • click on Tools > Internet Options
  • click on the ‘Advanced’ Tab
  • click the Reset button on the bottom of the pane
  • click on [b]Apply
  • close IE.

================================================

Please run AdwCleaner and Malwarebytes again, (allow both to update before you scan). Allow AdwCleaner to ‘Clean’ anything found and post both logs.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#19 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 October 2018 - 01:47 AM

Morning Satchfan...

 

I just followed your steps above...

 

And according to Adwcleaner and Malwarebytes, the PC is clean... But it's not...  Still just a bunch of pop-ups that makes internet browsing impossible... I obviously installed Malwarebytes again... And now its popping up the whole time blocking stuff while browsing...

 

 

Seems like the next step will be a format and fresh windows install :(  :(  :(

 

 

Attached Files



#20 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:11 PM

Posted 16 October 2018 - 03:44 AM

Let's see if this finds anything. If it doesn't we'll have to flush it out.:

 

Run Zemana AntiMalware

Download Zemana AntiMalware:

  • open the program and without changing any options, press Scan
  • after the scan is finished, if threats are detected press Next to remove them

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

  • open Zemana AntiMalware again and locate the report
  • please paste the contents into your reply.

Satchfan

 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#21 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 October 2018 - 05:43 AM

Hi Satchfan...

 

Report as follows:

 

 

Again... Can't seem to paste info here...

 

Anyways... see attached

 

 

Looks like everything is now sorted... For the first time I can now browse internet again without pop-ups and ads etc. :) :)

 

The Malwarebytes pop-ups are also gone :) :)

 

 

What would be the best browser to use??  I hate IE and Edge... That's why I liked using chrome... Can I install chrome again??  Or should I rather look at something else ??

 

Thank you so much for your help !!!!!!!!!!

 

 

 

Attached Files



#22 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:11 PM

Posted 16 October 2018 - 06:36 AM

That's good news.

 

I hate IE and Edge... That's why I liked using chrome... Can I install chrome again??

IE and Edge are both good browsers and I use both IE & Firefox. Personally I don't like chrome as it is intrusive and causes more trouble than it's worth.

 

If you want to try Firefox you can download it from here. Remember also to use an Adblock. If you choose to try Firefox, download and use Adblock Plus. This is a Firefox add on that should block popup banners.

===============================================

 

Let's clear out your temporary files then do a final an online scan to be sure nothing is left and, if that’s clear, I’ll send instructions to tidy up.

Download TFC to your desktop

  • close any open windows
  • double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • click the Start button to begin the process
  • allow TFC to run uninterrupted
  • the program should not take long to finish it's job
  • once its finished it should automatically reboot your machine
  • if it doesn't, manually reboot to ensure a complete clean.

===============================================

Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Run Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found.
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here
 

Thanks

Satchfan

 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#23 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 October 2018 - 09:04 AM

Hi Satchfan,

 

ESET found some more threats...

 

See attached:

 

Thanks

Attached Files



#24 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:11 PM

Posted 16 October 2018 - 09:44 AM

Please run Eset again and this time choose to checkmark Clean Threats Automatically.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#25 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 16 October 2018 - 10:59 AM

Ok Done... Ran the scan and cleaned everything :)



#26 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:11 PM

Posted 16 October 2018 - 04:07 PM

Good. :thumbup2:

 

I'm off to bed tonight but let ne know if everything is OK and if it is, I'll send instructions to clean up tomorrow.

 

Well done.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#27 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 17 October 2018 - 01:29 AM

Hi Satchfan,

 

Yes... So far so good... Everything looks perfect...  I'm going to stick to IE...  IE is not really that bad, but EGDE is horrible (for me) :) :)

 

Thanks again for the help so far... I really appreciate the time :)

 

Regardt



#28 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:11 PM

Posted 17 October 2018 - 02:01 AM

Thanks again for the help so far... I really appreciate the time :)

You're welcome and well done on not giving up. :)

 

Now that your computer seems to be running well, please follow these steps to tidy up and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

  • open adwcleaner.exe
  • click on Settings
  • click on the Application tab and scroll down to the bottom
  • click on Remove.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Recommended programs

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe
 

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

===================================================

I also recommend that you read the following:

Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams

Answers to Common Security Questions - Best Practices by quietman7

How Malware Spreads - How Did I Get Infected by quietman7

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#29 SinWolf

SinWolf
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 18 October 2018 - 01:10 AM

All done... THANKS AGAIN for the help Satchfan !!!!!



#30 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:11 PM

Posted 18 October 2018 - 03:42 AM

You're welcome. :)


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users