Windows 10: I have contracted a Virus that shows many Ads Solved

Page 8 of 17 FirstFirst ... 678910 ... LastLast
  1.    17 Nov 2015 #71

    For simrick or Borg


    I ran the ESET Scan; here is the Scan Log: This was the first Scan; I did a second Scan, the Scan Log of which is posted below. I forgot to click on Advanced Settings for the first Scan.


    C:\AdwCleaner\Quarantine\C\Program Files\4C4C4544-1447103129-3910-8037-B4C04F434431\rnsxF8A.exe.vir a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\4C4C4544-1447085222-3910-8037-B4C04F434431\rnsuAC01.exe.vir a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
    C:\Windows\Temp\18D0.tmp.exe a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
    C:\Windows\Temp\51A3.tmp.exe a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
    C:\Windows\Temp\992B.tmp.exe a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
    C:\Windows\Temp\9D7C.tmp.exe a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
    C:\Windows\Temp\C9B.tmp.exe a variant of Win32/Adware.ConvertAd.ACT application cleaned by deleting - quarantined
    I was able to get to the "Proxy Settings." The Automatically Detect Settings" is "On." I accessed the Proxy Settings via "start > search > Proxy."
    Last edited by Writer; 17 Nov 2015 at 14:28.
      My ComputerSystem Spec

  2.    17 Nov 2015 #72

    For simrick and Borg


    I did a second Scan with ESET because I forgot to click on the Advanced Settings the first time: Below is the Scam Log:
    There is a check-box at the bottom that asks if you want to "Delete Quarantined Files." Should I check that box?

    C:\AdwCleaner\Quarantine\C\Program Files\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrome.7z.vir a variant of Win32/AlteredSoftware.I potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\shopperz101120150230\Firefox\{02D4CE6A-0CEA-41ED-8B18-6F7B8D215A6E}.xpi.vir Win32/Toolbar.Perion.K potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\shopperz121120151540\Firefox\{AC7CC907-19E6-4F30-847A-E86350766C77}.xpi.vir Win32/Toolbar.Perion.K potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Program Files\Video Tile\Extensions\{0fe2e941-9423-4dc6-a8dd-92a4836ecf34}.xpi.vir JS/BrowseFox.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wrru4scy.default-1412090802549\Extensions\39ffxtbr@MapsGalaxy_39.com\chrome\39ffxtbr.jar.vir JS/Mindspark.A potentially unwanted application deleted - quarantined
    C:\AdwCleaner\Quarantine\C\WINDOWS\system32\drivers\swsedrvr_vt_1_10_0_25.sys.vir a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
    C:\AdwCleaner\Quarantine\C\WINDOWS\system32\drivers\swsedrvr_vw_1_10_0_25.sys.vir a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
    C:\Users\User\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_221.msi a variant of Win32/Verti.P potentially unwanted application deleted - quarantined
    C:\Users\User\AppData\Roaming\Jyxutjdn JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
    C:\Users\User\AppData\Roaming\tmrjkEPblUbCKPY8TD975OiP JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wrru4scy.default-1412090802549\extensions\{0fe2e941-9423-4dc6-a8dd-92a4836ecf34}.xpi JS/BrowseFox.A potentially unwanted application deleted - quarantined
      My ComputerSystem Spec


  3. Posts : 12,186
    W10Prox64
       17 Nov 2015 #73

    Moment please - I have just returned.

    EDIT:
    Based on what I see here, yes - go ahead and delete. Some of it is from ADWCleaner, but that's not a problem. We can always reinstall that if we need it.

    C:\Users\User\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_221.msi a variant of Win32/Verti.P potentially unwanted application deleted - quarantined
    C:\Users\User\AppData\Roaming\Jyxutjdn JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
    C:\Users\User\AppData\Roaming\tmrjkEPblUbCKPY8TD975OiP JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wrru4scy.default-1412090802549\extensions\{0fe2e941-9423-4dc6-a8dd-92a4836ecf34}.xpi JS/BrowseFox.A potentially unwanted application deleted - quarantined
      My ComputerSystem Spec


  4. Posts : 12,186
    W10Prox64
       17 Nov 2015 #74

    I'm pasting the RECAP notes here, to keep things simple - this thread is getting a little long...

    So, to recap,
    DONE-Set another restore point,
    DONE-Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
    Run Malwarebytes Anti-Exploit (see post #17)
    Download and install Malwarebytes Anti-Exploit
    This will help protect your browsers against zero-day attacks.
    Run SuperAntiSpyware ( see post #49)

    (a lot of instructions with pics - I will not paste here.)

    Run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (I'll give you those instructions in the next post).


    Once this is all done:
    Then we'll run SFC /SCANNOW to make sure your operating system files are intact.
    Finally, we will have you install CryptoPrevent to stop these nasties from running in the future.

    We will then set 2 new restore points, calling them CLEAN1 and CLEAN2.
    Then we will install Ccleaner (free version), open the list of existing restore points, and we will delete all old ones, because they contain infection remnants and we don't want to have them available for a restore. We will also have a look at your startups and autoruns, and your installed programs from here.

    Then, I will suggest you put a couple add-ons into Firefox and adjust some settings for safety, and ONLY use Firefox to browse the web, until Edge has extension support (sometime next year).

    Okay?
      My ComputerSystem Spec


  5. Posts : 12,186
    W10Prox64
       17 Nov 2015 #75

    How to run a FULL scan using Malwarebytes Antimalware - a full scan of drive C and not just a threat scan:

    Open MBAM. IN the dashboard, verify your database is current, otherwise click on update.

    Click image for larger version. 

Name:	mbam01.PNG 
Views:	1 
Size:	35.3 KB 
ID:	48853

    Click on Settings tab, and verify as shown below.

    Click image for larger version. 

Name:	mbam02.PNG 
Views:	1 
Size:	51.2 KB 
ID:	48855

    In the Scan tab, click on Custom

    Click image for larger version. 

Name:	mbam03.PNG 
Views:	1 
Size:	49.6 KB 
ID:	48856

    In the Custom Scan Configuration, select all 4 boxes at the left, make sure PUPs and PUMs and "Treat detections as malware". Select all your drives that have been connected to the computer (internal and external) but not DVDs for scanning, and click Start Scan.


    Click image for larger version. 

Name:	mbam04.PNG 
Views:	1 
Size:	48.5 KB 
ID:	48857

    Please upload that log file when finished. You can paste it right in this thread.

    I will be gone again now for another 1-2 hours.
      My ComputerSystem Spec

  6.    17 Nov 2015 #76

    For simrick


    I downloaded the "Malwarebytes Anti-Exploit" software; however, when I click on "Run as Administrator," a window comes up, but nothing happens. A very small tab on the window says "running" in bold with green highlite. At the bottom, there are two tabs: one says "buy now" the other says "activate."

    Below "Running," there are two tabs: one says "Stop Protection" the other says "Close."

    At the very top, it says: Malwarebytes Anti-Exploit Free

    At the top there are six tabs, they read: General - Shields - Logs - Exclusions - Settings - About (General is the Default setting.)

    When I click on "Activate," it asks me to "Register License:" it asks for my license ID and a License Key

    There is no tab to prompt me to begin the Scan.
      My ComputerSystem Spec


  7. Posts : 615
    Windows 10 Enterprise x64 (build 10586)
       17 Nov 2015 #77

    Writer said: View Post
    I downloaded the "Malwarebytes Anti-Exploit" software; however, when I click on "Run as Administrator," a window comes up, but nothing happens. A very small tab on the window says "running" in bold with green highlite. At the bottom, there are two tabs: one says "buy now" the other says "activate."

    Below "Running," there are two tabs: one says "Stop Protection" the other says "Close."

    At the very top, it says: Malwarebytes Anti-Exploit Free

    At the top there are six tabs, they read: General - Shields - Logs - Exclusions - Settings - About (General is the Default setting.)

    When I click on "Activate," it asks me to "Register License:" it asks for my license ID and a License Key

    There is no tab to prompt me to begin the Scan.
    Anti-exploit is not an antivirus. It blocks exploit attacks on internet browsers, plugins, PDF readers, etc.

    Exploits are anything that takes advantage of a security problem in a program (vulnerability) to download viruses onto a computer without the intervention of the user.

    Are you looking for Malwarebytes Anti-Malware?Click image for larger version. 

Name:	antiexploit.png 
Views:	31 
Size:	15.6 KB 
ID:	48864Click image for larger version. 

Name:	antimalware.png 
Views:	1 
Size:	24.9 KB 
ID:	48865
      My ComputerSystem Spec


  8. Posts : 12,186
    W10Prox64
       17 Nov 2015 #78

    Thanks @You.

    We want anti-exploit. There is nothing to run....it stays resident in the background to prevent infection. There is just one setting we need to make to get rid of annoying reminders....I am not at a computer now so that will have to wait until I get back.

    All is fine. Please proceed to the next step.
    Last edited by simrick; 17 Nov 2015 at 16:28.
      My ComputerSystem Spec


  9. Posts : 615
    Windows 10 Enterprise x64 (build 10586)
       17 Nov 2015 #79

    simrick said: View Post
    So true!
    I don't think Adobe would sneak anything that bad into Flash, maybe McAfee Security Scan or Google Chrome. There are plenty of fake installers - just search for Firefox on Bing.

    If you guys can't figure this out (Simrick is already helping you, obviously), don't forget about Dr. Web CureIt!

    (I'm not sure if this has already been suggested) Try HitmanPro 3, too. It is premium software but there is a 30 day trial that still removes malware.

    And last but not least, HerdProtect. (made by Reason Software, who also made the Should I Remove It, Reason Core Security, and Unchecky programs) This program is really interesting. It's a cloud scanner that uploads files and scans them with every antivirus in existence, sorta like Virustotal, Anubis or Jotti. It only performs quick scans, but it should be able to catch what's plaguing you.
      My ComputerSystem Spec


  10. Posts : 615
    Windows 10 Enterprise x64 (build 10586)
       17 Nov 2015 #80

    Just note that the risk of false positives with HerdProtect is very high (that's a problem if your av uses 68 antivirus engines). Just post a list of the detection details here, or a screenshot.

    HerdProtect tries to hide false positives but that could mean that very new viruses which are detected by only 1-2 AVs may not be detected. You may want to disable that option.Click image for larger version. 

Name:	Untitled.gif 
Views:	29 
Size:	120.1 KB 
ID:	48874
      My ComputerSystem Spec


 
Page 8 of 17 FirstFirst ... 678910 ... LastLast

Related Threads
BEST Anti-Virus for Windows 10 Pro ?? in AntiVirus, Firewalls and System Security
I have been using Norton Anti-Virus for 10 years and Norton Security the past 3 years !! I actually bought a 3-User pack on a Super Sale Price (from Norton). My Wife uses on and I have one "unused" !! Since I Upgraded to WINDOWS 10 PRO I find...
Malware or Virus? in AntiVirus, Firewalls and System Security
I usually use downmagz.com to download magazines. Today, I went to there to get some mags and when I went to the download page I got a popup that said CableONE has blocked the website. Clicked OK and then a page came up with a blue screen and...
Solved ?Question about virus behavior. in AntiVirus, Firewalls and System Security
Hi all, story; I got a virus about 6 months ago,,around then,, I had a pro-virus program, and it found virus after virus,after virus,,,,uhh infected files,,, my question is; why didnt the virus program kill the "source of the virus"? was i...
Help with a virus in AntiVirus, Firewalls and System Security
Hi everyone, So here is my issue, I installed some software but it turned out to be a fake version of that software. It installed a ton of bloat and popups and all of that. When ever I uninstalled the software it would reinstall itself and it was a...
VIRUS TOTAL Bookmarked in AntiVirus, Firewalls and System Security
While Miles was helping some one in Eight Forums he made a recommendation for the user to scan a URL with an online scanner. An then it came to me, I should have Virus Total bookmarked. https://virustotalcloud.appspot.com/static/img/logo.png ...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:21.
Find Us