Jump to content

Adware.elex keeps coming back!


Recommended Posts

This malware called adware.elex and sometimes called adware.elex.generic pops up on my google chrome with websites set to my defualt window and search engine overnight after i have scanned with Malwarebytes. Each time i finish quarantining adware.elex, restarted computer, it comes back in a couple of days. 

Please find attached the log files from Farbar Recovery Scan Tool, as requested.

Thank You for your support.

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello Lee4u2envy and :welcome: Forums.


My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Read all of my instructions very carefully because any mistake you can make during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed. Even if the computer appears to be running better at some point, it may still be infected as some infections are difficult to remove and can leave remnants on the System that need to be removed also.


With that being said let's start.

 

I see you have User Accounts Control (UAC) disabled.
This is an important security feature which helps prevent malware and other unwanted software from being installed on your computer.
I strongly suggest you keep it enabled. See this link for instructions on how to enable it: https://www.technipages.com/windows-enable-disable-user-account-control-uac

 

You have Driver Booster installed in your computer.
Please take some time to read the following article about these type of programs:
10 Types of System Tools and Optimization Programs You Don't Need on Windows

I'll ask you to uninstall it since uninstalling such program before running malware removal tools will ensure a better clean-up.
Right-click on Start menu > Control Panel > Programs and Features and remove Driver Booster.

If you have an issue when uninstalling the program, please let me know.


Next,

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the fixlog.txt in your next reply;


Next,

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator;
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits: Bleeping Computer and Aura
  • Once the scan is complete, a log will open. Please attach that log in your next reply;


Next,

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator;
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
    Credits: Aura
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please attach that log in your next reply;


Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.


In your next reply please attach:
The fixlog.txt;
The JRT.txt log;
The AdwCleaner clean log;
The Malwarebytes log.

How is the computer running right now?

Thank you.

fixlist.txt

Link to post
Share on other sites

Hello Lee4u2envy.

Thank you for the logs.

 

The Malwarebytes log shows it detected many threats but did not take any action on them --- 'No Action By User'.

Please re-run Malwarebytes and perform another scan.

When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.

While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.

The log can also be viewed by clicking the log to select it, then clicking the View Report button.

Please attach that log in your next reply.

 

Next,

Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    2. Close all your programs and browsers.
    3. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    4. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

 

In your next reply, please attach the Malwarebytes log and the ESET log (if it produced one).

How is the computer running now?

Thank you.

Rui

 

Link to post
Share on other sites

Hello Lee4u2envy.

Thank you for the logs.

Malwarebytes and ESET detected and removed several threats.

To be sure that will not remain leftovers on the System, please download and run a scan with the folllowing tool.


Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.

  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.


Note: Whenever necessary, the log will be in the following location:

C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 

Please post the contents of the log in your next reply and note any errors encountered.

Thank you.

Link to post
Share on other sites

Hello Lee4u2envy.

No threats were found during the scan.

These are good news. It's time to say that your computer appear to be clean. :)

 

16 hours ago, Lee4u2envy said:

Thank You for your support

You're welcome!


Now let's scan for outdated security programs. Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer.


Please download Security Analysis by Rocket Grannie from here

  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please attach that log in this topic.


Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.


Please attach the SALog.txt in your next reply.

Thank you.

Link to post
Share on other sites

Hello.

Google Chrome is out-of-date. Please read the instructions in the link below and update Chrome.
How to update Google Chrome

 

Mozilla Firefox is out-of-date. Please read the instructions in the link below and update Firefox.
How to update Mozilla Firefox

 

If present remove the old version(s) of Java (Java 8 update 121) using the Programs and Features applet which can be found through right-clicking on Start > select Control Panel > Programs and Features, if you are not developing Java programs.

 

Please keep your programs up to date. This applies to Adobe Flash Player, Java and all your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC.

 

Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

 

You can now delete the tools we used in the malware removal process, using [b]DelFix[/b].

Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check the following options :
    • Activate UAC (This option will activate the User Account Control feature).
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
    • Create registry backup (this option will create a backup from the Windows Registry).
    • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
    • Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection).
  • Once the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy and paste the entire content of the output log in your next reply;

Thank you.

Rui

Link to post
Share on other sites

Hello Lee4u2envy.

Thank you for the log. It indicates the DelFix went well.

Is everything running well with the computer? Are there any issues or concerns?

Link to post
Share on other sites

Hello Lee4u2envy.

You're very welcome! :)


Below are some links with suggestions to improve your computer's speed:

How to Optimize Performance of Windows 10
How to Improve Computer Speed Performance
Take a look at this page created by miekiemoes, on slow systems, and some things you can try to do to try to improve it. Help! My computer is slow!
You may also find this helpful: Slow Computer? It may not be Malware


If all is well:

To help keep malware off your system below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep your Windows Operating System up-to-date.

Keep your Anti-virus program up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Keep Malwarebytes Anti-Malware (MBAM) update and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A tutorial on using MBAM can be found here and a complete guide here

Please Note: Only the paid for version has real time capabilities. Please go here and scroll down to find a comparison list of the two versions.

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. This applies to Adobe Flash Player, Java and all your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
So how did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.

Happy surfing and stay safe. default_cool.png

Android8888

Link to post
Share on other sites

  • 3 weeks later...
Quote

 

Android888 after the changes i made to fix the malware, my laptop has been shutting down for no reason. I checked if it was overheating but simple browsing through the internet can cause it to shutdown. Even if it was overheating, my comp has never shutdown no matter how hot it was before the malware problem. 

Please Respond ASAP 

Thank You

Link to post
Share on other sites

Hello Lee42envy and welcome back!

Please tell me if the shutdown happen only when you are navigating on the Internet or does this happen randomly?
Are there any error messages or BSOD before it shutdown?


It has been a couple of weeks since we cleaned the computer so let's try to run the following scans to see if this has something to do with malware.


Follow the instructions below to download and execute a scan on your system with FRST, and provide the two logs in your next reply.

  • Download FRST and save it to your computer's Desktop:
  • Right-click on the executable and select Spcusrh.pngRun as Administrator;
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
    Credits: Aura
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Please attach both FRST.txt and Addition.txt in your next reply;

 

Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.

 

Next,

Please download RogueKiller 32/64 Bits Installer (setup.exe) by Tigzy and save it to your Desktop.

  • Right click on the file setup.exe and select Run as administrator to install the tool.
  • Click Yes to accept any security warnings that may appear.
  • Choose the installation language and click OK.
  • Checkmark "Install 32 and 64 bits versions" and click Next. Follow the steps to install the tool.
  • Now close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the RogueKiller icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time consuming.
  • Once finished click on Open Report. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.


Please attach the RKlog.txt to your next reply.


To summarize, please attach the 4 logs listed below in your next reply:
FRST.txt
Addition.txt
Malwarebytes quarantine log
RKLog.txt


How is the state of the computer at this moment? Does it still turning off by itself?

Thank you.

Link to post
Share on other sites

Hello.

8 hours ago, Lee4u2envy said:

Also, whenever i start up my comp from the shutdown a notification says that Microsoft Corp wants to make changes to your computer.

Can you take a screenshot / picture to that and attach it to your next reply?

 

Now, please proceed as follow:

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;


Next, re-run RogueKiller, then select all the entries it finds and remove them all:

  • Close all programs and browsers.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Re-run RogueKiller.
  • Right-click on the icon and select Run as administrator and then accept the UAC security warning.
  • Click the Scan tab and then click the Start Scan button.
  • Wait until the scan has finished. This may take some time consuming.
  • When the scan completes, check mark all the entries it found and click the Remove Selected button.
  • Click on Remove Selected button.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
  • Close RogueKiller.


Please attach the RKlog.txt to your next reply.


Next,

Please download Zemana AntiMalware and save it to your Desktop.

  • Right-click on the icon and select Run as administrator to install the program.
  • Click Yes to accept the security warning.
  • Once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them.
    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.
  • Click on the Back button.
  • On the top right corner click on Reports icon (the one with three bars) and double click on the latest report.
  • Now click File > Save As, then choose your Desktop and click the Save button.
  • Please attach the saved report in your next reply.

 

Next,

Please download Malwarebytes AdwCleaner and save it to your computer's Desktop.

  • Close all open programs and internet browsers.
  • Double-click on the icon to start the tool.
  • Click Yes to accept any security warnings that may appear.
  • Click I Agree on the disclaimer to accept the Terms of Use.
  • Click the Scan button to start the scan and wait for the process to complete.
  • Click the Logfile button and the report will open in Notepad.
  • NOTE:If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button and follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file in your next reply.
  • You can find the log file at C:\AdwCleaner[Cn].txt (n is a number, the highest number is the most recent).

 

Please attach the following logs to your next reply:

fixlog.txt

RKLog.txt

Zemana log

AdwCleaner clean log


How is the computer now? Does it still turning off?

Thank you.

Link to post
Share on other sites

Hello.

The tools removed some adware from the computer.

How is the computer running? Does it still turning off?

What about the adwares? Do they keep popping up?

Link to post
Share on other sites

Hello Lee4u2envy.

Sorry for the delay in responding.

Okay, for now and while we don't know what is causing the crashes say 'No' to that message.


Let's see if there is anything malicious in your system that may be causing those crashes. Please read the instructions below to run the following tool:

Please download Malwarebytes Anti-Rootkit BETA and save it to your Desktop.

  • Right-click on the icon and select Run as administrator to start the extraction of the program;
  • Click Yes to accept the security warning that may appear;
  • Click OK to extract it to your Desktop (MBAR will be launched shortly after the extraction);
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, if threats are found, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Please attach that log in your next reply;


Please open FRST, make sure the 'Addition.txt' box is checked and click the Scan button. Post the two logs (FRST.txt and Addition.txt) for my review.

Test the system several times and let me know if the crashes still occur.
Also, does that message still appears after restart?

Thank you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.