Windows 10: Virus / Malware

Page 1 of 3 123 LastLast
  1.    28 May 2018 #1

    Virus / Malware


    - Windows 10 Pro 64 bit

    About two weeks ago, I would get periodic popups in the form of a new tab in Edge. On the new tab, it said:

    “Congratulations User!
    You have been selected today to receive a FREE iPhone X, PlayStation 4 or Samsung Galaxy S6!
    Please click OK to claim the prize before we giveaway to somebody else!”


    Obviously, this is bad news.

    I searched and found this website:

    Remove scam (Removal Guide) - updated Mar 2018

    It suggested removing recent suspicious programs and clearing out your cache and other stuff from Edge. I did so.

    For about ten days, the malware did not reappear. Today it did reappear once again.

    I have scanned with Norton 360. It says my computer is clean.

    I have run Malwarebytes, and again, it says my computer is clean.

    But I know I have malware that is present.

    This popup occurs at random times. It will suddenly rear its ugly head by announcing over my speakers that I have won something.

    How do I find this thing and get rid of it?
    Last edited by essenbe; 28 May 2018 at 16:37.
      My ComputerSystem Spec

  2.    28 May 2018 #2

    Here's some follow-up information.

    I ran Norton's Power Eraser (NPE). I found two items: 1) vyprvpnservice.exe and 2) a registry entry. I allowed NPE to delete or fix both. The first item is actually legitimate. It's my Vypr VPN service.

    I went to the website and redownloaded and installed the file. So I have my VPN back again.

    I reran NPE. This time, it only identified the vyprvpnservice.exe. Because that's a false positive, I skipped it. There were no registry entries this time.

    Could a registry entry be responsible for my malware? In other words, has the issue likely been addressed?
      My ComputerSystem Spec

  3.    28 May 2018 #3

    Download and Run ADWCleaner then download Malwarebytes Scan with each individually and remove any items it finds. They both should clear out any Browser extensions and other malware. Follow it up with another 360 scan, all though we find Norton to be bloated and not worth the cost as it doesn't keep you safe.
      My ComputerSystem Spec

  4.    28 May 2018 #4

    I chatted with Norton on the phone for about a half hour. He was confident that my computer was clean because the Norton Power Eraser (NPE) didn't find anything. He believes that it might be related to some of the Extensions that I am using. Or, it might simply be the websites themselves. I have difficulty with the website idea because I am going to "mainstream" websites when the problem occurs and it is *always* the same popup message that exists on a separate tab.

    Out of an abundance of caution, I removed the following two extensions:
    • Ghostry
    • IP Address and Domain Information


    My other extensions are as follows:
    • Dashlane
    • Office Online
    • Adblock Plus
    • Save to Pocket
    • OneNote Web Clipper


    I followed spunk's advice.

    In addition to some relative innocuous stuff, ADWCleaner cleaned out 9 registry entries. I have a hunch that these might have played a role. The have the form like the following:

    Code:
    HKLM\Software\Classes\CLSID\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\DOMStorage\SuspiciousSite1dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\DOMStorage\wwwSuspiciousSite1dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\EdpDomStorage\SuspiciousSite1dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\EdpDomStorage\wwwSuspiciousSite1dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\DOMStorage\SuspiciousSite2dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\EdpDomStorage\SuspiciousSite2dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\DOMStorage\SuspiciousSite3dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\EdpDomStorage\SuspiciousSite3dotcom
    I used "X" to replace various characters that are non-essential. And used "SuspiciousSite1dotcom" rather than placing the actual website.

    I have a hunch that those sites were somehow responsible for supplying the garbage pop-ups.

    I ran Malwarebytes. It indicated that my computer was clean.

    I am running Norton again now using a full scan. So far after 3 million scanned items, it's found five tracking cookies. I suspect it won't find anything. I will wait, though, until it is done.

    I hope that by deleting those registry entries my system is now clean.
      My ComputerSystem Spec

  5.    28 May 2018 #5

    Attention Moderator:

    Please go to my first post in this thread and remove the hyperlink to the website. I don't trust that website. I am fearful that the website is designed to catch those wanting to remove these popups. If you to the hyperlinked site and hover over some of the links in the instructions, you will find that they don't go to where you think they should go. So please remove the hyperlink.
      My ComputerSystem Spec


  6. Posts : 562
    Win 10 Pro, 18219 (Skip) 64bit
       28 May 2018 #6

    Stecyk said: View Post
    Attention Moderator:

    Please go to my first post in this thread and remove the hyperlink to the website.

    Should be able to do that yourself. Just go to post and edit.
      My ComputerSystem Spec

  7. Wiley Coyote's Avatar
    Posts : 851
    Windows 10 Home x64 Version 1803 (OS Build 17134.319)
       28 May 2018 #7

    Stecyk said: View Post
    Attention Moderator:

    Please go to my first post in this thread and remove the hyperlink to the website. I don't trust that website. I am fearful that the website is designed to catch those wanting to remove these popups. If you to the hyperlinked site and hover over some of the links in the instructions, you will find that they don't go to where you think they should go. So please remove the hyperlink.
    You (being the Thread Starter) should be able to go to that post and click "Edit" and remove the link yourself.

    Edit:

    Good luck with your malware.
      My ComputersSystem Spec

  8. Bree's Avatar
    Posts : 8,575
    10 Home x64 (1803) (10 Pro on 2nd pc)
       28 May 2018 #8

    Stecyk said: View Post
    I don't trust that website. I am fearful that the website is designed to catch those wanting to remove these popups...
    That site makes it's money on commission on software sales. See their Disclosure...

    The company works in the affiliation with these companies: Reimage, Plumbytes Software, Malwarebytes, OSHI Limited, iS3, SUPERAntiSpyware, SurfRight B.V., Webroot Inc., BullGuard, ParetoLogic. These companies pay special commissions after users purchase their products thru the site. The main program, which is recommended on the project, is Reimage.
    ...so expect a lot of links to Reimage. The information seems reasonable and well-intentioned, just as long as you avoid the temptations of the regular 'sales pitch' links scattered throughout the articles.
      My ComputersSystem Spec

  9. essenbe's Avatar
    Posts : 11,130
    Windows 10 Pro and Windows 10 Pro Insider
       28 May 2018 #9

    Stecyk said: View Post
    Attention Moderator:

    Please go to my first post in this thread and remove the hyperlink to the website. I don't trust that website. I am fearful that the website is designed to catch those wanting to remove these popups. If you to the hyperlinked site and hover over some of the links in the instructions, you will find that they don't go to where you think they should go. So please remove the hyperlink.
    Site unlinked
      My ComputersSystem Spec

  10.    28 May 2018 #10

    Thank you, Moderator.

    With regard to others suggesting that I should have edited the post myself, I see that I can report, quote, multi-quote, unsubscribe, print, and search. But I don't see the edit function. I must be looking in all the wrong places. Can someone, please, point me to the correct spot to edit for future reference?
      My ComputerSystem Spec


 
Page 1 of 3 123 LastLast

Related Threads
Solved [HELP] I think I'm infected with UNKNOWN malware/virus in AntiVirus, Firewalls and System Security
I have a newly bought laptop, an Acer Aspire E 15. What that lead me to think that I'm infected is because when I tried to visit my Windows folder (because I was searching for 'SystemApps' folder to disable Cortana) I saw random weird files with...
Every...i mean every anti malware blocked by unknown malware/virus in AntiVirus, Firewalls and System Security
i have looked up this issue and apparently this must be a new one since there is no solution what so ever, even the hidden admin account is defenseless, here is what's going on 1. the PC got infected on windows defenders watch, the infection...
I always have a folder named 'Temp' at my desktop to keep files temporarily, which later I organise and shift at permanent places. Since yesterday, I have noticed that its get deleted(like vanished!) automatically without my knowledge. It once got...
Hi, My laptop had been running extremely slow lately and I get all kinds of pop ups! I am running Windows 10 Home and have an HP laptop. I believe I have a virus or malware. I ran malwarebytes and it found nothing. I also have a hijack this log if...
Malware or Virus? in AntiVirus, Firewalls and System Security
I usually use downmagz.com to download magazines. Today, I went to there to get some mags and when I went to the download page I got a popup that said CableONE has blocked the website. Clicked OK and then a page came up with a blue screen and...

Tags for this Thread

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 21:33.
Find Us