Windows 10: Virus / Malware

Page 1 of 3 123 LastLast
  1.    3 Weeks Ago #1

    Virus / Malware


    - Windows 10 Pro 64 bit

    About two weeks ago, I would get periodic popups in the form of a new tab in Edge. On the new tab, it said:

    “Congratulations User!
    You have been selected today to receive a FREE iPhone X, PlayStation 4 or Samsung Galaxy S6!
    Please click OK to claim the prize before we giveaway to somebody else!”


    Obviously, this is bad news.

    I searched and found this website:

    Remove scam (Removal Guide) - updated Mar 2018

    It suggested removing recent suspicious programs and clearing out your cache and other stuff from Edge. I did so.

    For about ten days, the malware did not reappear. Today it did reappear once again.

    I have scanned with Norton 360. It says my computer is clean.

    I have run Malwarebytes, and again, it says my computer is clean.

    But I know I have malware that is present.

    This popup occurs at random times. It will suddenly rear its ugly head by announcing over my speakers that I have won something.

    How do I find this thing and get rid of it?
    Last edited by essenbe; 3 Weeks Ago at 16:37.
      My ComputerSystem Spec

  2.    3 Weeks Ago #2

    Here's some follow-up information.

    I ran Norton's Power Eraser (NPE). I found two items: 1) vyprvpnservice.exe and 2) a registry entry. I allowed NPE to delete or fix both. The first item is actually legitimate. It's my Vypr VPN service.

    I went to the website and redownloaded and installed the file. So I have my VPN back again.

    I reran NPE. This time, it only identified the vyprvpnservice.exe. Because that's a false positive, I skipped it. There were no registry entries this time.

    Could a registry entry be responsible for my malware? In other words, has the issue likely been addressed?
      My ComputerSystem Spec

  3.    3 Weeks Ago #3

    Download and Run ADWCleaner then download Malwarebytes Scan with each individually and remove any items it finds. They both should clear out any Browser extensions and other malware. Follow it up with another 360 scan, all though we find Norton to be bloated and not worth the cost as it doesn't keep you safe.
      My ComputerSystem Spec

  4.    3 Weeks Ago #4

    I chatted with Norton on the phone for about a half hour. He was confident that my computer was clean because the Norton Power Eraser (NPE) didn't find anything. He believes that it might be related to some of the Extensions that I am using. Or, it might simply be the websites themselves. I have difficulty with the website idea because I am going to "mainstream" websites when the problem occurs and it is *always* the same popup message that exists on a separate tab.

    Out of an abundance of caution, I removed the following two extensions:
    • Ghostry
    • IP Address and Domain Information


    My other extensions are as follows:
    • Dashlane
    • Office Online
    • Adblock Plus
    • Save to Pocket
    • OneNote Web Clipper


    I followed spunk's advice.

    In addition to some relative innocuous stuff, ADWCleaner cleaned out 9 registry entries. I have a hunch that these might have played a role. The have the form like the following:

    Code:
    HKLM\Software\Classes\CLSID\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\DOMStorage\SuspiciousSite1dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\DOMStorage\wwwSuspiciousSite1dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\EdpDomStorage\SuspiciousSite1dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\EdpDomStorage\wwwSuspiciousSite1dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\DOMStorage\SuspiciousSite2dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\EdpDomStorage\SuspiciousSite2dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\DOMStorage\SuspiciousSite3dotcom
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_xxxxxxxxxxxxx\Xxxxxxxx\001\Internet Explorer\EdpDomStorage\SuspiciousSite3dotcom
    I used "X" to replace various characters that are non-essential. And used "SuspiciousSite1dotcom" rather than placing the actual website.

    I have a hunch that those sites were somehow responsible for supplying the garbage pop-ups.

    I ran Malwarebytes. It indicated that my computer was clean.

    I am running Norton again now using a full scan. So far after 3 million scanned items, it's found five tracking cookies. I suspect it won't find anything. I will wait, though, until it is done.

    I hope that by deleting those registry entries my system is now clean.
      My ComputerSystem Spec

  5.    3 Weeks Ago #5

    Attention Moderator:

    Please go to my first post in this thread and remove the hyperlink to the website. I don't trust that website. I am fearful that the website is designed to catch those wanting to remove these popups. If you to the hyperlinked site and hover over some of the links in the instructions, you will find that they don't go to where you think they should go. So please remove the hyperlink.
      My ComputerSystem Spec


  6. Posts : 509
    Win 10 Home Build 1803, 17133.1,64bit
       3 Weeks Ago #6

    Stecyk said: View Post
    Attention Moderator:

    Please go to my first post in this thread and remove the hyperlink to the website.

    Should be able to do that yourself. Just go to post and edit.
      My ComputerSystem Spec


  7. Posts : 640
    Windows 10 Home x64 Version 1803 (OS Build 17134.112)
       3 Weeks Ago #7

    Stecyk said: View Post
    Attention Moderator:

    Please go to my first post in this thread and remove the hyperlink to the website. I don't trust that website. I am fearful that the website is designed to catch those wanting to remove these popups. If you to the hyperlinked site and hover over some of the links in the instructions, you will find that they don't go to where you think they should go. So please remove the hyperlink.
    You (being the Thread Starter) should be able to go to that post and click "Edit" and remove the link yourself.

    Edit:

    Good luck with your malware.
      My ComputersSystem Spec


  • Posts : 7,365
    10 Home x64 (1803) (10 Pro on 2nd pc)
       3 Weeks Ago #8

    Stecyk said: View Post
    I don't trust that website. I am fearful that the website is designed to catch those wanting to remove these popups...
    That site makes it's money on commission on software sales. See their Disclosure...

    The company works in the affiliation with these companies: Reimage, Plumbytes Software, Malwarebytes, OSHI Limited, iS3, SUPERAntiSpyware, SurfRight B.V., Webroot Inc., BullGuard, ParetoLogic. These companies pay special commissions after users purchase their products thru the site. The main program, which is recommended on the project, is Reimage.
    ...so expect a lot of links to Reimage. The information seems reasonable and well-intentioned, just as long as you avoid the temptations of the regular 'sales pitch' links scattered throughout the articles.
      My ComputersSystem Spec


  • Posts : 10,826
    Windows 10 Pro and Windows 10 Pro Insider
       3 Weeks Ago #9

    Stecyk said: View Post
    Attention Moderator:

    Please go to my first post in this thread and remove the hyperlink to the website. I don't trust that website. I am fearful that the website is designed to catch those wanting to remove these popups. If you to the hyperlinked site and hover over some of the links in the instructions, you will find that they don't go to where you think they should go. So please remove the hyperlink.
    Site unlinked
      My ComputersSystem Spec

  •    3 Weeks Ago #10

    Thank you, Moderator.

    With regard to others suggesting that I should have edited the post myself, I see that I can report, quote, multi-quote, unsubscribe, print, and search. But I don't see the edit function. I must be looking in all the wrong places. Can someone, please, point me to the correct spot to edit for future reference?
      My ComputerSystem Spec


  •  
    Page 1 of 3 123 LastLast

    Related Threads
    Solved [HELP] I think I'm infected with UNKNOWN malware/virus in AntiVirus, Firewalls and System Security
    I have a newly bought laptop, an Acer Aspire E 15. What that lead me to think that I'm infected is because when I tried to visit my Windows folder (because I was searching for 'SystemApps' folder to disable Cortana) I saw random weird files with...
    Every...i mean every anti malware blocked by unknown malware/virus in AntiVirus, Firewalls and System Security
    i have looked up this issue and apparently this must be a new one since there is no solution what so ever, even the hidden admin account is defenseless, here is what's going on 1. the PC got infected on windows defenders watch, the infection...
    I always have a folder named 'Temp' at my desktop to keep files temporarily, which later I organise and shift at permanent places. Since yesterday, I have noticed that its get deleted(like vanished!) automatically without my knowledge. It once got...
    Hi, My laptop had been running extremely slow lately and I get all kinds of pop ups! I am running Windows 10 Home and have an HP laptop. I believe I have a virus or malware. I ran malwarebytes and it found nothing. I also have a hijack this log if...
    Malware or Virus? in AntiVirus, Firewalls and System Security
    I usually use downmagz.com to download magazines. Today, I went to there to get some mags and when I went to the download page I got a popup that said CableONE has blocked the website. Clicked OK and then a page came up with a blue screen and...

    Tags for this Thread

    Our Sites
    Site Links
    About Us
    Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    © Designer Media Ltd
    All times are GMT -5. The time now is 00:54.
    Find Us