Jump to content

Recommended Posts

Hi,


 


I'm currently having a serious malware issue with my computer and mobile phone. When I open certain pages (including forums and those associated with malware removal) I am getting re-directs to websites, some of which are malicious and blocked by Malwarebytes; shopping assistant ads and pop-ups by Cloudscout and DNSUnlocker; and in occasional cases my entire Chrome browser is overtaken by ransomware, accompanied by annoying noises and the inability to close pages or click on anything until I go into Task Manager and end the entire process.


 


I have taken many steps to try to fix these problems, with no lasting success. This has included performing factory reset on my phone four times and a full factory reset on my computer, performed in a store. Since then, the malware has come back onto my phone and computer again, despite having not connected them to each other. I have narrowed it down to two possibilities:


 



  1. That my external hard drive (which I use every day) and SD cards are infected. I have performed Kaspersky anti-virus and Zemana malware checks on each and they have come up with nothing. My phone is still suffering from re-directs and adware despite not being connected to any of the external drives.




  1. That my google account is infected. This makes more sense because it's the common theme through both my devices. I have reset my Google Sync, tried to use Chrome Cleanup (with nothing coming up), checked for malicious apps and reset all my Chrome settings to default. So far it's all come up with nothing.



 


In the last few days I've downloaded Malwarebytes, and done a few checks of my system. When I did one five minutes ago there were no threats found, however Malwarebytes has been periodically blocking suspicious websites from re-directing while I've been searching the forums for a solution. I've also downloaded several other programs, including Adwcleaner, Zemana AntiMalware, Hitman Pro, Emisoft Emergency Kit, Junkware Removal Tool, Rkill, RogueKiller, TDSSKiller and I have a paid copy of Kaspersky Anti-Virus. I downloaded DDS but it didn't work, so I got Defogger, FRST 64 and SecurityCheck and I can print a new log of those when required.


 


I have read through and tried to follow the instructions given to other members, but so far the malware infection is still there


 


I would love to know where this thing is coming from and how to get rid of it. I am open to the idea of making a brand-new google account and email address if I have to, but I cannot format my portable harddrive because it has all my backups, music, pictures etc on it. Please let me know what steps I should take to try to fix this.


 


Jeremy


Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.

Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Link to post
Share on other sites

Hi,

 

Thanks a lot for sticking with me. I just ran a few searches, opened malware forums etc and Malwarebytes is still blocking malicious websites. I just opened a PC World page and the not-so-helpful DNSUnlocker shopping assistant came up. I've tried to get rid of the DNSUnlocker in the recent past, but none of the steps provided on forums have helped in any way, it's like the DNSUnlocker is on the computer without any kind of files, program or app present. But of course that is just one of the many problems that my PC is suffering. I posted on another thread that you are also assisting with because the person involved (from the UK I guess) is suffering from an almost identical affliction. Let me know what the next thing to try is.

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

warning.gif Multiple Resident Protection warning!

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

  • Avast Free Antivirus
  • Kaspersky Total Security
Uninstallation procedure:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for each uninstalled entry, right-click it and select Uninstall.
This should be done until any other steps will be taken.


JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

Link to post
Share on other sites

Hi,

 

Thanks a lot for your help so far. I've tried to open several pages that I have had problems with, namely Discogs, Word Reference and several different malware-removal sites. So far so good. I'm not holding my breath, but at this stage it looks pretty good. I did a check with Adwcleaner, and a couple of things came up in the search. I've included the text file below for your reference. I'll message you again if these problems come up again later today

AdwCleanerC2v2.txt

Link to post
Share on other sites

Hi,

 

Thanks a lot for your reply. I did a scan this morning, no threats found. I might have mentioned that my phone is suffering from the same issue, and I've restored it to factory settings four times and haven't physically connected it to my computer since the last two resets. The only way the two devices connect is through hotspot, this is how I use the internet on my laptop. Please find attached two logs from Malwarebytes, from the 25th and 26th of October.

daily 25-10.txt

daily 26-10.txt

Link to post
Share on other sites

Can you reset your router to factory settings?

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

Hi,

 

I connect to the internet only through my mobile phone's hotspot. I have changed the passwords multiple times and reset the network adapter on the computer. I have also reset the phone itself three times tonight.

 

I decided to be proactive tonight and try to at least stop the malware on my phone. I need to figure out where this problem is coming from, since it is affecting both my phone and computer. Assuming that it could be my google accounts that are infected, I created a new google account to use exclusively on my phone. Unfortunately, I synced the new email address to the phone before the factory reset, and the malware was present soon after surfing the internet.

 

I did another factory reset, and only logged into one of my existing accounts. The malware came up again. I then created a brand-new google account on my mum's computer, and after another factory reset, I loaded only it into my phone. So far no malware, but my phone has been doing a creepy thing 5 minutes after every factory reset. It seems to go back to the samsung screen for a few seconds, like on a restart, but not making the usual sound. It then goes back to normal. After every previous time, I noticed the malware appear, but not this last time (with brand-new email). Still waiting to see if it comes back, might need a day or two.

 

If it does come back, I think it's same to assume it's something so hard-wired into the phone that even a factory reset can't kill it. If I don't get malware any more on my phone, I think that whatever I've got has come from my existing google accounts. As for fixing a device that's already affected, well that's something that I hope we can do together. If my phone does stay clean, then I'll try to cut ties with my old google accounts and we'll at least be some of the way to fixing this crazy problem. 

Additionv4.txt

FRSTv4.txt

Link to post
Share on other sites

Hi,

 

Is there any chance that this malware slips under the radar? I've been using my phone with a new google account for a couple of days now, and there's no sign of malware on it. I'm becoming more and more convinced that it's got something to do with my google sync. I believe that whatever it is, it's hiding out on my google account and affecting any machine that's associated with it. I'm still getting suspicious re-directs that malwarebytes is blocking. Is it possible that there could be something so new and sophisticated that it is able to evade these programs? I wish I knew more about computers so I didn't have to ask you these stupid questions. Here's the malwarebytes log from today showing the re-directs.

daily 28-10.txt

Link to post
Share on other sites

Hi,

 

Sorry about the late reply, I've been flat out. I reset my Google Sync last week because I was looking on other threads and it looked like a good option. Unfortunately it didn't fix the problem. I've just reset it again to see if it works. I restored my mobile phone to factory settings again, and loaded a brand-new google account into it. Even after that I am still getting these browser re-directs on my phone and other annoying pop-ups. I feel like I'm starting to run out of options. I thought it was my google account, but since I'm not using that google account on my phone (and I haven't logged into the new account on my computer), I feel like it must be something else. I don't know. Thanks for sticking with me, I'm pretty confused as to what to do next. I even deleted Chrome off my computer, including using Regedit to delete the HKEY files (I got the process from a correspondence with Ian Mackenzie). That didn't work either. Let me know what to try next.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.