I have contracted a Virus that shows many Ads

@Writer
You might want to download and run RKILL.
This program scans your system and kills suspect processes so you can use your computer. Everything it does is undone by a reboot. Once the scan is finished, it puts a text file on your desktop. Please upload that file here and we'll have a look at it.

It's quite possible that Edge will have to be reset. Other browsers reset very easily, but Edge is a different story.

Try Edge Settings>Advanced Settings>Open Proxy Settings and see if there is anything in there. If so, get rid of it.

Writer said:

Here is a list of the lingering items:

1/ A window named "Healer Console" appears in the lower right "notification" corner. However, when I cancel it, it doesn't come back. This window only shows up with Microsoft Edge, but, again, when I click on Microsoft Edge, www-searching.com opens up as the browser. With Internet Explorer the "Healer Console" ad does not show up.

Please check your installed programs and see if it is listed. If so, please try uninstalling from there.

Writer said:

2/ The Microsoft Edge browser shows as www-searching.com. It didn't do this prior to the infection.

Check for proxys, as I show above.

Writer said:

3/ The software "NowUSeeIt Player" cannot be deleted. A message comes up that reads: "Do you want this app to update software on your PC?" Whatever you click on: yes or no, nothing happens. The program name for this software is: 221a3c.msi

Again, please check your installed programs and see if it is listed. If so, please try uninstalling from there.

Writer said:

4/ An ad for "PC Speedup Pro Repair," which seems to be connected to the www-searching.com browser, opens up unsolicited; however, not when I use Internet Explorer.

Here as well, please check your installed programs and see if it is listed. If so, please try uninstalling from there.

Writer said:

Question: Does the ADW Cleaner software remain on the computer? I see that the Malwarebytes does remain with an icon on the Desktop.

ADWCleaner does not "install" per se, it merely stays there, unless you delete it. Malwarebytes, OTOH, does install.

Writer said:

Thanks for the tips. Unfortunately, I did not set any "System Restore Points" at all. For previous editions of Windows, one did not have to set (or have the computer set) Restore Points; after a virus infection, you could set a date back to which you wanted to restore your system. I'll have to make sure that I set regular Restore Points for the future - or have Windows 10 do it automatically.

Unfortunately, MS turn off system restore every time a major update comes through. IMO, whoever made that decision ought to be fired.

Writer said:

All of this is quite new to me. Please remember that I am a rookie. Having said that, let me say that I found the "File Explorer Option" by clicking on "Start" then "Search" and searching for "Show hidden files." I found the listing: "Hide Protected Operating System Files."

Now, at this point, I can guess that "HD" stands for "Hard Disk," but I don't know that for sure. Additionally, I don't know what a root folder is or where to find it. If there is an "autorun.inf," what does this mean?

I appreciate your help, and I am definitely learning a lot, but please understand that you are "light-years" ahead of me.

HD or HDD = Hard Drive
System root = C:\ (usually "C:" - the root of the drive your operating system is installed on) If your OS (Operating System) is installed on the D drive, then your system root would be D:\.
autorun.inf would be the name of a file that runs automatically, found in your system root, where one would not belong normally.

Open up a different browser like Firefox or Internet Explorer, and run an ESET Online Scan:
Click on the green button to download the installer.
Save the file (the example is using Firefox).
Now, run the file.
(I will post more screenshots in the next message.)

Accept the terms and click START



Let it download the necessary files



Now, make some modifications to the default scan:
Click on Show Advanced Options and select the following:



For Current Scan Targets, select Change
Select all drives connected to your computer (NOT a DVD drive, of course).

Let the scan run. Delete everything it flags as a problem.

Writer said:

Wow! I just noticed that you added a lot of information to your original post. Thank you very much. I have been working on this for several hours today, and my eyes are getting bleary. I'll follow up on your suggestions tomorrow.

Yes, sorry about that. I understand your pain. I do this for quite a lot of people all the time, so I am very familiar with the "bleary eyes"!

Writer said:

Let me just say that "Healer Console" has stopped popping up. The software "NowUSeeIt Player" is listed with my programs, but it will not uninstall. When I try uninstalling it, the following message comes up: "Do you want this app to update software on your computer?" No matter if you answer "Yes" or "No" it does not uninstall.

Not good. I will do some more research on this.

Writer said:

I have run ADWCleaner and Malwarebytes Antimalware, and almost everything has returned to normal. One matter, which appears to be minor, is that when I open Microsoft Edge, www-searching.com comes up as the browser. Along with www-searching.com there is an ad in the middle of the page for Reimage Repair. When I click on "NO," a full-screen ad opens up offering a Download for Windows 10. When I delete it, it asks me "if I am sure I want to leave this page?" After I click on "Yes," the full-screen ad disappears and doesn't come back. But it reappears every time I open up Edge.

This is the only small problem that remains from an invasion of ads after my computer was infected.

The fact that this has been going on for a week has got me concerned. The www-searching.com is hijackware/spyware that has the possibility to download additional malware in the background.

Writer said:

As you suggest, I might have to "reset" Edge. In that regard, could you explain to me how you arrive at the "Screen Shot" that you have in your post? The one for "Edge Settings." I haven't been able to find it.

I'll try to find it again tomorrow, Monday, November 16.

The method to arrive at the proxy settings for Edge are shown below. However, that is not resetting the browser. But, please check the proxy settings first. I will need the log file from you from running RKILL, so please do that before you do anything else.

Writer said:

Thanks again for your input. Thanks also for explaining the points that I didn't understand from "topgundcp's" post.

No problem. Here is the method for getting to the proxy settings in Edge:

click on the 3 dots, then click on Settings



Scroll down and select Advanced Settings



Then click on Open proxy settings

Writer said:

Please refer to my previous post where I have added some material.

I'll address all of your suggestions tomorrow.

Thanks again.

Okay I have found some information on a similar problem - Playthru Player.
We will be using much of the same procedure as they did here, at Bleeping Computer.
Let me say, here is exactly what I want you to do tomorrow:

Create a restore point - name it BEGIN CLEANING

1. Download and run RKILL; post the text file here. Do not reboot.

2. Download and run TDSSKiller (exe version); post the results here.
Here are the instructions from BC:

• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

If the program wants you to reboot, you may do so, but you will have to run RKILL again before you proceed.

3. Run ADWCleaner again.
Here are the instructions from BC:

Double click on AdwCleaner.exe to run the tool again.

• The tool will start to update the database, please wait a bit.
• Click on the Scan button.
• AdwCleaner will begin to scan your computer like it did before.
• After the scan has finished...
  Click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

If the program wants you to reboot, you may do so, but you will have to run RKILL again before you proceed.

4. Run Junkware Removal Tool
Here are instructions from BC:

• Shut down your [anti-virus] protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

If the program wants you to reboot, you may do so, but you will have to run RKILL again before you proceed.

5. Run the ESET Online Scan as per above posts. Also shut down your anti-virus when running this.
Delete everything it finds.

If the program wants you to reboot, you may do so, but you will have to run RKILL again before you proceed.

6. Set another restore point - name it "Prepare to reset browsers"

7. Please then reset all your browsers.

Chrome
Firefox
Internet Explorer Select Delete Personal Settings as well
Edge - (quite complicated-take your time with this one)

8. Verify in Installed Programs that the NowUSeeIt Player is no longer installed.

9. Download and install Malwarebytes Anti-Exploit
This will help protect your browsers against zero-day attacks.

10. post all your reports

Let us know how it goes. We will await your uploaded reports.

EDIT: After reading your reports, if it is clear that we have removed everything completely, I may recommend you install a program called CryptoPrevent, to protect your AppData directory, which is where most of these nasties hide their executables. But, we have to be sure your AppData directory is completely clean, as the program will whitelist everything existing there on the first run, and we don't want it whitelisting anything malicious.

This question is a little dumb - have you reset your homepage on Edge? I am asking because a lot of times, Malwarebytes, etc. will remove a virus that changes your homepage to a malicious website if you try to set it to what you want it to be, but the homepage is never reset by the anti-malware program.

Oh, and if you can't find anything using ESET, RKill, etc., check out Dr. Web CureIt. It's another free antimalware program.

You said:

This question is a little dumb - have you reset your homepage on Edge? I am asking because a lot of times, Malwarebytes, etc. will remove a virus that changes your homepage to a malicious website if you try to set it to what you want it to be, but the homepage is never reset by the anti-malware program.

Oh, and if you can't find anything using ESET, RKill, etc., check out Dr. Web CureIt. It's another free antimalware program.

Yes, but he still has an infection:

The software "NowUSeeIt Player" is listed with my programs, but it will not uninstall. When I try uninstalling it, the following message comes up: "Do you want this app to update software on your computer?" No matter if you answer "Yes" or "No" it does not uninstall.