Jump to content

Trojan Browser Hijavker keeps Coming Back

Adisa
 Share

Recommended Posts

Adisa

Adisa

Posted
Posted

Hello,

I downloaded a excel toolkit from a dodgy site a couole of days ago and my nightmare began. At first, my chrome browser was taken over by an administrator and my instagram account has started posting ads and it's very embarrassing. I was able to remvoe the administrator but an extension on my chrome keeps popping up that tried to take me to a yahoo search. I have tried using malwarebytes to remove the programmes (seems there's more than one) and resetting my google synch but nothing seems to work. After a few minutes the programmes return. 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hi @Adisa.   :welcome:

My name is Maurice. I will guide you. Please always attach files or reports that I request from you as we go along.

i will need this first set of readout reports.

 

Please download MBST Support Tool

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Next steps after the steps above.

 

I would suggest that you do all 6 steps like on this one post of mine 

 

https://forums.malwarebytes.com/topic/270892-when-searching-things-on-googlecom-i-get-trojan-alert-for-addedprintcom/?do=findComment&comment=1440523

Attach the report from Adwcleaner back here.  We will do more later. 

 

You may use EDGE browser for the time being.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Thank you for the reports.

The Adwcleaner made some adware-related cleanups.

The other 5 steps I asked you to do for Chrome will be a big help for Chrome.

.

We will be doing a few additional scans hunting for malware.

Patience with persistence are a good thing.  :D

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

From the Scan options, select "FULL" scan. Patience since this can take hours.

Let me know the result of this.

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

PS. the MS SAFETY Scanner reported No virus / No infection.

After I get the Malwarebytes report, we will take additional steps.

 

Also. Please be sure that your pc has been Restarted today.

 

The prior scan from yesterday evening required a Reboot after the scan in order to do the cleanup removal.

Thanks.  :D

Edited by Maurice Naggar
Combined 2 posts
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

This is the next task when you get all caught up.

The script Fixlist.txt  needs to be saved to the same folder that contains FRST64.exe   /  you have yours saved somehere on Downloads

This will do several cleanups of what is causing main issues.

The custom script on this post is ONLY for this machine and NO other.   

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

The system will be rebooted after the script has run.

 

Please save the (attached file named) FIXLIST.txt   to the   Downloads  folder

Fixlist.txt

Start the Windows Explorer and then, to the Downloads folder.

 

RIGHT click on  FRSTENGLISH.exe   and select RUN as Administrator  and allow it to proceed.  Reply YES when prompted to allow to run.

 . If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:

Click the Fix button just once, and wait.

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. 

If you receive a message that a reboot is required, please make sure you allow it to restart normally.

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

 

Please know this will do a Windows Restart.   Just let it do its thing.  

Do let me know how things are overall,  after all this.

Edited by Maurice Naggar
Put in custom cleanup script
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello. I hope you are doing better.

Take care of yourself first.

.

Note that on the report all the notes about " No Action By User ".

.

Need to do a new run.

In Malwarebytes for Windows program, we want to do a special scan.

 

Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.

 

Then click the Security tab.   

 

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈

 

Click it to get it ON if it does not show a blue-color

 

Next, click the small x on the Settings line to go to the main Malwarebytes Window.

Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

 

You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈

🔻

Then click on Quarantine selected.

Then, locate the Scan run report; export out a copy; & then attach in with your reply.

 

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

We will do more, later. 

Link to post
Share on other sites
  • 3 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.