Hi, Recently my mate used my PC and now i get all the same ad on top of webpages, spotify and league of legends client which i thought was weird. Ive done a full scan with malwarebytes and it showed up with nothing. Done the same with avast and it showed up with nothing. Now i am wondering what else to do. Im going to do a scan in safe mode tonight and see if that brings up something. Any advice on this? Thanks
Anyways, check the installed programs for anything related, maybe run ccleaner and check all the boxes, sometimes programs reside in temp files
Are you suggesting that i use that on my friend or the PC? Because right about now I want to use it on my friend Hahaha. Anyways yeh ill use ccleaner and check all the boxes before i scan in safemode. Thanks
Reset your browser to the default settings, this will clean out any spyware cookies which is obviously a culprit from your description.
My methods are a bit on the extreme side....but I've had great success with my methods. Scan with Malwarebyte's Antimalware Scan with Panda Cloud Cleaner Scan with Comodo Cleaning Essentials Scan with RogueKiller Scan with TrendMicro's HouseCall (web-based virus scanner). Scan with Antivirus (I use Panda Cloud Antivirus Free but BitDefender, Avast or Kaspersky would work just as well) Comodo Cloud Scanner is good too.
No ComboFix. I expected better! OT: Reformatting is a very safe route. If you don't mind the data loss.
Hey all, well im not sure which did the trick but i ticked all the boxes in CC like @agent-101 suggested and removed those files. And scanned Avast in safemode, it picked up 2 things and ive now deleted those and the pesky ads are gone. Either way thanks for the inputs
In my experience, if running all of the aforementioned utilities doesn't solve the problem, Combofix won't either. If used properly, RogueKiller can save most systems on it's own. However, if the user is clueless, it can destroy an otherwise properly functioning system quite easily. I've relied on a lot of different utilities over the years to clean up infected systems and thus far, Combofix hasn't been added to my collection. Formatting isn't always effective. You have to know where the infection came from first. If it came from a frequently used flash drive, formatting a harddrive is only a short term solution. Also, in the past, we've seen "malware" that could remain in memory and thus be unaffected by a format. (The joys of NVRAM....) It's always better to be proactive, than reactive. Any anti-virus solution should be paired with a separate, effective, real-time malware scanner (such as Malwarebyte's AntiMalware Premium). There should also be an outbound firewall active. Add a bit of common sense on the part of the user to the mix and you'll reduce the risk of infection dramatically.
Malwarebytes and bitdefender are usually enough. If you have a stubborn rootkit then hijack this needs to be used. Usually does the job. Been using these products for almost 10 years now, never any problems.
To be perfectly honest, 90% of the time simply doing a thorough search of "Programs and Features" and removing everything and anything that he doesn't know about/looks suspicious will resolve these issues. Afterwards, go into any Addons/Extensions on the browser and "Disable" anything that (once again) is suspicious. Leave it alone if it's by Microsoft, Google, etc. Takes maybe a half hour to do. Just don't remove anything related to Visual C++, the .NET Framework, etc. EDIT: Another idea is to type "msconfig", go to "Services", click the "Hide all Microsoft Services" checkbox and search for suspicious services. Afterwards, check the "Startup" tab and disable the startup of the programs in question. Usually this is also caused by a service and/or program running in the background that's injecting ads into HTTP requests, hence why it's showing up on anything that uses a webpage. If you wouldn't mind, provide a list of installed programs. To do this, launch PowerShell (WIN+R, "powershell"), and type the following command: Code: Get-WmiObject -Class Win32_Product | Select-Object -Property Name
I don't want to sound objectionable but I find few of the solutions here to be adequate. The more popular a malware counter utility the more often they're circumvented. Hijack this is probably the more thorough (IMHO) solution suggested here but even at that it's countered by some of the most common of infections. Antimalware/malwarebytes is in my experience no where near as good as it used to be. The advice I always offer is to run 'system explorer' <clicky. It's great tool that allows processes to be stopped, paused restarted via its GUIwithout closing system critical process, you can explore which dynamic links are being accessed and close them. You have to google many of them of course unless you're genius that just happens to know what they do. It can be laborious but it's by no means an automated scan and hit or miss like the majority of anti malware proggies are. Just my opinion of course.
Hijackthis is nearly useless anymore. A lot of malware hides behind legitimate services. Hijackthis won't help at all with these infections. Combofix is supposedly updated with new routines to detect and remove malware as it appears. The downside is that it's an automated utility and can cause problems itself. It's also quite easy for new malware to prevent from running. Anything that requires the user to make a decision, is generally bad. No anti-malware utility is going to maintain it's effectiveness forever. The more popular the utility becomes, the harder malware writers work to circumvent it. It's no different for antivirus software.
yup, manual removal. Kind of what I was getting at with the tool I suggested. I do find Hijackthis to be informative still as a reference.
a specialized tool for each malware would be the best method but at this point that would be unreasonable. General purpose anti-malware software will always have a limited usability period. manual removal is too tedious for most users. Hijackthis is informative? I've been dealing with malware for the last few days that Hijackthis can't even find the registry keys for. Hijackthis is no more informative than CCleaner. RogueKiller is more effective. It lists unknown files and registry keys as well as known malicious files and registry keys. Then it allows the user to decide whether or not to remove each one. It also scans for known rootkits, displays the contents of the hosts file (which Hijackthis can't even read half the time) and provides MBR data. It'll also attempt to kill known malicious processes.
Nothing wrong with Hijack this, if your know what your doing with it. Works great and can only help against malware. Ive been using it for years and will continue to use it. I will check out that Rogue killer though that you mentioned.