Invincible Malware
August 3rd, 2016
I know there are several topics like this and I’ve read through many of them and wasn’t able to find an answer that solved my current situation.
I had some malware in my computer called AdSales or something like that. Every tiem I deleted the extension it would some come back. So I googled a solution:
Removed the extension, removed weird programs from my PC, stopped several suspicious processes in my computer, hunted down registries and removed them, etc…
In the end, it worked (for a few days). After a week or two, the same malware came back with a new name, EnormouSales… I googled a fix and, apparently, it is exactly the same procedure.
HOWEVER, there is no extension installed in chrome! I look at my programs and there’s nothing new installed! I just can’t see anything of it that hasn’t already been deleted… It’s like it’s coming out of nowhere.
Plus, it’s being absurdly annoying, hindering my internet, shooting pop-ups every 3 clicks inserting ads into several websites…
I’ve tried many anti-virus programs (AVG pro, Norton, Kaspersky…) and other spyware removal software, but nothing has worked so far.
Any ideas on how to get this fixed??? I really didn’t want to format my PC at this point…
Thanks in advance, guys!!
Give SpyHunter4 a go, better than Malwarebytes.
If that doesn’t find it, then format and reinstall.
This doesn’t necessarily solve the problem, but have you tried adblock?
Try to use the sysinternal suite to see where the process starts and check your startup items(Windows key + r, the run dialog and type msconfig and go to the startup tab). The most reasonable hypothesis is that there is a program in the startup list that automatically reinstall the adware, so you need to find which file it is and delete it. Try to use spybot, malwarebytes and spyhunter4.
Go here and just get the free version
https://www.malwarebytes.org/
Try to use the sysinternal suite to see where the process starts and check your startup items(Windows key + r, the run dialog and type msconfig and go to the startup tab). The most reasonable hypothesis is that there is a program in the startup list that automatically reinstall the adware, so you need to find which file it is and delete it. Try to use spybot, malwarebytes and spyhunter4.
This. Check your startup list.
Also, try Hitman Pro. It’s only small and the scan takes minutes. If it finds something then you need to scan with a decent AV. Norton is awful, AVG is awful.
Some excellent suggestion here in term of softwares. If you want to save some time, find the process and the eventual files in the startup tab and direct the antivirus/antimalware directly to it.
First try Malwarebytes, if that doesn’t delete fix your problem try combofix. Get Malwarebytes from here and just google combofix cause its freeware.
Some excellent suggestion here in term of softwares. If you want to save some time, find the process and the eventual files in the startup tab and direct the antivirus/antimalware directly to it.
this is your best bet , dont follow the generic solutions on internet which are just written to get page hit. run sysinternals process explorer as admin , running as admin is very important then look at bottom blue colored processes to detect something unusual or weird or paste a screenshot of it here so we can tell which process is weird. https://technet.microsoft.com/en-us/sysinternals/bb896653
after detecting it , go to folder remove it manually with shift + delete. you can see the folder of process by hovering your mouse over the process on the process explorer .then run your antispyware to clear remnants. none of the spyware i have used can remove adware’s source but its extensions. so your best bet is to manually remove the .exe file which re-creates all others.
even after those , there may be still leftovers but they will be useless without its parent files.
there is another kind of complicated adware which i fear you have it. it doesnt run on start up but it adds itself to scheduled tasks which means it runs either randomly or periodically. that must be the very reason why you get it back after 2-3 days not everytime you restart , i assume you dont restart your pc once 2-3 days if you dont have a scanner with very detailed heuristics analysis , those type of adware wont be caught up since they are not always running in the background. if this is the case , we must look through your scheduled tasks to detect the source file. but first things first , try easy solution with process explorer.
as a last note some adware are not detected by scanners since they are legit business and have digital signature on their files.
Scan for rootkit as well. Kaspersky Lab, TDSSKiller has fixed up a few under my care.
Go into browser settings (all browsers) and look for search providers, add-ons, toolbars, accelerators and other un-needed/un-used *stuff* and disable/delete them.
Heys guys,
Thanks for all the great help.
I deleted all I could find and Malwarebytes actually found a malware the first time and dealt with it. However, the malware soon reinstalled (now under the name DiscountBomb) and keeps doing the same annoying stuff (even attempting to download stuff)
Everytime I run Malwarebytes now it only finds 3 potential threats, but doesn’t find malware anymore.
Here’s a screenshot of my programs running of startup (I used Sysinternals). Can anyone identify anything here?
Image has been uploaded to another site as Tinypic is not allowed.
~Madnezz4Ever~
Looks like you need a different image host….See here.
https://www..org/viewtopic.php?t=16484
Try what the other guys have suggested ( run in safe mode if possible )
combofix
http://www.bleepingcomputer.com/download/combofix/
rkill
http://www.bleepingcomputer.com/download/rkill/
tdsskiller
http://www.bleepingcomputer.com/download/tdsskiller/
adwcleaner
http://www.bleepingcomputer.com/download/adwcleaner/
junkware-removal-tool
http://www.bleepingcomputer.com/download/junkware-removal-tool/
Its malware that hides in both the ram and the hard drive, once its deleted it re installs on start up.. Combo fix is your answer, as I all ready mentioned..
i looked screen shot everything seems normal to me except that vpngui.exe and the start location of it , it doesnt have signature on file too , are you using vpn ?
also there is a software called “ares” installed on your system , it was an old p2p software as i remember , i got surprised when i see it. are you aware of the existence of that software ?
in addition , this “autoruns” software was not the one that i wanted , there is a process explorer on the link i have given. start your system , wait for 10-15 mins then run it as admin and paste screenshot again. especially the below part with blue color. along with it , screenshot of scheduled tasks from autorun software just 3 tabs near the your current screenshot. use combofix as a last solution , indeed it may fix problems but it is an advanced software and may cause harm in the hands of less experienced people and can make you pc unusable. on the other hand that “adwcleaner” is small and good software for removing crap , you can take a look at it if you havent tried.
vpngui is a program that start with the system and it’s very suspect. It has the name of a cisco program but runs in a very different directory. Try blocking it and check if the problem persists.
Security is the biggest MYTH in IT field, if you know what I mean