malware

Lowteck

TV Addicted
Feb 28, 2015
559
5
0
I got some malware that only attacks with pop ups at one site that I have to use a login on. When I click on the name box or any button inside the site it opens windows to click on this or download that. I know not to do that. I have bought and installed 6 different malware checkers and none of them find this attack. I have even tried opening the browser and clicking on the login box and running this malware checkers. I have even emailed these checkers for help. Only one replied and told me to restore my browser to the original state. I have deleted the brousers and then gone into the registery and deleted any reference to the browser or the web page. I even went into the window explorer and deleted any residue reference in folders to the software. I contacted the owner of the site and they cannot find any thing on their end.Nothing works. It is in internet explorer, firefox, and palemoon. Has anyone had this problem and how did they fix the problem.
 
This is from about a year ago when I had some major adware and malware issues.
I posted a description of some things I did and read about.
It worked for me.

Here is the copy and paste of that post...

To sum everything up and a great look at some top quality anti-virus and anti-malware programs...
Here it is, with most quoted from RICH, a top fella in his field (ATE Field Service Engineer)

'These days what is common are PUPs... Potentially Unwanted Programs that gives adware which came in a bundle with something else'

'Run adwcleaner and junkware removal tool'
Code:
http://www.bleepingcomputer.com/download/adwcleaner/


'and then do additional cleanup with MalwareBytes Anti-Malware'
Code:
https://www.malwarebytes.org/

'then go check your browsers for any bad extensions.. remove if possible.. If none are seen, and you still have adware in your browsers, then you'll need to reset your browsers.. (google on how to reset them)..and also set homepage and search engine defaults'

'For virus/trojan detection that you can use in conjunction with any real time AV you have.
These scan tools don't offer real time protection but are good removal tools'

online scanner from eset
Code:
http://www.eset.com/us/online-scanner/

and/or kaspersky's avptool
Code:
http://www.kaspersky.com/antivirus-removal-tool?form=1

'After it's cleaned out... install (into firefox) a popup blocker adblock plus, adblock edge and another addon called noscript.
And also while at malwarebytes, look at it's free anti-exploit as another form of protection'
Code:
http://www.bleepingcomputer.com/download/malwarebytes-anti-exploit/

That's it guys, all very good programs.
Thnx again everyone that helped with this


This is a year or so old now, but are still very good programs.
 
I went through every step that you listed except kaspersky's. It did not install, said failed to install. The problem still exists. Do you have any other suggestions?
 
Lowteck it sounds like the site might have an issue itself. Is this the only site that has the problem? I mean can you navigate to another site and not get pop ups like CNN or something like that? The reason I ask is I have a site that is like that too it's the only one like that but I have no issues with any other site.

Btw I migrated off windows and went to Mac and haven't had any issues with any site and yes I still have access and malware tools installed.
 
Lowteck it sounds like the site might have an issue itself. Is this the only site that has the problem? I mean can you navigate to another site and not get pop ups like CNN or something like that? The reason I ask is I have a site that is like that too it's the only one like that but I have no issues with any other site.

Btw I migrated off windows and went to Mac and haven't had any issues with any site and yes I still have access and malware tools installed.

nothing is wrong with this site ..... no traps or nothing hidden ...........


the first step should've been Rkill ..... then follow crazed Guide ...........
 
  • Like
Reactions: crazed 9.6
I have run Rkill before all these steps and it is still there. I think that since it did not start on the desktop that I might have gotten it while updating KODI and adding newer apps. It did not start before that. So I have deleted KODI on my desktop and will remove all traces I can find to KODI or its apps before trying the site again. Oh! by the way, I will reboot before.
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)

Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:


Program started at: 07/07/2017 03:33:10 PM in x64 mode.
Windows Version: Windows 10 Pro

Checking for Windows services to stop:

* No malware services found to stop.

works for me
 
Rkill stops two services but with them stopped the attack still occurs. Called Avast and got no where a second time. They tell me my computer is fine and their software is fine, it is the web page, but if it is the web page, why don't others get the problem.
 
@Lowtech ...... start >>> search box >>> msconfig >>> click tab startup >>> disable all >>> click tab boot >>> click safe mode apply >>> while in safe mode >>> run rkill >> then malwarebytes >>> then/or at same time in depth scan on Eset >>> after everything is cleaned >>> start >> msconfig >> click tab startup >>> enable all >>> ....... Rkill - free .......... the others are paid ......... what os do you have ? 32 or 64 ?

i'll post the software ....... & PM you the keys ..........
 
Believe me, I have added a lot of different addware, malware blockers. I was just glad since I could not find it on my computer that it was coming from a forum server and was found by admins.