Jump to content

Infected - malware seems to affect Chrome/IE - nothing removes it fully


Recommended Posts

Here's the details - yesterday morning suddenly noticed odd results popping up at the top of Google search listings. (a screen full of ads etc) and immediately suspected a PUP was at work.

I did the usual basics, check extensions etc - and nothing there.

Ran Malwarebytes (ADWcleaner and the Malwarebytes free suite) - found nothing

Ran Roguekiller - found nothing (I mean ok it found WeChat and PopCorn time but that's not the issue they've been there for months)

So then I started to get concerned.

Ran Sophos VRT - found nothing.

Finally I install Zemana AntiMalware (as a result of something I read about on this forum) and lo-and-behold it finds unusual entries in three places.

Here's the report:

Quote

 

MD5           : 
Status        : Scanned
Object        : software\microsoft\windows\currentversion\internet settings\connections
Publisher     : 
Size          : 0
Detection     : MaliciousSetting f
Action        : Delete


MD5           : 
Status        : Scanned
Object        : software\policies\microsoft\internet explorer\control panel
Publisher     : 
Size          : 0
Detection     : MaliciousSetting
Action        : Delete


MD5           : 
Status        : Scanned
Object        : software\wow6432node\policies\microsoft\internet explorer\control panel
Publisher     : 
Size          : 0
Detection     : MaliciousSetting
Action        : Delete

 

Of course I action them - and they get deleted.

And the problem goes away. Except it comes back the moment I reboot the machine.

So while I have the issue "somewhat" under control - it's still very worrying.

Why did Malwarebytes and ADWcleaner (And others) miss it?

What is it? How do I kill it?

etc etc - but also - how it can help other people who are in this mess.

Would love any suggestions.

Nick
 

Link to post
Share on other sites

note that every time the problem comes back - it's the exact SAME three things that are found - I just wipe them again - and the problem goes away.

So something (either startup program, or service or something masquerading as a standard program) is causing this and no existing tool (that I know) seems to be able to recognise the culprit yet.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.