I have contracted a Virus that shows many Ads

Page 6 of 17 FirstFirst ... 4567816 ... LastLast

  1. Posts : 16,325
    W10Prox64
       #51

    mrpumpkin said:
    I do not wish to derail the thread, but what "Adobe" was downloaded? Was it Flash, or Acrobat?
    I suspect it was not an authentic Adobe download.
      My Computer


  2. Posts : 174
    Windows 10 Version 1709 as of 01-21-218
    Thread Starter
       #52

    For simrick


    I'm sure that I did not do ESET properly. I'll do it again tomorrow. I'll uninstall it or delete it from my downloads and download it again; this time I won't choose between "Purchase" and "30-day Free Trial."

    I went to Edge > three dots > Settings > View Advanced Settings but I couldn't find an option called "Open Proxy Settings." Is it hidden under one of the other options?

    I did not use FireFox to go to the ESET Online Scanner, but I'll be sure to do that tomorrow.

    I'll also create the new System Restore Point that you suggest tomorrow. This sounds as though it will take some time.

    I'm going to call it a day for now; it's approaching 11 pm here in Florida, and I've had a long day.

    If you're not on Microsoft's payroll, I think you should be. Thanks again for all you help.
      My Computer


  3. Posts : 142
    dual boot win10/win7
       #53

    simrick said:
    I suspect it was not an authentic Adobe download.
    Yeah, but was the lure. I'm curious, and it helps others to be aware.
      My Computer


  4. Posts : 16,325
    W10Prox64
       #54

    Writer said:
    Two Victories!

    I just did a "Restart" and now, when I click on Edge, www-searching.com does not appear!

    Also, I was able to "uninstall" "NowUSeeIt Player."

    I'll download FireFox first and then run the ESET Scan.
    HURRAH! NOW we're talking! I think, based on this news, we may be able to skip resetting the Edge browser. Let's leave that for now.

    Writer said:
    I'm sure that I did not do ESET properly. I'll do it again tomorrow. I'll uninstall it or delete it from my downloads and download it again; this time I won't choose between "Purchase" and "30-day Free Trial."
    It's a bit tricky at the end. I will try to post some screen shots for you to follow tomorrow.

    Writer said:
    I went to Edge > three dots > Settings > View Advanced Settings but I couldn't find an option called "Open Proxy Settings." Is it hidden under one of the other options?
    I have contracted a Virus that shows many Ads-edge-settings01.png


    I have contracted a Virus that shows many Ads-edge-settings02.png


    I have contracted a Virus that shows many Ads-edge-settings03.png

    I have contracted a Virus that shows many Ads-edge-proxy-settings.png



    Writer said:
    I did not use FireFox to go to the ESET Online Scanner, but I'll be sure to do that tomorrow.

    I'll also create the new System Restore Point that you suggest tomorrow. This sounds as though it will take some time.

    I'm going to call it a day for now; it's approaching 11 pm here in Florida, and I've had a long day.

    If you're not on Microsoft's payroll, I think you should be. Thanks again for all you help.
    Yes, tomorrow is fine.

    So, to recap,
    Set another restore point,
    Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
    Run Malwarebytes Anti-Exploit (see post #17)
    Run SuperAntiSpyware
    Run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (I'll give you those instructions tomorrow).
    Then we'll run SFC /SCANNOW to make sure your operating system files are intact.
    Finally, we will have you install CryptoPrevent to stop these nasties from running in the future.

    We will then set 2 new restore points, calling them CLEAN1 and CLEAN2.
    Then we will install Ccleaner (free version), open the list of existing restore points, and we will delete all old ones, because they contain infection remnants and we don't want to have them available for a restore.

    Then, I will suggest you put an add-on in Firefox and adjust some settings for safety, and ONLY use Firefox to browse the web, until Edge has extension support (sometime next year).

    Good night! :)
    Last edited by simrick; 17 Nov 2015 at 08:43.
      My Computer


  5. Posts : 5,478
    2004
       #55

    mrpumpkin said:
    Yeah, but was the lure. I'm curious, and it helps others to be aware.
    I often see "Your flash is out of date click here to install", don't do it...


    @Writer, did you get your Windows Defender running again? It was mentioned earlier in this thread that it had been disabled, wasn't sure if it was fixed. Sorry if you and @simrick have covered this already...
      My Computer


  6. Posts : 16,325
    W10Prox64
       #56

    @Writer
    Instructions for running ESET in Firefox and grabbing the info:
    (I have to do this in several posts, as there is a limit to attachments in each one.)

    I have contracted a Virus that shows many Ads-eset01.png


    I have contracted a Virus that shows many Ads-eset02.png

    I have contracted a Virus that shows many Ads-eset03.png

    I have contracted a Virus that shows many Ads-eset04.png

    I have contracted a Virus that shows many Ads-eset05.png

    I have contracted a Virus that shows many Ads-eset06.png
      My Computer


  7. Posts : 16,325
    W10Prox64
       #57

    ESET Part 2

    I have contracted a Virus that shows many Ads-eset07.png

    I have contracted a Virus that shows many Ads-eset07a.png


    You may also want to scan archives. I don't show that checked here.
    Be sure to check all external drives to be scanned as well, if they were connected to the computer at any time when it was infected. DVD is not scanned.

    I have contracted a Virus that shows many Ads-eset08.png


    I have contracted a Virus that shows many Ads-eset09.png

    I have contracted a Virus that shows many Ads-eset10.png

    Click list of found threats. Select Export to text file or copy to clipboard.

    I have contracted a Virus that shows many Ads-eset11.png


    I have contracted a Virus that shows many Ads-eset12.png

    I have contracted a Virus that shows many Ads-eset13.png

    Click Back. Select Manage Quarantine. This is where you restore any false positives. You don't have to worry about that..

    I have contracted a Virus that shows many Ads-eset14.png

    Don't restore anything on your system!

    I have contracted a Virus that shows many Ads-eset15.png

    Click Back.

    I have contracted a Virus that shows many Ads-eset16.png

    Click Finish. Your computer has been cleaned. Now the BUY or Trial box shows. You can just close that.

    I have contracted a Virus that shows many Ads-eset17.png
      My Computer


  8. Posts : 16,325
    W10Prox64
       #58

    lx07 said:
    I often see "Your flash is out of date click here to install", don't do it...


    @Writer, did you get your Windows Defender running again? It was mentioned earlier in this thread that it had been disabled, wasn't sure if it was fixed. Sorry if you and @simrick have covered this already...
    Since he took the free trial of ESET, I'm sure Defender will be disabled, but legitimately this time.
      My Computer


  9. Posts : 5,478
    2004
       #59

    simrick said:
    Since he took the free trial of ESET, I'm sure Defender will be disabled, but legitimately this time.
    Cool :)
      My Computer


  10. Posts : 174
    Windows 10 Version 1709 as of 01-21-218
    Thread Starter
       #60

    I just got started at about 9:30 am
    Thanks for all of the new Information.

    I created another System Restore Point: "11-17-2015 Tuesday"

    Concerning lx07's query about Defender: I just checked, and it says the same as yesterday: "This app is turned off by Group Policy." So, I don't know if it is still incapacitated from the virus. Thanks for the question, @lx07.

    When I booted up this morning, the following message appeared: I don't know it's significance:
    Run DLL
    There was a problem starting C:\users\AppData\Local\PluginBus\xBin\PluginBus.dll
    The specified module could not be found.
    Concerning my not finding "Open Proxy Settings": I looked again, and this option is not there. You show it as being just above "Privacy and Services." On mine, just above "Privacy and Services" is "Always use caret browsing." However, as you write, we may not need to reset Edge since www-searching.com is now gone.

    I'll download ESET now and run the Scan. I don't know if I can use the computer for other matters when the Scan is running, so I'll probably be occupied with the Scan for at least an hour.

    Malwarebytes did an automatic Scan this morning at 9:09 am; here is the Scan Log:
    One file was removed: PUP.Optional.CrossRider

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 11/17/2015
    Scan Time: 9:09 AM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.11.17.03
    Rootkit Database: v2015.11.14.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x86
    File System: NTFS
    User: User

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 354818
    Time Elapsed: 30 min, 35 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.CrossRider, HKU\S-1-5-21-4156195948-2828175874-2147720042-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9563BC59-9556-4805-8CD4-886781779D8D}, Quarantined, [e037b1ce8dfe5cdaccd10ec936cdb947],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 18:43.
Find Us




Windows 10 Forums