I have contracted a Virus that shows many Ads

Page 11 of 17 FirstFirst ... 910111213 ... LastLast

  1. Posts : 16,325
    W10Prox64
       #101

    --------------------------------------
    updating the RECAP list:

    DONE-Set another restore point,
    DONE-Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
    DONE-Run Malwarebytes Anti-Exploit (see post #17)
    Download and install Malwarebytes Anti-Exploit
    This will help protect your browsers against zero-day attacks.
    DONE-Run SuperAntiSpyware ( see post #49)
    DONE-Please run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (see my instructions in previous post #75)
    DONE-sfc /scannow - no integrity violations found
    DONE-CryptoPrevent

    Please set 2 restore points: CLEAN #1 and CLEAN #2

    Ccleaner:
    Please download and install. I will post screenshots of what we need to do.

    (I may have a couple of other tools I will add to the list here, if we find they are necessary, so TBD.)

    Then, I will suggest you put a couple add-ons into Firefox and adjust some settings for safety, and ONLY use Firefox to browse the web, until Edge has extension support (sometime next year).

    --------------------------------------


    Next is to set 2 restore points.


    Then download and install Ccleaner. Please be sure to watch each screen of the installation for additional things that we don't want. No Google Chrome, nothing. If any boxes are checked by default, read what they pertain to, and then chances are you need to uncheck them. I can't remember if it tries to install anything else with it or not.


    I have contracted a Virus that shows many Ads-cc01.png

    open the list of existing restore points, and we will delete all old ones, because they contain infection remnants and we don't want to have them available for a restore. Leave only the restore points you just set - Clean #1 and Clean #2.

    Highlight them one at a time, and click Remove.


    Next we'll have a look at your installed programs, to see if there are any problems left, like outdated versions of Java, etc. Select save to text file in this screen, and post the file here.

    I have contracted a Virus that shows many Ads-cc02.png

    We will also have a look at your startups and autoruns, and your installed programs from here.

    I have contracted a Virus that shows many Ads-cc03.png

    Do this for each tab, i.e. Internet Explorer, Firefox, Scheduled Tasks, Context Menu.
    Click the Publisher column heading, to sort each by Publisher name - makes it easier for me to evaluate.
    Save each one to a text file and post it here.

    Now proceed to Registry. Select all boxes EXCEPT Help Files. Run the scan. When it is at 100%, make sure all the boxes are checked for everything it lists, then click Fix Selected Items. Save a backup when it asks you somewhere in Documents, where you can find it. (If ever needed, the file can simply be double-clicked, and all changes will be incorporated back into your registry. This should only be done if you find that something is terribly wrong with the operations of the computer after cleaning. In all the years of using this tool, I have never once had to revert my cleaning changes.)
    Attached Thumbnails Attached Thumbnails I have contracted a Virus that shows many Ads-cc04.png  
      My Computer


  2. Posts : 16,325
    W10Prox64
       #102

    I think, if it's okay with you, we can stop here for tonight?
      My Computer


  3. Posts : 472
    Windows 10 Pro 64bit v1803 build 17133.73
       #103

    You could have backed your important files and done a clean install to resolve this issue.
      My Computer


  4. Posts : 16,325
    W10Prox64
       #104

    lopedoggie said:
    You could have backed your important files and done a clean install to resolve this issue.
    True. And we would have never known what infections were on the computer, and the passwords would have never been changed, and then who knows.
      My Computer


  5. Posts : 174
    Windows 10 Version 1709 as of 01-21-218
    Thread Starter
       #105

    For simrick


    I agree; let's call it a day.

    It's gradually approaching 11:00 pm here in Florida, and I'm running out of steam. I think we accomplished a lot today, as well as yesterday and the day-before, and I am very grateful for your help. Had I contacted a Computer Techy to come to my apartment to set things straight, he never could have accomplished what was necessary in one to three hours.

    I'll tune in tomorrow, first thing. I think that you wanted me to create some Restore Points and to add some features to Firefox.

    Thanks again for all your help.
      My Computer


  6. Posts : 16,325
    W10Prox64
       #106

    Writer said:
    It's gradually approaching 11:00 pm here in Florida, and running out of steam. I think we accomplished a lot today, as well as yesterday and the day-before, and I am very grateful. Had I contacted a Computer Techy to come to my apartment to set things straight, he never could have accomplished what was necessary in one to three hours.

    I'll tune in tomorrow, first thing. I think that you wanted me to create some Restore Points and to add some features to Firefox.

    Thanks again for all your help.
    Sounds good.
      My Computer


  7. Posts : 16,325
    W10Prox64
       #107

    This is a reminder for later:

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Don't do anything yet with it.
      My Computer


  8. Posts : 174
    Windows 10 Version 1709 as of 01-21-218
    Thread Starter
       #108

    For simrick


    I created the two new Restore Points.

    I deleted the old Restore Points.

    I installed CCleaner and saved all the information.

    This note appeared at the end of the CCleaner install.

    Registry Note 11-18-2015.docx

    A window appeared in the Notification corner at the end that said:
    CCleaner is now monitoring your computer and will let you know when it needs cleaning.
    The various Tab information is listed below:

    CCleaner Windows Tab 11-18-2015.txt
    CCleaner Internet Explorer Tab 11-18-2015.txt
    CCleaner Firefox Tab 11-18-2015.txt
    CCleaner Scheduled Tasks Tab 11-18-2015.txt
    CCleaner Context Menu Tab 11-18-2015.txt

    CCleaner Registry Changes
    CCleaner Registry Changes 11-18-2015.reg


    The DLL Error still appears at booting.

    A small window has appeared on my Task Bar that says "DMW Notification;" when I click on it, nothing else comes up. I'll leave it there until I hear from you about it.
      My Computer


  9. Posts : 16,325
    W10Prox64
       #109

    Thanks. Please give me some time to evaluate everything.

    EDIT:
    Please open Ccleaner and make the following changes:

    In the Uninstall Programs Window, please uninstall:
    Plugin Java(TM) Platform SE 8 U31
    This is outdated and could have been the initial method of infection.

    In the Firefox Tab please DISABLE
    Plugin Java Deployment Toolkit 8.0.310.13 11.31.2.13 Oracle Corporation


    In the Scheduled Tasks Window, please DISABLE:
    Task Cedfomh C:\PROGRA~1\SHOPPE~3\Velgu.bat
    Task Fsaksaeelkida "C:\ProgramData\Fsaksaeelkida\1.0.6.1\oohnagee.exe"
    Task Jifqinw C:\PROGRA~1\SHOPPE~2\Muirra.bat
    Task Jisnojci C:\PROGRA~1\SHOPPE~4\Ajejao.bat
    Task Jyxutjdn C:\Users\User\AppData\Roaming\Jyxutjdn.exe
    Task Nuppobc C:\PROGRA~1\GROOVE~1\Rukdof.bat
    Task Rimgotp C:\PROGRA~1\SHOPPE~1\Yojyd.bat
    Task tmrjkEPblUbCKPY8TD975OiP C:\Users\User\AppData\Roaming\tmrjkEPblUbCKPY8TD975OiP.exe

    In the Windows Tab:
    Question: Is there a reason you have your Realtek Audio disabled? Are you having problems with it?
    No HKLM:Run RTHDVCPL "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s

    Same question with these - is this on purpose?
    No HKLM:Run HotKeysCmds C:\Windows\system32\hkcmd.exe
    No HKLM:Run IgfxTray C:\Windows\system32\igfxtray.exe
    No HKLM:Run Persistence C:\Windows\system32\igfxpers.exe
    No HKCU:Run OneDrive Microsoft Corporation "C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    No Startup User Send to OneNote.lnk Microsoft Corporation C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

    Regarding the registry note:
    The file referenced at: HKLM\SYSTEM\CurrentControlSet\services\tmKasKUsC\ImagePath could not be located. These references are often left behind after uninstalling software.
    Solution: Delete the registry key.
    This should have been taken care of, when you ran the registry cleaner tool in Ccleaner. I see it listed as being cleaned - it's the very last entry in the reg file.

    Please perform these changes, and then reboot the computer. See if the DLL error message is now gone.

    NOTE: I still need a text file of all your installed programs from the UNINSTALL TAB. I can see hints of toolbars and other things that I need to identify so we can uninstall them.
    Thanks.
    Last edited by simrick; 18 Nov 2015 at 12:48.
      My Computer


  10. Posts : 5,478
    2004
       #110

    I don't mean to sidetrack or duplicate what @simrick is doing but with regards to one minor part, the C:\users\AppData\Local\PluginBus\xBin\PluginBus.dll problem at startup, you could download autoruns from here Autoruns for Windows, run it and right click and delete the entry where it is found in the Image path...

    It was from a scheduled task to add adware apparently pluginbus.dll and the problem dll has probably already been cleaned up just leaving the start-up item.

    I have contracted a Virus that shows many Ads-capture.png
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:22.
Find Us




Windows 10 Forums