If possible, can you post which cleaners you ran & which one deleted the infection so we'll have a reference point down the road should this happen to someone else.
Also, once you have confirmed a clean system, take some time to make a system image. This will be invaluable down the road should your OS be compromised badly or hit with ransomware. Follow the tutorial & keep your images on a external HDD/Flash Drive that is not connected to the computer at all times. Make images on a regular basis. Keep 2 or 3 older ones just in case you inadvertently make one with malware.
System Image - Create in Windows 10 - Windows 10 Forums
A system image is an exact copy of all system disks which can be used to restore your PC to the state it was in at the time the image was made. By default, a system image only includes the drives that Windows requires to run, including Windows 10 itself, your system settings, programs, and files. You may also include any other drive in the image if you wish. When you restore your computer from a system image it is a complete restoration, you cannot choose individual items to restore and all of your current programs, system settings, and files are replaced with the contents of the system image.
OK... the whole malware crap began when my
employer sent a file to me and it showed up
in skype as a long url (instead of the file)
He frequently sends DropBox links so I didn't
really think anything of it.
I copied the link and put it into a browser search
and, when it took me to skype (I'd not been paying
attention to the url), I realized that it was malware.
I thought all was well because I'd not logged into
my skype account... NOT
When I sent a file to another computer, via skype
the same malware link showed up.
is it possible that the malware was IN the LINK?
all three computers ended up with the same
I just finished a scan on the last PC and there
are two additional files that MSERT couldn't/
Plus, these three
Do I use any different tools or different order
to remove these additional malware?
once complete, I will follow the directions for
creating an image of the computers.
IObit installs toolbar w/browser hijacker, adware: PC Talk Forum: Digital Photography ReviewIObit is a chinese product that has been denounced by numerous security firms over their practices in the past, doing things like stealing definitions for malware detection from the malwarebytes databases, promoting rogue system tuneup utilities and more.
Take a look at their "partners" and you'll find that they're promoting some pretty nasty stuff. Here's one article regarding that kind of thing (basically using "scare ware" to increase revenue)
IObit Malware Fighter: An anti-malware program that attempts to install malware Cloudeight InfoAve
Using their uninstaller might not be a good idea, being you don't know what's going to be left behind.
Suggest you uninstall it using Revo uninstaller (Free version) to make sure it gets all of the items out of your PC. Be sure to read the documentation well when using this program & make a back up as you can easily hose your OS if the wrong reg keys are removed.
Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems
Revo Uninstaller Pro - How To
Did you run TDSSKiller & did it find anything?
NoteWhen running TDSSKiller, launch the program, click on the blue text "Change Parameters" & check the box marked "Detect TDLFS File system." Click OK & then run the scan.
It seems your getting reinfected from a source somewhere, if it showed up after sending a certain file to another PC, or the infection showed up after running a certain program/opening a file, then it's possible that file could be housing the malware.
Any files you suspect should be submitted to VirusTotal
VirusTotal - Free Online Virus, Malware and URL Scanner
Note: Maximum file size: 128MBVirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
Meanwhile, there is a program called Norton Power Eraser that uses aggressive scans to try & ferret out deep rooted infections.
Norton Power Eraser | Free Tool | Easily remove scamware that traditional virus scanning canâ€™t detect.
Norton Power Eraser TutorialsNorton Power Eraser uses our most aggressive scanning technology to eliminate threats that traditional virus scanning doesn’t always detect, so you can get your PC back. Because Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal. However, you can always undo the results of a scan. It can also help detect and remove Potentially Unwanted Programs.
Last edited by Borg 386; 12 Aug 2016 at 08:35.
You guys are a wealth of very useful tools and info...
I was oblivious to where iObit came from. I did know
that their software is VERY obtrusive... kept trying to
install more things...
I've used Revo for many years... just used it to uninstall
iObit and will make sure to never install any of their
Currently, Mbar is running on the last computer - the last
one to be cleaned.
I don't believe that I ran TDSSKiller... don't think that
it was on the list? It's now in my arsenal and I will
run it on all 3 computers once this one is cleaned.
Any other recommendations/suggestions?
Yes, I mentioned it in post #6 (TDSSKiller). Go ahead & run that right away after the current scanner finishes. If you have a rootkit that could be one of the reasons the virus keeps returning.
The link you are using my be redirecting you to another site that has malware. Check the link by R clicking & look at the Web Document addy to see if there are any misdirecting insertions. You can read how to spot those here:
How to Recognize a Fake URL | eHow
How to spot a fake link
Here's a TDSSkiller tutorial:
There are a few things to note about TDSSkiller:
- Under options: Tick Loaded modules restarts the machine and loads a Kaspersky monitor - answer yes if prompted on the restart. This option protects the scanner from malware
- Run TDSSKiller twice
The first time accept the default recommendations - it will clean up known malware, but copy potential malware to quarantine (it won't remove the Potential malware). This allows you to send the file(s) to VirusTotal or another service for inspection. If the service finds the file harmful, you should clean it on the 2nd run.
- There is a section on VirusTotal tool which points to another tutorial - you can use that or go directly to the VirusTotal website and upload any suspicious files there.
- You may also accept that TDSSkiller knows what's it's doing and clean all suspicious files, although I can't honestly recommend doing that (I'd rather get a 2nd opinion BEFORE deleting a file).
Once you've completed all malware on-demand scans, run the following to check that system files are intact ... each utiltiy might take soem time to complete. Please report back if any integrity errors are shown on the screen.
Command Prompt (Admin)
Dism /Online /Cleanup-Image /RestoreHealth
The order I usually run the scanners:
- Full scan using the installed AV product
If you use Windows Defender - run it offline
Settings > Update & security > Defender > Offline
- Temp File Cleaner
- Hitman Pro (trial)
- ESET Online Scanner
-> This scan takes a long time, many people replace this step with Emsisoft Emergency Kit
Please post the logs if you require assistance.
Particularly difficult malware might require another offline scanner, such as Avast or Bitdefender, but the above list is normally more than sufficient to declare victory.
The entire scanning process should be run in one session so that malware has less of a chance to re-infect. Depending on the work to be performed (clean up), it could take an entire day. You don't have to sit there and watch it, but you shouldn't use the machine while cleansing it. Run the scan, come back and if it's done, start the next one
fix 3 computers at the same time... and, didn't pay
attention to the scan results.
It took 4 days to scan my main PC - 1 TB internal
drive and 3 TB external drive ;( and I didin't use
it the whole time.. YUCK!
After they were all done, I ran msert on quick scan
to see if it found anything else... I think/hope/believe
that all 3 computers are now clean..
I am making system backup files of all right now.
I have the scan results if those would be of value?
thank you with all my heart for your very complete
and generous assistance.
I had asked if it's possible that a link
contains a virus... would anyone know?
I run a live skype support room. More
and more frequently, when people
try to send files to me - or any link
for that matter, it shows up as the
malware link. (I no longer download
anything that is sent to me)
I have not touched it again...
and, I don't know whether the
link is being transformed to malware
because of something on my computer
or a virus on their computer?
I took a screenshot of the malware
link and uploaded it to prnt.sc... here's
the link to that screenshot:
Thank you again