Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • Enterprise 1701C
    • By Enterprise 1701C 24th Jan 17, 9:04 PM
    • 18,119Posts
    • 192,806Thanks
    Enterprise 1701C
    Malware problem
    • #1
    • 24th Jan 17, 9:04 PM
    Malware problem 24th Jan 17 at 9:04 PM
    As above I have a problem with malware. For the last few days I have had a recurrence of the same problem. My laptop is fine in the morning, come the evening the web browsers start playing up and I scan with Malwarebytes and have to remove 27 items. I am guessing there must be something left on my laptop after the items are quarantined but I cannot find it.

    The other evening I thought I would stay ahead of it, scanned it with Malwarebytes and it was clear, half an hour later the problems started up, scanned it again and there was 27 items to be removed. Can't guarantee it is the same every time but there must be a time trigger there somewhere.

    I am using a Windows 10 i3 HP Pavillion, if more details are needed I will have to check.

    This is the detail of what Malwarebytes found tonight.

    Any help would be appreciated.





    What is this life if, full of care, we have no time to stand and stare
Page 1
    • spud17
    • By spud17 24th Jan 17, 9:51 PM
    • 4,186 Posts
    • 1,925 Thanks
    spud17
    • #2
    • 24th Jan 17, 9:51 PM
    • #2
    • 24th Jan 17, 9:51 PM
    ADWCleaner from Malwarebytes, should clean up any problems with your browsers.

    https://www.malwarebytes.com/adwcleaner/

    Download, install and scan, should only take minutes.

    It will reboot and show a log of any infections, you can post the log on here for further help.
    The trojan DNS changer is a bit worrying, but wait and see what ADWCleaner finds.
    After 10+ years on here, for the first time, I've been forced to put 2 usernames on my ignore list, in reality it's just one person ignored.
    • Enterprise 1701C
    • By Enterprise 1701C 25th Jan 17, 8:46 AM
    • 18,119 Posts
    • 192,806 Thanks
    Enterprise 1701C
    • #3
    • 25th Jan 17, 8:46 AM
    • #3
    • 25th Jan 17, 8:46 AM
    Thank you so much, how did I not know that existed

    I don't pretend to know the ins and outs of the software, but I know enough to have sat down removing ransomware bit by bit off my old laptop after lending it to my daughter! I really thought I was fairly savvy, this is a bit of a slap in the face

    Anyway, thanks for your help. This is the log, unfortunately a bit untidy as it went across more than the whole page.











    What is this life if, full of care, we have no time to stand and stare
    • GunJack
    • By GunJack 25th Jan 17, 8:57 AM
    • 9,530 Posts
    • 7,110 Thanks
    GunJack
    • #4
    • 25th Jan 17, 8:57 AM
    • #4
    • 25th Jan 17, 8:57 AM
    on top of those two, do a windows disk cleanup, followed by ccleaner (cleaner & registry elements) and manually check your browsers for add-ons/extensions etc. and remove if required. Then run ADWCleaner and MBAM again......the problem being that some of that stuff will sit in temp files and re-activate next time around if you don't fully clean up. Takes a bit of time but worth it
    ......Gettin' There, Wherever There is......
    • Sicard
    • By Sicard 25th Jan 17, 9:58 AM
    • 561 Posts
    • 474 Thanks
    Sicard
    • #5
    • 25th Jan 17, 9:58 AM
    • #5
    • 25th Jan 17, 9:58 AM
    In the old days with something like XP nasties could lurk in system restore. I don't know if that's still possible.

    As above but I also use Rogue Killer and Junkware Removal Tool which sometimes picks up things ADWCleaner doesn't.
    Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.
    Isaac Asimov
    • Colin_Maybe
    • By Colin_Maybe 25th Jan 17, 10:35 AM
    • 748 Posts
    • 330 Thanks
    Colin_Maybe
    • #6
    • 25th Jan 17, 10:35 AM
    • #6
    • 25th Jan 17, 10:35 AM
    And if the above suggestions don't solve it then work through the following:

    https://malwaretips.com/blogs/malware-removal-guide-for-windows/

    If it survives that little lot then I'd take a sledgehammer to your hard drive
    • Enterprise 1701C
    • By Enterprise 1701C 9th Mar 17, 7:47 PM
    • 18,119 Posts
    • 192,806 Thanks
    Enterprise 1701C
    • #7
    • 9th Mar 17, 7:47 PM
    • #7
    • 9th Mar 17, 7:47 PM
    I am starting to get annoyed about this, it keeps recurring. Not every night, but frequently, in spite of going through the whole regime each time. I have reduced it to Mbam - adware cleaner - Mbam as it seems to do as much as the whole lot.

    Any further hints please. I do have AV in the form of Windows Defender which, I believe, is due to be upgraded to help with this sort of thing.

    My main browser is Edge, I find it (normally) quick and simple.
    What is this life if, full of care, we have no time to stand and stare
    • dipsomaniac
    • By dipsomaniac 9th Mar 17, 7:56 PM
    • 5,509 Posts
    • 2,085 Thanks
    dipsomaniac
    • #8
    • 9th Mar 17, 7:56 PM
    • #8
    • 9th Mar 17, 7:56 PM
    if it was my laptop i would do a factory reset or format/clean install of os
    "The Holy Writ of Gloucester Rugby Club demands: first, that the forwards shall win the ball; second, that the forwards shall keep the ball; and third, the backs shall buy the beer." - Doug Ibbotson
    • Enterprise 1701C
    • By Enterprise 1701C 9th Mar 17, 8:17 PM
    • 18,119 Posts
    • 192,806 Thanks
    Enterprise 1701C
    • #9
    • 9th Mar 17, 8:17 PM
    • #9
    • 9th Mar 17, 8:17 PM
    if it was my laptop i would do a factory reset or format/clean install of os
    Originally posted by dipsomaniac
    Unfortunately that is not currently an option. We will be buying a home cloud shortly, will be able to back up everything and then do a restore, but have always considered that to be a last resort, have always felt, whether rightly or wrongly, that it damages the disc to a small extent.

    Don't get me wrong, we do have most things backed up currently, just ran out of storage so we are reduced to using DVDs at the moment.
    What is this life if, full of care, we have no time to stand and stare
    • debitcardmayhem
    • By debitcardmayhem 9th Mar 17, 8:51 PM
    • 8,081 Posts
    • 6,110 Thanks
    debitcardmayhem
    https://toolslib.net/downloads/viewdownload/1-adwcleaner/
    then
    http://www.bleepingcomputer.com/download/junkware-removal-tool/
    then malwarebytes
    then remove temp files etc with windows cleanup and ccleaner .
    Personally I would use another antivirus product eg bitdefender/avira/avast , although many say that windows defender is enough not my thoughts though.
    I would also suggest using a modified host file and adblock/ublock but again that is my opinion only.
    Last edited by debitcardmayhem; 09-03-2017 at 8:52 PM. Reason: temp files
    • grumpycrab
    • By grumpycrab 9th Mar 17, 10:41 PM
    • 3,021 Posts
    • 1,344 Thanks
    grumpycrab
    I've just suffered a malware attack. Fixed after going through various anti-malware progs more than once...damn annoying but I won't repeat what I did - its already been covered above.
    My conclusions :-
    1. a single AV product is not sufficient on its own; (but a good url scanning AV product is Kaspersky)
    2. Firefox + noscript add-on is a good combination to use if you believe java scripting is a source of malware

    If you don't have the time to fix your issue I'd do a "windows 10 reset with keep data option"; or could even try a system restore (but note that Anniversary disabled this and so you may not have as many/any restore points to restore too!); note the reset option loses program installations.
    Last edited by grumpycrab; 09-03-2017 at 10:45 PM.
    Hi, we’ve had to remove your signature because somebody complained that the information contained within it was too helpful.
    • dipsomaniac
    • By dipsomaniac 10th Mar 17, 10:11 AM
    • 5,509 Posts
    • 2,085 Thanks
    dipsomaniac
    I've just suffered a malware attack
    Originally posted by grumpycrab
    out of interest, do you know the source of the attack?

    i can't remember having any viruses but maybe had a malware attack in the past. if anything goes wrong i just do a clean install as that is the only way to guarantee that everything gets cleaned. it is a lot easier when all you data is on a server and onedrive, dropbox, google music/photos and nothing except programs on pc. also a great opportunity to have a clear out.

    i didn't know about a clean install damaging the drive until op mentioned it. just google it and the experts reckon you would have to do 100,000 installs to wear out ssd drive
    Last edited by dipsomaniac; 10-03-2017 at 10:25 AM.
    "The Holy Writ of Gloucester Rugby Club demands: first, that the forwards shall win the ball; second, that the forwards shall keep the ball; and third, the backs shall buy the beer." - Doug Ibbotson
    • pendragon_arther
    • By pendragon_arther 11th Mar 17, 9:48 AM
    • 1,202 Posts
    • 1,334 Thanks
    pendragon_arther
    Also run a scan with a rootkit cleaner. MBAM do one. Plus delete all your restore points and scan again with MBAM and AdwCleaner.
    “Learn from the mistakes of others. You can never live long enough to make them all yourself.”
    ― Groucho Marx
    • johndough
    • By johndough 11th Mar 17, 10:34 AM
    • 617 Posts
    • 237 Thanks
    johndough
    Unfortunately that is not currently an option. We will be buying a home cloud shortly, will be able to back up everything and then do a restore, but have always considered that to be a last resort, have always felt, whether rightly or wrongly, that it damages the disc to a small extent.

    Don't get me wrong, we do have most things backed up currently, just ran out of storage so we are reduced to using DVDs at the moment.
    Originally posted by Enterprise 1701C
    Hi

    How clean are your backups?

    If you have data on DVD's and an external storage device could they not have infections on them?

    I think you need to scan everything, otherwise you may be cleaning out something that will just get replaced from backup.
    • Bullish
    • By Bullish 11th Mar 17, 10:26 PM
    • 7 Posts
    • 1 Thanks
    Bullish
    If you have access to another computer then I would look at getting a recovery disk from the likes of Kaspersky or Avira and booting from that. This would help get rid of nasties that lurk around and are hidden while Windows is running. Both are free to get.
    • Tarambor
    • By Tarambor 11th Mar 17, 10:57 PM
    • 767 Posts
    • 482 Thanks
    Tarambor
    have always felt, whether rightly or wrongly, that it damages the disc to a small extent.
    Originally posted by Enterprise 1701C
    Its never done that, ever in the history of hard drives.
    • Enterprise 1701C
    • By Enterprise 1701C 15th Mar 17, 8:35 PM
    • 18,119 Posts
    • 192,806 Thanks
    Enterprise 1701C
    Interesting chat going on here lol

    Anyway, I think I have solved the malware issue.

    Whilst I have not made it go away, I have found a way to avoid it.

    It seems to be on a time trigger, about 19:45 each night, so I have changed the time on my laptop and so far it has not shown it's face tonight. At least that keeps it in check for the time being.
    What is this life if, full of care, we have no time to stand and stare
    • debitcardmayhem
    • By debitcardmayhem 15th Mar 17, 8:48 PM
    • 8,081 Posts
    • 6,110 Thanks
    debitcardmayhem
    Interesting chat going on here lol

    Anyway, I think I have solved the malware issue.

    Whilst I have not made it go away, I have found a way to avoid it.

    It seems to be on a time trigger, about 19:45 each night, so I have changed the time on my laptop and so far it has not shown it's face tonight. At least that keeps it in check for the time being.
    Originally posted by Enterprise 1701C
    search for task scheduler , then delete it(the task of course)
    • Enterprise 1701C
    • By Enterprise 1701C 15th Mar 17, 9:13 PM
    • 18,119 Posts
    • 192,806 Thanks
    Enterprise 1701C
    search for task scheduler , then delete it(the task of course)
    Originally posted by debitcardmayhem
    Thank you, spent ages trying to decide where the trigger would be

    Anyway, think I got it, when I clicked on it it triggered the AV too, it resisted a little, even replicated twice, but I have gone back into the task scheduler and it no longer appears to be there so fingers crossed
    What is this life if, full of care, we have no time to stand and stare
    • Heedtheadvice
    • By Heedtheadvice 16th Mar 17, 10:36 AM
    • 420 Posts
    • 198 Thanks
    Heedtheadvice
    ^^ good suggestion above.

    Let's hope that is you fixed......
    .......
    Last edited by MSE ForumTeam5; 25-03-2017 at 11:12 AM. Reason: Quoting deleted post
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

3,037Posts Today

8,095Users online

Martin's Twitter