When you scanned with Malwarebytes, did it find anything at all?
Comment has been collapsed.
i tried in normal mode but it consumed 99% CPU usage so i had to go to safe mode and scan from there. it did find and removed the malwares but when i came back to normal mode again, it was like it didnt do anything
Comment has been collapsed.
Interesting. Try this as well, it might help: https://www.malwarebytes.com/antirootkit/
Comment has been collapsed.
thanks again. this along with hitman pro did the trick :)
Comment has been collapsed.
Great! I'm happy it worked for you! Happy browsing :)
By the way, if you're looking for a good antivirus, I can suggest Avast (free version). I'm using it for years and I've never had a single problem with malware.
Comment has been collapsed.
ive also been using avast for a long time. but got tired of it with the female's voice xD jk but i think even windows defender does a fine job with the usual antivirus. the malwares are the ones taking over which i have to be more careful of
Comment has been collapsed.
Have you run a boot time/rootkit scan with your antivirus?
Comment has been collapsed.
no i havent, would you suggest a good antivirus that does it? I prefer not to use any antivirus, just use windows defender and havent had problems except for the malwares
Comment has been collapsed.
I'm using Avast and it's caught a few rootkit browser scripts but it's gotten quite bloated so I was looking at making a rescue USB using some smaller portable programs. This is what I found http://www.techrepublic.com/blog/five-apps/five-portable-antivirus-and-antimalware-tools-to-carry-with-you-at-all-times/ but haven't tried them any yet. Also if you don't mind doing things manually you could try HijackThis https://sourceforge.net/projects/hjt/ then take the log it generates here https://www.hijackthis.de/ see if anything comes up.
Comment has been collapsed.
thanks, i will take a look at it and see if it helps
Comment has been collapsed.
Surprised Malwarebytes wouldn't find it.
Check the root of your c:\program data and c:\users[name] or c:\users[name]\appdata local and roaming and see for any suspicious files.
If you really want to be 100% a reinstallation is just better, sometimes they can be nasty and hard to get when you aren't experienced, but if you would just have a backup with any program you need, have your steam games installed on another drive, then in such events it takes a whole lot less time and effort when something happens.
Comment has been collapsed.
i have studied computer science actually. reinstalling windows isnt a problem. Its just a pain to backup and install drivers and stuff all over again
Comment has been collapsed.
Meant getting rid of malwarebyte being nasty, not reinstalling windows.
I did a fresh installation just last week and took me maybe 8 hours to set it up the way i want.
Every 3-4 months (or longer depending what gets/needs an update or not) i restore my backup, update anything needed, make a new backup.
Then when something happens, i just copy my c:\users folder to an external disk, and with restoring a backup, it really takes 1 hour and i got my pc back up running like i want with all my savegames (apart from that one game that saves in your registry), documents etc.
It is a pain and takes some time but when you can get a backup back so quick and easy you will be thankful for it, then you don't need to keep reinstalling windows.
Malwarebytes 3+ should have protection to prevent you from opening suspicious sites in the first place, Eset Suite also does it for me and so should any good other Suite. You need to improve your protection for a next time.
Comment has been collapsed.
yeah i guess so. thanks for your time. i learned that lesson about backups when installing linux in my pc in the past. making partitions there along with windows in my first time, i messed up big time and ended up removing everything x'D
Comment has been collapsed.
You may want to look at your add ons and plugins if something unfamiliar is there.
If you see something fishy, or something you don't regocnise: disable it and see what it does.
i had something similar a couple of years ago, all my webpages got flooded with adds, it was driving me bonkers!
Turned out I had turned on/downloaded some kind of plug on, which seemed needed at that time.
It didn't do anything, so totally forgot about it!
Months later it got triggered, don't know by what.
And then the adds started the show.
Shiny flashy adds every few lines, cluttering my web pages.
No idea if this helps.
But if only your browsers are effected it could be an add on or plug in!
Comment has been collapsed.
that's not the case since all browsers are affected by it and i only use google chrome for extensions
Comment has been collapsed.
Try change internet provider tempolary. Sometimes it has a problem from ISP. (DNS spoofing, proxy cache)
Comment has been collapsed.
looks like this wasnt the case, i got it solved from anti malware software
Comment has been collapsed.
Download HIrens Boot CD, burn it on a disc, or copy it to a USB pendrive with thelp of Rufus named software. Boot in mini Windows XP, then scan your system partition with Malwarebytes or some other software that's included in the package.
Also you can try system restore first.
Comment has been collapsed.
Try AVZ and check Autoruns if any suspicious apps may startup. You may also try running msconfig and disable unknown services.
If this only affects browsers then ensure you have no shit in system32/drivers/etc/hosts and no suspicious addons installed in your browser, ensure no custom search engines added to your browsers.
Make sure you have correct DNS in your network settings and no proxy specified in browsers.
Also try drweb cureit or check tcpview and processmonitor to see what connections are made when you start your browser.
Comment has been collapsed.
i saw nothing suspicious in startup processes and unknown services. and i didnt find etc folder in system32...
i dont think ive ever used proxy settings in my browser. and i'll try those connection softwares you told me, looks interesting
Comment has been collapsed.
That's suspicious, it should be there C:\Windows\System32\drivers\etc\hosts - that's the file where you can override any host to any address, like set google.com for any phishing ip. Make sure you set 'show hidden and system files' setting in your explorer (tools->folder options). Also in win7+ you may need to take ownership (add yourself with read-write permissions in security tab) of the file otherwise you won't be able to open and view it.
It's not about YOU setting up proxy, but some crapware addon/trojan set your system/browser to use it wrapping around your connections and inject ads for example.
But when it comes to ads only in browser and you're sure thats no malware or virus is on your PC then it's probably some hidden settings per-browser (about:config, chrome://flags, etc) that set wrong search engine, proxy settings or browser extensions/addons.
Sometimes the easiest solution (if that's the case) is to reinstall browser and remove or clean your browser profile (like "refresh firefox" or checking if ads still there in firefox safemode).
Comment has been collapsed.
my bad, well i found this in my hosts file
the list continues with so many websites till the end
Comment has been collapsed.
That's a lot, seems like spybot added some overrides, but that counts as adblocking.
But the file seems huge, but probably it's fine as spybot checked it already. (never used it though).
I guess there's no need to remove them.
Comment has been collapsed.
]
and what about this? i don't recall ever using an automatic script
Comment has been collapsed.
Yep that's some shit. Should be blank. You may leave Automatically detect settings checkbox on. (default state: all fields empty, except automatically detect settings checkbox which is on).
This one seems quite popular: malwarebytes howto, other link, and another link. You can google yourself on how to ensure you remove everything. (as there possibly some scheduled jobs to restore the settings).
It is strange that malwarebytes didn't remove this. You may try drweb cureit/avz/any antivirus as I suggested previously.
Comment has been collapsed.
yes i am trying the softwares one by one, hopefully something will work. thanks a lot for your time :)
Comment has been collapsed.
Make sure you checked malwarebytes howto link in my previous answer as that seems pretty close to what you have: autoconfig and scheduled wscript tasks that force autoconfinguration back. np.
Comment has been collapsed.
well i didnt had to go through the links, got it solved with hitman pro :)
Comment has been collapsed.
In most cases, the hosts file is used to prevent unwanted connections, so I doubt it'd be the issue. You can see that they appear to be added by Spybot - Search & Destroy, which is an anti-malware program. However, it wouldn't hurt to make a backup of the file, and then delete everything below the comments. Judging by the scrollbar, there are a ton of items in there, which is not exactly necessary. And if the hosts file isn't blocking your ads already, then it wouldn't make much of a difference removing the items just to see.
Comment has been collapsed.
Also, I'd check out if there's a pattern to the ads you're being shown. See if there's a particular website being used, then search the registry for that. If you can find even one entry in the registry for one of the ads, it'll give you a big advantage in what to do next to clean it.
Comment has been collapsed.
yeah im seriously gonna find it and remove it as quickly as possible. i got lots of help from here
Comment has been collapsed.
i ended up removing restore points when removing junk from pc...
Comment has been collapsed.
Well, that was the quite best method after infection. Try other people's suggestion but you might end up re-installing Windows. :)
So, good luck.
Comment has been collapsed.
Install spybot and run it, it'll get rid of spyware and bullshit adware, how did you even get the virus in the first place?
you don't seem really tech savy but if everything else fails you might want to clean install windows linux arch ;)
jk reset windows to factory state that should solve it
Comment has been collapsed.
probably those giveaway games that i really had to click on lots of links...
Comment has been collapsed.
Google for Malwarebytes' Anti-Malware
or just simply :)
Comment has been collapsed.
Reinstall. Also, don't make the mistake of installing the malware again - install Linux ;-)
But seriously, to be sure, reinstall.
Comment has been collapsed.
yes thats the last resort but i will see if other solutions will help me first
Comment has been collapsed.
I partially agree, but even after removing the malware, there can be some files or registry entries left behind. Backup (clean data) and reinstall.
EDIT: Maybe it's better with newer Windows, but I doubt it. My experience ends with Windows 7, when I focused solely on Linux.
Comment has been collapsed.
what do you do for games which only run on windows?
Comment has been collapsed.
I don't play them :-D
There's 477 Linux games in my Steam library - and no time to play them all. But for some it's hard - recently my friend switched to Linux, he's very happy with it, but complains about not being able to play FIFA and Doom 2016...Still, he has lots of games to play, so he's resisted installing Windows alongside Linux (so far).
Comment has been collapsed.
you cant say that for all. ive used linux before too and even though it has many advantages over windows, i cant make myself to switch to linux. and i can compensate viruses like these even though they're frustrating sometimes
Comment has been collapsed.
First you should try running RKill, then AdwCleaner and Junkware Removal Tool. If it's still there, give HitmanPro a try.
Comment has been collapsed.
yes havent tried RKill, junkware and hitman pro. lets see if it helps
Comment has been collapsed.
I'm glad it helped. One piece of advice: before opening something you downloaded from the internet, scan it on this site to see if it has some kind of a hidden surprise packaged into it.
Comment has been collapsed.
HijackThis + Ccleaner registry + maybe delete host file+spybot
Edit fogot was spybot not AMB and reseting/uninstalling browser
had a similar trouble few weeks ago on a client's computer
Comment has been collapsed.
Try going to safe mode and deleting temporary files.
Try RKill program to kill shady processes
Comment has been collapsed.
Happens always on the same page, or in any page?
There are a new mode of ads in HTML5 that at the moment is impossible to block... and some pages uses it to get a remuneration... even if it is aggressive to the user.
You can try 3 programs to research any problem on your computer, all three free.
- Malwarebytes Anti-Malware
- Spybot Search and Destroy
- Malware Anti-Exploit (This one is free on early stages and at the moment on their beta program)
If that doesn't found nothing... try with an antivirus.
Comment has been collapsed.
Everywhere, even in those websites where there is no ad
Comment has been collapsed.
Check your extensions and addons on Google Chrome. If there are any extrange maybe that's it.
Some adwares likes wxDfast works fairly similar to the description that you maked and uses an extension in chrome... you can disable all extensions and test if everything goes well.
Check if the Chrome icon (direct access) hiperlinks to the real folder of Chrome or adds anything to it.
In that cases the best method is... check if that happens with another web viewer... if not, complete uninstall Chrome, and do a clean installation after pass CCleaner to clear any registry.
Comment has been collapsed.
extensions were fine, hitman pro killed all the malwares in my pc
Comment has been collapsed.
login or create another user > just to quickly see if the malware if present in the other accounts browser
if so assume its good and new malware that hasn't been detected yet ... if not, it should be in your accounts
user data somewhere which is easier to find out - best checked by listing all folders (incl hidden ones) and
sorting them by date - any suspicious > ctrl+gtfo
shouldn't that help check the registry - any new or suspicious entries with generic names might be the malware
alt. delete everything related to the infected browsers (esp. temp user data)
Comment has been collapsed.
yes well i have been only using one user. i will see this one later
Comment has been collapsed.
Generally, you need to run these malware programs in "Safe Mode" to be effective. I always prefer combofix. Run combofix in safe mode ,this is the best option for you because you are not sure what is the problem. Also could you please add a screenshot to see what kind of ads pop up?
Comment has been collapsed.
i ran malwarebytes in safe mode actually but it didnt help me.
All kinds of ad website pop up which are mainly redirects
Comment has been collapsed.
yes i am, already tried it and it only made me reset the pc, but any ways my problem is solved thanks
Comment has been collapsed.
I don't want to reinstall windows again
- Why not? It will take a few minutes instead of searching hourss for the malware.
- Again? Maybe you should change the websites you use.
Comment has been collapsed.
you have a point. but i like to find out the cause of the problem anyway and remove so it won't happen again
Comment has been collapsed.
in my best guess you have been hit by a trojan which has affected some bootup program of system32 . it might have come from a malicious crack file or USB drive.
You can try rootkit virus removal but they didn't always work out for me.
Best Solution in my opinion : backup and re install.
Comment has been collapsed.
Sometimes even if malwarebytes delete all malwares, something stays in browser executive file. Check is something was add here.
Comment has been collapsed.
well,
once i had to deal with an infection like the one you describe (those that restore himself)
1) you need identify the badboy (running scans) and if the scanner identifies it and can't remove or do not remove permanently...
2) do NOT reboot
3) research the web about it and its behavior and favorite hiding places (the backup/s he created for himself)
4) found it? yes, then you most likely will have to remove them manually
5) can't, because its running? use an app called unlocker...
6) dig for its entries in the reg editor and delete them...
7) reboot and verify if its gone, if not, research further for more clues and repeat the process...
sry, i know, its hard, but its the only way to avoid a fresh install...
Comment has been collapsed.
This malware is pissing me off. I click inside any browser and any website, stupid ad website opens themselves. I search in google and some queryrouter and other search engine shows its results. I don't see these search engines in the settings too nor any other website. Adblocker has been active since ages but it fails to stop them too.
What I've tried is:
Only the web browsers is giving me problems, the pc is working fine and I don't want to reinstall windows again.
Any help would be really appreciated.
Comment has been collapsed.