Windows 10: I have contracted a Virus that shows many Ads Solved

Page 2 of 17 FirstFirst 123412 ... LastLast
  1.    15 Nov 2015 #11

    For topgundcp


    All of this is quite new to me. Please remember that I am a rookie. Having said that, let me say that I found the "File Explorer Option" by clicking on "Start" then "Search" and searching for "Show hidden files." I found the listing: "Hide Protected Operating System Files."

    Now, at this point, I can guess that "HD" stands for "Hard Disk," but I don't know that for sure. Additionally, I don't know what a root folder is or where to find it. If there is an "autorun.inf," what does this mean?

    I appreciate your help, and I am definitely learning a lot, but please understand that you are "light-years" ahead of me.
      My ComputerSystem Spec


  2. Posts : 12,186
    W10Prox64
       15 Nov 2015 #12

    @Writer
    You might want to download and run RKILL.
    This program scans your system and kills suspect processes so you can use your computer. Everything it does is undone by a reboot. Once the scan is finished, it puts a text file on your desktop. Please upload that file here and we'll have a look at it.

    It's quite possible that Edge will have to be reset. Other browsers reset very easily, but Edge is a different story.

    Try Edge Settings>Advanced Settings>Open Proxy Settings and see if there is anything in there. If so, get rid of it.

    Click image for larger version. 

Name:	edge-proxy-settings.PNG 
Views:	3 
Size:	40.1 KB 
ID:	48441


    Writer said: View Post
    Here is a list of the lingering items:

    1/ A window named "Healer Console" appears in the lower right "notification" corner. However, when I cancel it, it doesn't come back. This window only shows up with Microsoft Edge, but, again, when I click on Microsoft Edge, www-searching.com opens up as the browser. With Internet Explorer the "Healer Console" ad does not show up.
    Please check your installed programs and see if it is listed. If so, please try uninstalling from there.

    Writer said: View Post
    2/ The Microsoft Edge browser shows as www-searching.com. It didn't do this prior to the infection.
    Check for proxys, as I show above.

    Writer said: View Post
    3/ The software "NowUSeeIt Player" cannot be deleted. A message comes up that reads: "Do you want this app to update software on your PC?" Whatever you click on: yes or no, nothing happens. The program name for this software is: 221a3c.msi
    Again, please check your installed programs and see if it is listed. If so, please try uninstalling from there.

    Writer said: View Post
    4/ An ad for "PC Speedup Pro Repair," which seems to be connected to the www-searching.com browser, opens up unsolicited; however, not when I use Internet Explorer.
    Here as well, please check your installed programs and see if it is listed. If so, please try uninstalling from there.

    Writer said: View Post
    Question: Does the ADW Cleaner software remain on the computer? I see that the Malwarebytes does remain with an icon on the Desktop.
    ADWCleaner does not "install" per se, it merely stays there, unless you delete it. Malwarebytes, OTOH, does install.

    Writer said: View Post
    Thanks for the tips. Unfortunately, I did not set any "System Restore Points" at all. For previous editions of Windows, one did not have to set (or have the computer set) Restore Points; after a virus infection, you could set a date back to which you wanted to restore your system. I'll have to make sure that I set regular Restore Points for the future - or have Windows 10 do it automatically.
    Unfortunately, MS turn off system restore every time a major update comes through. IMO, whoever made that decision ought to be fired.

    Writer said: View Post
    All of this is quite new to me. Please remember that I am a rookie. Having said that, let me say that I found the "File Explorer Option" by clicking on "Start" then "Search" and searching for "Show hidden files." I found the listing: "Hide Protected Operating System Files."

    Now, at this point, I can guess that "HD" stands for "Hard Disk," but I don't know that for sure. Additionally, I don't know what a root folder is or where to find it. If there is an "autorun.inf," what does this mean?

    I appreciate your help, and I am definitely learning a lot, but please understand that you are "light-years" ahead of me.
    HD or HDD = Hard Drive
    System root = C:\ (usually "C:" - the root of the drive your operating system is installed on) If your OS (Operating System) is installed on the D drive, then your system root would be D:\.
    autorun.inf would be the name of a file that runs automatically, found in your system root, where one would not belong normally.

    Open up a different browser like Firefox or Internet Explorer, and run an ESET Online Scan:
    Click on the green button to download the installer.
    Save the file (the example is using Firefox).
    Now, run the file.
    (I will post more screenshots in the next message.)
    Attached Thumbnails Attached Thumbnails eset01.PNG   eset03.PNG   eset05.PNG  
    Last edited by simrick; 15 Nov 2015 at 22:20.
      My ComputerSystem Spec

  3.    15 Nov 2015 #13

    For simrick


    Wow! I just noticed that you added a lot of information to your original post. Thank you very much. I have been working on this for several hours today, and my eyes are getting bleary. I'll follow up on your suggestions tomorrow.

    Let me just say that "Healer Console" has stopped popping up. The software "NowUSeeIt Player" is listed with my programs, but it will not uninstall. When I try uninstalling it, the following message comes up: "Do you want this app to update software on your computer?" No matter if you answer "Yes" or "No" it does not uninstall.

    I have run ADWCleaner and Malwarebytes Antimalware, and almost everything has returned to normal. One matter, which appears to be minor, is that when I open Microsoft Edge, www-searching.com comes up as the browser. Along with www-searching.com there is an ad in the middle of the page for Reimage Repair. When I click on "NO," a full-screen ad opens up offering a Download for Windows 10. When I delete it, it asks me "if I am sure I want to leave this page?" After I click on "Yes," the full-screen ad disappears and doesn't come back. But it reappears every time I open up Edge.

    This is the only small problem that remains from an invasion of ads after my computer was infected.

    As you suggest, I might have to "reset" Edge. In that regard, could you explain to me how you arrive at the "Screen Shot" that you have in your post? The one for "Edge Settings." I haven't been able to find it.

    I'll try to find it again tomorrow, Monday, November 16.

    Thanks again for your input. Thanks also for explaining the points that I didn't understand from "topgundcp's" post.
      My ComputerSystem Spec


  4. Posts : 12,186
    W10Prox64
       15 Nov 2015 #14

    Accept the terms and click START

    Click image for larger version. 

Name:	eset06.PNG 
Views:	4 
Size:	93.3 KB 
ID:	48457

    Let it download the necessary files

    Click image for larger version. 

Name:	eset07.PNG 
Views:	60 
Size:	15.4 KB 
ID:	48458

    Now, make some modifications to the default scan:
    Click on Show Advanced Options and select the following:

    Click image for larger version. 

Name:	eset08.PNG 
Views:	4 
Size:	125.5 KB 
ID:	48459

    For Current Scan Targets, select Change
    Select all drives connected to your computer (NOT a DVD drive, of course).

    Let the scan run. Delete everything it flags as a problem.
      My ComputerSystem Spec

  5.    15 Nov 2015 #15

    For simrick


    Please refer to my previous post where I have added some material.

    I'll address all of your suggestions tomorrow.

    Thanks again.
      My ComputerSystem Spec


  6. Posts : 12,186
    W10Prox64
       15 Nov 2015 #16

    Writer said: View Post
    Wow! I just noticed that you added a lot of information to your original post. Thank you very much. I have been working on this for several hours today, and my eyes are getting bleary. I'll follow up on your suggestions tomorrow.
    Yes, sorry about that. I understand your pain. I do this for quite a lot of people all the time, so I am very familiar with the "bleary eyes"!

    Writer said: View Post
    Let me just say that "Healer Console" has stopped popping up. The software "NowUSeeIt Player" is listed with my programs, but it will not uninstall. When I try uninstalling it, the following message comes up: "Do you want this app to update software on your computer?" No matter if you answer "Yes" or "No" it does not uninstall.
    Not good. I will do some more research on this.

    Writer said: View Post
    I have run ADWCleaner and Malwarebytes Antimalware, and almost everything has returned to normal. One matter, which appears to be minor, is that when I open Microsoft Edge, www-searching.com comes up as the browser. Along with www-searching.com there is an ad in the middle of the page for Reimage Repair. When I click on "NO," a full-screen ad opens up offering a Download for Windows 10. When I delete it, it asks me "if I am sure I want to leave this page?" After I click on "Yes," the full-screen ad disappears and doesn't come back. But it reappears every time I open up Edge.

    This is the only small problem that remains from an invasion of ads after my computer was infected.
    The fact that this has been going on for a week has got me concerned. The www-searching.com is hijackware/spyware that has the possibility to download additional malware in the background.

    Writer said: View Post
    As you suggest, I might have to "reset" Edge. In that regard, could you explain to me how you arrive at the "Screen Shot" that you have in your post? The one for "Edge Settings." I haven't been able to find it.

    I'll try to find it again tomorrow, Monday, November 16.
    The method to arrive at the proxy settings for Edge are shown below. However, that is not resetting the browser. But, please check the proxy settings first. I will need the log file from you from running RKILL, so please do that before you do anything else.

    Writer said: View Post
    Thanks again for your input. Thanks also for explaining the points that I didn't understand from "topgundcp's" post.
    No problem. Here is the method for getting to the proxy settings in Edge:

    click on the 3 dots, then click on Settings

    Click image for larger version. 

Name:	edge-settings01.PNG 
Views:	3 
Size:	107.4 KB 
ID:	48463

    Scroll down and select Advanced Settings

    Click image for larger version. 

Name:	edge-settings02.PNG 
Views:	3 
Size:	110.8 KB 
ID:	48464

    Then click on Open proxy settings

    Click image for larger version. 

Name:	edge-settings03.PNG 
Views:	3 
Size:	113.6 KB 
ID:	48465
      My ComputerSystem Spec


  7. Posts : 12,186
    W10Prox64
       15 Nov 2015 #17

    Writer said: View Post
    Please refer to my previous post where I have added some material.

    I'll address all of your suggestions tomorrow.

    Thanks again.
    Okay I have found some information on a similar problem - Playthru Player.
    We will be using much of the same procedure as they did here, at Bleeping Computer.
    Let me say, here is exactly what I want you to do tomorrow:

    Create a restore point - name it BEGIN CLEANING

    1. Download and run RKILL; post the text file here. Do not reboot.

    2. Download and run TDSSKiller (exe version); post the results here.
    Here are the instructions from BC:

    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.


    If the program wants you to reboot, you may do so, but you will have to run RKILL again before you proceed.

    3. Run ADWCleaner again.
    Here are the instructions from BC:

    Double click on AdwCleaner.exe to run the tool again.
    • The tool will start to update the database, please wait a bit.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
      Click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    If the program wants you to reboot, you may do so, but you will have to run RKILL again before you proceed.

    4. Run Junkware Removal Tool
    Here are instructions from BC:

    • Shut down your [anti-virus] protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    If the program wants you to reboot, you may do so, but you will have to run RKILL again before you proceed.

    5. Run the ESET Online Scan as per above posts. Also shut down your anti-virus when running this.
    Delete everything it finds.

    If the program wants you to reboot, you may do so, but you will have to run RKILL again before you proceed.

    6. Set another restore point - name it "Prepare to reset browsers"

    7. Please then reset all your browsers.

    Chrome
    Firefox
    Internet Explorer Select Delete Personal Settings as well
    Edge - (quite complicated-take your time with this one)

    8. Verify in Installed Programs that the NowUSeeIt Player is no longer installed.

    9. Download and install Malwarebytes Anti-Exploit
    This will help protect your browsers against zero-day attacks.

    10. post all your reports

    Let us know how it goes. We will await your uploaded reports.

    EDIT: After reading your reports, if it is clear that we have removed everything completely, I may recommend you install a program called CryptoPrevent, to protect your AppData directory, which is where most of these nasties hide their executables. But, we have to be sure your AppData directory is completely clean, as the program will whitelist everything existing there on the first run, and we don't want it whitelisting anything malicious.
    Last edited by simrick; 16 Nov 2015 at 14:52.
      My ComputerSystem Spec


  8. Posts : 615
    Windows 10 Enterprise x64 (build 10586)
       15 Nov 2015 #18

    This question is a little dumb - have you reset your homepage on Edge? I am asking because a lot of times, Malwarebytes, etc. will remove a virus that changes your homepage to a malicious website if you try to set it to what you want it to be, but the homepage is never reset by the anti-malware program.

    Oh, and if you can't find anything using ESET, RKill, etc., check out Dr. Web CureIt. It's another free antimalware program.
      My ComputerSystem Spec


  9. Posts : 12,186
    W10Prox64
       16 Nov 2015 #19

    You said: View Post
    This question is a little dumb - have you reset your homepage on Edge? I am asking because a lot of times, Malwarebytes, etc. will remove a virus that changes your homepage to a malicious website if you try to set it to what you want it to be, but the homepage is never reset by the anti-malware program.

    Oh, and if you can't find anything using ESET, RKill, etc., check out Dr. Web CureIt. It's another free antimalware program.
    Yes, but he still has an infection:
    The software "NowUSeeIt Player" is listed with my programs, but it will not uninstall. When I try uninstalling it, the following message comes up: "Do you want this app to update software on your computer?" No matter if you answer "Yes" or "No" it does not uninstall.
      My ComputerSystem Spec

  10.    16 Nov 2015 #20

    To the OP:

    Check out both ZHPCleaner and RogueKiller too alongside the aforementioned AdwCleaner and MBAM.
      My ComputerSystem Spec


 
Page 2 of 17 FirstFirst 123412 ... LastLast

Related Threads
BEST Anti-Virus for Windows 10 Pro ?? in AntiVirus, Firewalls and System Security
I have been using Norton Anti-Virus for 10 years and Norton Security the past 3 years !! I actually bought a 3-User pack on a Super Sale Price (from Norton). My Wife uses on and I have one "unused" !! Since I Upgraded to WINDOWS 10 PRO I find...
Malware or Virus? in AntiVirus, Firewalls and System Security
I usually use downmagz.com to download magazines. Today, I went to there to get some mags and when I went to the download page I got a popup that said CableONE has blocked the website. Clicked OK and then a page came up with a blue screen and...
Solved ?Question about virus behavior. in AntiVirus, Firewalls and System Security
Hi all, story; I got a virus about 6 months ago,,around then,, I had a pro-virus program, and it found virus after virus,after virus,,,,uhh infected files,,, my question is; why didnt the virus program kill the "source of the virus"? was i...
Help with a virus in AntiVirus, Firewalls and System Security
Hi everyone, So here is my issue, I installed some software but it turned out to be a fake version of that software. It installed a ton of bloat and popups and all of that. When ever I uninstalled the software it would reinstall itself and it was a...
VIRUS TOTAL Bookmarked in AntiVirus, Firewalls and System Security
While Miles was helping some one in Eight Forums he made a recommendation for the user to scan a URL with an online scanner. An then it came to me, I should have Virus Total bookmarked. https://virustotalcloud.appspot.com/static/img/logo.png ...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:21.
Find Us