Jump to content

Bad PUPs - can't stop them

PeregrineKodiak
 Share

Recommended Posts

PeregrineKodiak

PeregrineKodiak

Posted
Posted

Hello,

I was trying to find a streaming radio station to listen to a Cubs playoff game. I'm not sure what I clicked on, but now I'm getting all kinds of pop-up ads and redirects, search engine hijacks - its terrible. I now have a Premium subscription to Malwarebytes, but it's not stopping all of these hijacks. I previously ran through steps to get rid of 'newphn' redirects - but I'm still having all of these problems. Any help is appreciated! Thank you.

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hello @PeregrineKodiak

My screen name is Android8888 but if you wish you can call me Rui which is my real name.

Please read the instructions in this link I'm infected - What do I do now? , run the requested scans and provide the logs.

We need to see that information in order to help you.

Thank you.

Rui

 

Link to post
Share on other sites
PeregrineKodiak

PeregrineKodiak

Posted
  • Author
Posted

Hello,

I'm posting my scan logs here. I followed the instructions from "I'm infected, now what". I ran Malwarebytes Premium, and had 61 Pups quarantined (they'll be back). I was NOT able to run Farbar because Windows Defender blocked it. I tried to disable Windows Defender, but did not succeed in that.

Waiting for guidance. Thank you.

11.18.17.txt

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hello PeregrineKodiak.

Okay, please do the following:

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.


Next,

  • Download Malwarebytes AdwCleaner and move it to your Desktop
  • Right-click on adwcleaner_7.0.4.0.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
    BOMWOzf.png
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
    Credits: Aura
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Please read the information at https://www.wikihow.com/Turn-Off-Windows-Defender-in-Windows-10 and try to disable Windows Defender.

Then run FRST and attach the two logs (FRST.txt and Addition.txt).

To summarize, in your next reply please attach the following logs:
The new Malwarebytes log;
AdwCleaner clean log;
The two Farbar logs (FRST.txt and Addition.txt).

Thank you.

Link to post
Share on other sites
PeregrineKodiak

PeregrineKodiak

Posted
  • Author
Posted

Rui,

I attached two MBAM logs - one with Chrome open, and one after that scan quarantined, redone with only Microsoft Edge Open. The PUPs are only found when Chrome is open. The FRST scans are also attached.

Here I'm pasting the AdwareCleaner Log (it found nothing and did not cue to restart computer).

# AdwCleaner 7.0.4.0 - Logfile created on Sun Nov 19 19:45:51 2017
# Updated on 2017/27/10 by Malwarebytes
# Database: 11-17-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [945 B] - [2017/11/6 14:18:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

MBAM.11.19.17.NoChrome.txt

MBAM.11.19.17.WithChrome.txt

FRST.txt

Addition.txt

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hi PeregrineKodiak.

Please follow the steps below in the order listed.

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;

 

Next,

Follow the instructions in the thread below and see if it helps solving the detections in Google Chrome.
Chrome Secure Preferences detection always comes back

 

Next,

Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    2. Close all your programs and browsers and disconnect any USB flash drives from the computer.
    3. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    4. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

 

In your next reply please attach the Fixlog.txt and the ESET log (if it produced one) and let me know in detail what issues persists in your computer.

Thank you.

Rui

fixlist.txt

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hello PeregrineKodiak.

 

Sometimes ESET stuck on several files. That is normal since it is a very thorough scan.

Okay, do not open Chrome yet.

Just open Malwarebytes and perform another complete scan. If something is found, quarantine all the items.

 

Next,

Open Chrome and see how it goes.

While Chrome is open, perform another complete scan with Malwarebytes and attach this log to your next reply.

 

Let me know how you get on.

Thank you.

Rui

Link to post
Share on other sites
Android8888

Android8888

Posted
Posted

Hi PeregrineKodiak.

I'm glad to know that you solved your problem. :)

However there is some more work to do yet.

Outdated programs contains security vulnerabilities that are exploited by malware in order to infect the computer without the user's knowledge. Usually this is one of the ways that more contributes to the infection of your computer.
Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

You can now delete FRST from your computer and the logs it created (FRST.txt, Addition.txt and Fixlog.txt). Delete also the folder C:\FRST
Open AdwCleaner and click on File and Uninstall to remove the tool. Delete also the folder C:\AdwCleaner


If all is well below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please consider using these ideas to help secure your computer.

Keep your Windows Operating System up-to-date.

Keep your AntiVirus program up-to-date.

Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Keep Malwarebytes updated and perform a regular scan to your system as it will make it harder for malware to reside on your computer.
A complete tutorial on using MBAM can be found here and a complete guide here

A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster, available here

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure.

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Another most feared threat at the moment is an infection by a Ransomware. A Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method. I advise you to read more info on this terrible threat here and here.

Please keep your programs up to date. This applies to most of the programs and all your Internet Browsers in particular. Vulnerabilities in the programs are often exploited in order to install malware on your PC.

Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.

Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.

Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.

Don't click on links received in instant message programs.

A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available here

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
So how did I get infected in the first place
Answers to common security questions - Best Practices

Hopefully these steps will help to keep you error and malware free. If you run into more difficulty, we will certainly do what we can to help.


Are there any remaining issues or can we close this topic?

Rui

Link to post
Share on other sites
  • 2 months later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept