1.    27 Apr 2017 #1
    Join Date : Jun 2015
    Posts : 79
    Windows 10 Home 64-bit (10.0, Build 14393) (14393.rs1_release.161220-1747)

    Advice on adware (or malware?)


    Hi there folks
    My browsers are being hijacked every now and then, suddenly i have the homepages set as e.g. "ourluckysites.com", or something like funnysearch, all my browsers shortcuts suddenly lead me to other weird folders with copies of the browser inside (e.g.today my Google Chrome was sitting inside a folder called "Everness").
    This has been happening for a while and it affects all browsers (firefox, edge and chrome).
    Until now i was using MalwareBytes free trial, MalwareBytes's AdwareCleaner and Zemana's free trial to clean it but t always comes back. It's like I have installed something that is reinstalling the garbage.

    Haven't found a post talking about this sites, any help appreciated.

    thanks folks

    Marcos
      My ComputerSystem Spec
  2.    27 Apr 2017 #2
    Join Date : Jun 2016
    Posts : 79
    8.1

    This is kind of a simplified guide going from step #2 to the end. https://malwarecomplaints.info/our-lucky-sites-removal/
    SuperAntiSpyware is also a great free program for finding things like Brower hijackers. If You don't have a restore point before the problems started, and cleaning out any "Suspicious" programs, services, and the Temp files doesn't work, You might have to resort to something Stronger like https://www.bleepingcomputer.com/download/rkill/ or the other four programs at the bottom of that page.
      My ComputerSystem Spec
  3.    27 Apr 2017 #3
    Join Date : Jun 2015
    Posts : 79
    Windows 10 Home 64-bit (10.0, Build 14393) (14393.rs1_release.161220-1747)
    Thread Starter

    Quote Originally Posted by Bat 1 View Post
    This is kind of a simplified guide going from step #2 to the end. https://malwarecomplaints.info/our-lucky-sites-removal/
    SuperAntiSpyware is also a great free program for finding things like Brower hijackers. If You don't have a restore point before the problems started, and cleaning out any "Suspicious" programs, services, and the Temp files doesn't work, You might have to resort to something Stronger like https://www.bleepingcomputer.com/download/rkill/ or the other four programs at the bottom of that page.
    Unbelievable, after malware bytes, zemana and adware cleaner, SuperAntiSpyware found 605 threats
      My ComputerSystem Spec
  4.    27 Apr 2017 #4
    Join Date : Jul 2016
    Crewe Cheshire
    Posts : 1,451
    windows 10

    In a lot of these cases it's an add-on which doesn't get removed it then goes and gets more malware you can reset browser to remove all add-ons which is the best move
      My ComputerSystem Spec
  5.    27 Apr 2017 #5
    Join Date : Apr 2015
    Posts : 12,819
    W10Prox64

    Quote Originally Posted by marcosdipaolo View Post
    Unbelievable, after malware bytes, zemana and adware cleaner, SuperAntiSpyware found 605 threats
    Superantispyware is finding mostly cookies.

    If you still l have problems after following the instructions posted by Bat in post#2, then we may have a rootkit on the system which we'll need to address.
    Let us know.
      My ComputerSystem Spec
  6.    27 Apr 2017 #6
    Join Date : Oct 2014
    Trnava
    Posts : 2,857
    Windows 10.4 Home 1709 x64

    Run CMD as admin and copy/paste (it should prevent reinfection by malware):

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f

    Then run this to open HOSTS file:

    notepad c:\windows\system32\drivers\etc\hosts

    It should look like on the picture, if there is anything else bellow, remove it.
    Attached Thumbnails Attached Thumbnails capture_04272017_223155.jpg  
      My ComputerSystem Spec
  7.    27 Apr 2017 #7
    Join Date : Jun 2015
    Posts : 79
    Windows 10 Home 64-bit (10.0, Build 14393) (14393.rs1_release.161220-1747)
    Thread Starter

    Quote Originally Posted by TairikuOkami View Post
    Run CMD as admin and copy/paste (it should prevent reinfection by malware):

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    Hi there, what that command line does?

    My hosts file was actually corrupt (empty), i had to paste the code of the picture to restore it.
      My ComputerSystem Spec
  8.    27 Apr 2017 #8
    Join Date : Oct 2014
    Trnava
    Posts : 2,857
    Windows 10.4 Home 1709 x64

    It disables scripting within Windows (not in browsers), which is used to add startup entries, modify files, etc.

    In case, you need it, you will get a message, that WSH is disabled by administrator, then you can enable it.
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Need Windows Maintenance advice - Malware removal, etc
Hi all, After a serious mess up on my part, I got my old PC up and running again with Windows 10. I had lost internet connectivity for about a day and a half and I believe it was a result of being careless while using a Malware removal tool...
Performance & Maintenance
Adware
Hello All, I have this "social2search Ads", "Youndoo", & "nusearch" things in my system. I removed them from my Programs list and reset / refreshed all my browsers. Still, these things are not going. What to do? Kindly Help me. It is very...
AntiVirus, Firewalls and System Security
Persistent immovable popups, adware, malware etc
Have use Win 10 successfully since released. two weeks ago I began being besieged by immovable persistent popups. Since then I have scanned HP Pavillion laptop with Norton, PC Cleaner, Reimage and AVG . All of them found and cured faults,...
AntiVirus, Firewalls and System Security
Adware
i m facing serious adware problem. redirecting webpage automatically, opening new browser windows and many more.... tried many things but not helping that much those are coming back again... any permanent or solid solution???
AntiVirus, Firewalls and System Security
List of Apps that install Adware/Malware/PUPS behind your back
Hi, tenforum people. I am thinking it would be useful to make a list of those Apps that install Adware/Malware and the such and tend to hijack your browser too even if you select Custom Installation and opt out of those "fantastic" offers. This...
Software and Apps
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 03:52.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums