Windows 10: I have contracted a Virus that shows many Ads Solved

Page 6 of 17 FirstFirst ... 4567816 ... LastLast
  1.    16 Nov 2015 #51

    mrpumpkin said: View Post
    I do not wish to derail the thread, but what "Adobe" was downloaded? Was it Flash, or Acrobat?
    I suspect it was not an authentic Adobe download.
      My System SpecsSystem Spec

  2.    16 Nov 2015 #52

    For simrick


    I'm sure that I did not do ESET properly. I'll do it again tomorrow. I'll uninstall it or delete it from my downloads and download it again; this time I won't choose between "Purchase" and "30-day Free Trial."

    I went to Edge > three dots > Settings > View Advanced Settings but I couldn't find an option called "Open Proxy Settings." Is it hidden under one of the other options?

    I did not use FireFox to go to the ESET Online Scanner, but I'll be sure to do that tomorrow.

    I'll also create the new System Restore Point that you suggest tomorrow. This sounds as though it will take some time.

    I'm going to call it a day for now; it's approaching 11 pm here in Florida, and I've had a long day.

    If you're not on Microsoft's payroll, I think you should be. Thanks again for all you help.
      My System SpecsSystem Spec

  3.    16 Nov 2015 #53

    simrick said: View Post
    I suspect it was not an authentic Adobe download.
    Yeah, but was the lure. I'm curious, and it helps others to be aware.
      My System SpecsSystem Spec

  4.    16 Nov 2015 #54

    Writer said: View Post
    Two Victories!

    I just did a "Restart" and now, when I click on Edge, www-searching.com does not appear!

    Also, I was able to "uninstall" "NowUSeeIt Player."

    I'll download FireFox first and then run the ESET Scan.
    HURRAH! NOW we're talking! I think, based on this news, we may be able to skip resetting the Edge browser. Let's leave that for now.

    Writer said: View Post
    I'm sure that I did not do ESET properly. I'll do it again tomorrow. I'll uninstall it or delete it from my downloads and download it again; this time I won't choose between "Purchase" and "30-day Free Trial."
    It's a bit tricky at the end. I will try to post some screen shots for you to follow tomorrow.

    Writer said: View Post
    I went to Edge > three dots > Settings > View Advanced Settings but I couldn't find an option called "Open Proxy Settings." Is it hidden under one of the other options?
    Click image for larger version. 

Name:	edge-settings01.PNG 
Views:	1 
Size:	107.4 KB 
ID:	48694


    Click image for larger version. 

Name:	edge-settings02.PNG 
Views:	1 
Size:	110.8 KB 
ID:	48695


    Click image for larger version. 

Name:	edge-settings03.PNG 
Views:	1 
Size:	113.6 KB 
ID:	48696

    Click image for larger version. 

Name:	edge-proxy-settings.PNG 
Views:	35 
Size:	40.1 KB 
ID:	48697



    Writer said: View Post
    I did not use FireFox to go to the ESET Online Scanner, but I'll be sure to do that tomorrow.

    I'll also create the new System Restore Point that you suggest tomorrow. This sounds as though it will take some time.

    I'm going to call it a day for now; it's approaching 11 pm here in Florida, and I've had a long day.

    If you're not on Microsoft's payroll, I think you should be. Thanks again for all you help.
    Yes, tomorrow is fine.

    So, to recap,
    Set another restore point,
    Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
    Run Malwarebytes Anti-Exploit (see post #17)
    Run SuperAntiSpyware
    Run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (I'll give you those instructions tomorrow).
    Then we'll run SFC /SCANNOW to make sure your operating system files are intact.
    Finally, we will have you install CryptoPrevent to stop these nasties from running in the future.

    We will then set 2 new restore points, calling them CLEAN1 and CLEAN2.
    Then we will install Ccleaner (free version), open the list of existing restore points, and we will delete all old ones, because they contain infection remnants and we don't want to have them available for a restore.

    Then, I will suggest you put an add-on in Firefox and adjust some settings for safety, and ONLY use Firefox to browse the web, until Edge has extension support (sometime next year).

    Good night!
    Last edited by simrick; 17 Nov 2015 at 08:43.
      My System SpecsSystem Spec

  5.    17 Nov 2015 #55

    mrpumpkin said: View Post
    Yeah, but was the lure. I'm curious, and it helps others to be aware.
    I often see "Your flash is out of date click here to install", don't do it...


    @Writer, did you get your Windows Defender running again? It was mentioned earlier in this thread that it had been disabled, wasn't sure if it was fixed. Sorry if you and @simrick have covered this already...
      My System SpecsSystem Spec

  6.    17 Nov 2015 #56

    @Writer
    Instructions for running ESET in Firefox and grabbing the info:
    (I have to do this in several posts, as there is a limit to attachments in each one.)

    Click image for larger version. 

Name:	eset01.PNG 
Views:	2 
Size:	225.5 KB 
ID:	48764


    Click image for larger version. 

Name:	eset02.PNG 
Views:	31 
Size:	23.9 KB 
ID:	48765

    Click image for larger version. 

Name:	eset03.PNG 
Views:	31 
Size:	41.9 KB 
ID:	48766

    Click image for larger version. 

Name:	eset04.PNG 
Views:	31 
Size:	28.7 KB 
ID:	48767

    Click image for larger version. 

Name:	eset05.PNG 
Views:	1 
Size:	128.0 KB 
ID:	48768

    Click image for larger version. 

Name:	eset06.PNG 
Views:	1 
Size:	93.3 KB 
ID:	48769
      My System SpecsSystem Spec

  7.    17 Nov 2015 #57

    ESET Part 2

    Click image for larger version. 

Name:	eset07.PNG 
Views:	30 
Size:	15.4 KB 
ID:	48770

    Click image for larger version. 

Name:	eset07a.PNG 
Views:	30 
Size:	20.3 KB 
ID:	48771


    You may also want to scan archives. I don't show that checked here.
    Be sure to check all external drives to be scanned as well, if they were connected to the computer at any time when it was infected. DVD is not scanned.

    Click image for larger version. 

Name:	eset08.PNG 
Views:	1 
Size:	125.5 KB 
ID:	48772


    Click image for larger version. 

Name:	eset09.PNG 
Views:	30 
Size:	21.2 KB 
ID:	48773

    Click image for larger version. 

Name:	eset10.PNG 
Views:	30 
Size:	19.5 KB 
ID:	48774

    Click list of found threats. Select Export to text file or copy to clipboard.

    Click image for larger version. 

Name:	eset11.PNG 
Views:	30 
Size:	21.6 KB 
ID:	48775


    Click image for larger version. 

Name:	eset12.PNG 
Views:	30 
Size:	21.4 KB 
ID:	48776

    Click image for larger version. 

Name:	eset13.PNG 
Views:	30 
Size:	25.3 KB 
ID:	48777

    Click Back. Select Manage Quarantine. This is where you restore any false positives. You don't have to worry about that..

    Click image for larger version. 

Name:	eset14.PNG 
Views:	30 
Size:	19.2 KB 
ID:	48778

    Don't restore anything on your system!

    Click image for larger version. 

Name:	eset15.PNG 
Views:	30 
Size:	29.2 KB 
ID:	48779

    Click Back.

    Click image for larger version. 

Name:	eset16.PNG 
Views:	30 
Size:	28.2 KB 
ID:	48780

    Click Finish. Your computer has been cleaned. Now the BUY or Trial box shows. You can just close that.

    Click image for larger version. 

Name:	eset17.PNG 
Views:	30 
Size:	52.6 KB 
ID:	48781
      My System SpecsSystem Spec

  8.    17 Nov 2015 #58

    lx07 said: View Post
    I often see "Your flash is out of date click here to install", don't do it...


    @Writer, did you get your Windows Defender running again? It was mentioned earlier in this thread that it had been disabled, wasn't sure if it was fixed. Sorry if you and @simrick have covered this already...
    Since he took the free trial of ESET, I'm sure Defender will be disabled, but legitimately this time.
      My System SpecsSystem Spec

  9.    17 Nov 2015 #59

    simrick said: View Post
    Since he took the free trial of ESET, I'm sure Defender will be disabled, but legitimately this time.
    Cool
      My System SpecsSystem Spec

  10.    17 Nov 2015 #60

    I just got started at about 9:30 am
    Thanks for all of the new Information.

    I created another System Restore Point: "11-17-2015 Tuesday"

    Concerning lx07's query about Defender: I just checked, and it says the same as yesterday: "This app is turned off by Group Policy." So, I don't know if it is still incapacitated from the virus. Thanks for the question, @lx07.

    When I booted up this morning, the following message appeared: I don't know it's significance:
    Run DLL
    There was a problem starting C:\users\AppData\Local\PluginBus\xBin\PluginBus.dll
    The specified module could not be found.
    Concerning my not finding "Open Proxy Settings": I looked again, and this option is not there. You show it as being just above "Privacy and Services." On mine, just above "Privacy and Services" is "Always use caret browsing." However, as you write, we may not need to reset Edge since www-searching.com is now gone.

    I'll download ESET now and run the Scan. I don't know if I can use the computer for other matters when the Scan is running, so I'll probably be occupied with the Scan for at least an hour.

    Malwarebytes did an automatic Scan this morning at 9:09 am; here is the Scan Log:
    One file was removed: PUP.Optional.CrossRider

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 11/17/2015
    Scan Time: 9:09 AM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.11.17.03
    Rootkit Database: v2015.11.14.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x86
    File System: NTFS
    User: User

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 354818
    Time Elapsed: 30 min, 35 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.CrossRider, HKU\S-1-5-21-4156195948-2828175874-2147720042-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9563BC59-9556-4805-8CD4-886781779D8D}, Quarantined, [e037b1ce8dfe5cdaccd10ec936cdb947],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
      My System SpecsSystem Spec


 
Page 6 of 17 FirstFirst ... 4567816 ... LastLast

Related Threads
BEST Anti-Virus for Windows 10 Pro ?? in AntiVirus, Firewalls and System Security
I have been using Norton Anti-Virus for 10 years and Norton Security the past 3 years !! I actually bought a 3-User pack on a Super Sale Price (from Norton). My Wife uses on and I have one "unused" !! Since I Upgraded to WINDOWS 10 PRO I find...
Malware or Virus? in AntiVirus, Firewalls and System Security
I usually use downmagz.com to download magazines. Today, I went to there to get some mags and when I went to the download page I got a popup that said CableONE has blocked the website. Clicked OK and then a page came up with a blue screen and...
Solved ?Question about virus behavior. in AntiVirus, Firewalls and System Security
Hi all, story; I got a virus about 6 months ago,,around then,, I had a pro-virus program, and it found virus after virus,after virus,,,,uhh infected files,,, my question is; why didnt the virus program kill the "source of the virus"? was i...
Help with a virus in AntiVirus, Firewalls and System Security
Hi everyone, So here is my issue, I installed some software but it turned out to be a fake version of that software. It installed a ton of bloat and popups and all of that. When ever I uninstalled the software it would reinstall itself and it was a...
VIRUS TOTAL Bookmarked in AntiVirus, Firewalls and System Security
While Miles was helping some one in Eight Forums he made a recommendation for the user to scan a URL with an online scanner. An then it came to me, I should have Virus Total bookmarked. https://virustotalcloud.appspot.com/static/img/logo.png ...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:46.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums