Windows 10: Advice on adware (or malware?)

  1. marcosdipaolo's Avatar
    Posts : 79
    Windows 10 Home 64-bit (10.0, Build 14393) (14393.rs1_release.161220-1747)
       27 Apr 2017 #1

    Advice on adware (or malware?)


    Hi there folks
    My browsers are being hijacked every now and then, suddenly i have the homepages set as e.g. "ourluckysites.com", or something like funnysearch, all my browsers shortcuts suddenly lead me to other weird folders with copies of the browser inside (e.g.today my Google Chrome was sitting inside a folder called "Everness").
    This has been happening for a while and it affects all browsers (firefox, edge and chrome).
    Until now i was using MalwareBytes free trial, MalwareBytes's AdwareCleaner and Zemana's free trial to clean it but t always comes back. It's like I have installed something that is reinstalling the garbage.

    Haven't found a post talking about this sites, any help appreciated.

    thanks folks

    Marcos
      My ComputerSystem Spec

  2.    27 Apr 2017 #2

    This is kind of a simplified guide going from step #2 to the end. https://malwarecomplaints.info/our-lucky-sites-removal/
    SuperAntiSpyware is also a great free program for finding things like Brower hijackers. If You don't have a restore point before the problems started, and cleaning out any "Suspicious" programs, services, and the Temp files doesn't work, You might have to resort to something Stronger like https://www.bleepingcomputer.com/download/rkill/ or the other four programs at the bottom of that page.
      My ComputerSystem Spec

  3. marcosdipaolo's Avatar
    Posts : 79
    Windows 10 Home 64-bit (10.0, Build 14393) (14393.rs1_release.161220-1747)
    Thread Starter
       27 Apr 2017 #3

    Bat 1 said: View Post
    This is kind of a simplified guide going from step #2 to the end. https://malwarecomplaints.info/our-lucky-sites-removal/
    SuperAntiSpyware is also a great free program for finding things like Brower hijackers. If You don't have a restore point before the problems started, and cleaning out any "Suspicious" programs, services, and the Temp files doesn't work, You might have to resort to something Stronger like https://www.bleepingcomputer.com/download/rkill/ or the other four programs at the bottom of that page.
    Unbelievable, after malware bytes, zemana and adware cleaner, SuperAntiSpyware found 605 threats
      My ComputerSystem Spec

  4.    27 Apr 2017 #4

    In a lot of these cases it's an add-on which doesn't get removed it then goes and gets more malware you can reset browser to remove all add-ons which is the best move
      My ComputerSystem Spec

  5.    27 Apr 2017 #5

    marcosdipaolo said: View Post
    Unbelievable, after malware bytes, zemana and adware cleaner, SuperAntiSpyware found 605 threats
    Superantispyware is finding mostly cookies.

    If you still l have problems after following the instructions posted by Bat in post#2, then we may have a rootkit on the system which we'll need to address.
    Let us know.
      My ComputerSystem Spec

  6. TairikuOkami's Avatar
    Posts : 3,333
    10.6 Home 1809 x64
       27 Apr 2017 #6

    Run CMD as admin and copy/paste (it should prevent reinfection by malware):

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f

    Then run this to open HOSTS file:

    notepad c:\windows\system32\drivers\etc\hosts

    It should look like on the picture, if there is anything else bellow, remove it.
    Attached Thumbnails Attached Thumbnails capture_04272017_223155.jpg  
      My ComputerSystem Spec

  7. marcosdipaolo's Avatar
    Posts : 79
    Windows 10 Home 64-bit (10.0, Build 14393) (14393.rs1_release.161220-1747)
    Thread Starter
       27 Apr 2017 #7

    TairikuOkami said: View Post
    Run CMD as admin and copy/paste (it should prevent reinfection by malware):

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
    Hi there, what that command line does?

    My hosts file was actually corrupt (empty), i had to paste the code of the picture to restore it.
      My ComputerSystem Spec

  8. TairikuOkami's Avatar
    Posts : 3,333
    10.6 Home 1809 x64
       27 Apr 2017 #8

    It disables scripting within Windows (not in browsers), which is used to add startup entries, modify files, etc.

    In case, you need it, you will get a message, that WSH is disabled by administrator, then you can enable it.
      My ComputerSystem Spec


 

Related Threads
Hi all, After a serious mess up on my part, I got my old PC up and running again with Windows 10. I had lost internet connectivity for about a day and a half and I believe it was a result of being careless while using a Malware removal tool...
Adware in AntiVirus, Firewalls and System Security
Hello All, I have this "social2search Ads", "Youndoo", & "nusearch" things in my system. I removed them from my Programs list and reset / refreshed all my browsers. Still, these things are not going. What to do? Kindly Help me. It is very...
Persistent immovable popups, adware, malware etc in AntiVirus, Firewalls and System Security
Have use Win 10 successfully since released. two weeks ago I began being besieged by immovable persistent popups. Since then I have scanned HP Pavillion laptop with Norton, PC Cleaner, Reimage and AVG . All of them found and cured faults,...
Adware in AntiVirus, Firewalls and System Security
i m facing serious adware problem. redirecting webpage automatically, opening new browser windows and many more.... tried many things but not helping that much those are coming back again... any permanent or solid solution???
Hi, tenforum people. I am thinking it would be useful to make a list of those Apps that install Adware/Malware and the such and tend to hijack your browser too even if you select Custom Installation and opt out of those "fantastic" offers. This...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 11:34.
Find Us