Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow computer - adware? [Solved]


  • This topic is locked This topic is locked

#16
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi Canary. Using join.me will not be a problem. There were some files related to it in your OTL log so I wanted to make sure they weren't malicious. Your OTL log is now clean. Also your Kaspersky log is clean too. Yes definitely follow those instructions on Botcrawl - specifically the relevant one looks like this one. You are using Firefox right? Are there problems in other browsers or just Firefox?
  • 0

Advertisements


#17
Canary

Canary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts

Hi Canary. Using join.me will not be a problem. There were some files related to it in your OTL log so I wanted to make sure they weren't malicious. Your OTL log is now clean. Also your Kaspersky log is clean too. Yes definitely follow those instructions on Botcrawl - specifically the relevant one looks like this one. You are using Firefox right? Are there problems in other browsers or just Firefox?


I THINK it's just Firefox - but I'll check Internet Explorer tomorrow when I get access to his PC again.

You say the Kaspersky log is clean - does that mean the issues it found were false positives? I think it said there were 18 issues when it finished the scan.

Thanks, as ever.
  • 0

#18
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts

You say the Kaspersky log is clean - does that mean the issues it found were false positives? I think it said there were 18 issues when it finished the scan.

KSS scans for not just viruses/malware but potential insecure computer settings and vulnerable programs as well. The malware it picked up was just stuff in a MS Security Essentials folder so they're nothing to worry about.
  • 0

#19
Canary

Canary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
Great - many thanks.

I'll look at that Botcrawl thing tomorrow and let you know how I get on (if you're interested, that is!).

Otherwise, is that it, as far as you're concerened?
  • 0

#20
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Let's wait to see if you are able to fix the blue links first. Also we have to clean up but that should wait until there aren't any more symptoms.
  • 0

#21
Canary

Canary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
OK - thanks. Till tomorrow!
  • 0

#22
Canary

Canary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
Hi,

I had a look at the Firefox add-ons, and there was one there called TV Genie, which seemed a bit strange.

I disabled and deleted it, and that immediately sorted out the problem of rogue advertising.

So I think we're all clear!

Is there anything else I need to do?

Many thanks for all your help.
  • 0

#23
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
So TV Genie was not installed by you? I saw it in the OTL log but I assumed it was there intentionally. Perhaps I will add this to my list of bads. Even has a legit looking website.

Now that we're done scanning for and disinfecting malware it's time to clean up. I noticed you have outdated java and adobe reader apps. You will want to upgrade these to prevent possible infection through these apps in the future. Also I would recommend uninstalling Java if you don't use it since it can have security holes.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application or just remove it without upgrading (recommended).

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • The next steps are only if you want to install Java (not recommended unless you need it)
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa

Upgrading Adobe Reader:
  • For XP: Go to Start Menu --> Control Panel --> Add or Remove Programs
  • For Vista/7: Go to Start Menu --> Control Panel --> Programs and Features
  • Scroll to and select the Adobe Reader entry
  • Click Remove or Uninstall
  • Follow the instructions
  • Go to this site: http://get.adobe.com/reader/ or http://www.foxitsoft...ure_PDF_Reader/ for Foxit Reader (I prefer Foxit - it is less targeted by malware and allows pdf form editing)
  • Download and install the newest Adobe Reader (or Foxit)

Please use your computer a couple hours at least and make sure there are no remaining symptoms. If there are no symptoms proceed with the following instructions. One final step to take in disinfecting your computer is to purge all system restore points. This ensures that you will not get reinfected by files hiding in the system restore points. To do this follow these instructions:

  • Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [CREATERESTOREPOINT]
  • Then click the Run Fix button at the top
  • OTL may ask to reboot the machine. Please do so if asked.
  • Post the log it produces in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run. Make sure to grab the contents of this file before following the cleanup procedure described next.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image

You can now remove all the tools that were used to disinfect your computer by running OTL and clicking the CleanUp button.

Now that your computer is disinfected it is important to keep it that way. What follows are guidelines to keeping your computer malware-free.

You absolutely must have an antivirus program installed. This is important because the antivirus program runs in the background of the computer and prevents viruses from both infecting the computer and doing malicious things to the computer. This can prevent many infections in the first place. Just as a city without police would be chaotic so would a computer with an anti-virus program. I recommend the free programs Avira AntiVir Personal and avast! Free Anti-Virus . Also make absolutely sure to only have one anti-virus installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

It is also advised to have an anti-spyware program as well. I recommend the paid version of Malwarebytes' Anti-Malware. This program complementing your anti-virus can protect your computer from most infections out there. Make absolutely sure to only have one anti-spyware installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

A program to complement your anti-virus and anti-spyware with passive protection is SpywareBlaster. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run SpywareBlaster
  • Click Updates on the left of the screen
  • Click the 'Check for Updates' button and let the program update
  • Click 'Protection Status' on the left of the screen
  • Click 'Enable All Protection' on the bottom of the screen and SpywareBlaster will implement its protection
  • Exit the program
Another program to add additional protection is Spybot Search and Destroy. It works similar to SpywareBlaster by providing passive protection. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run Spybot S&D
  • Click "Search for Updates"
  • Click "Continue"
  • Click "Download" - ignore if it says "please select some update files from the list first"
  • Click "OK" in update window if it prompts you
  • Click "Exit" in update window when update finishes or if Spybot said "please select some update files from the list first"
  • Go back to Spybot main window
  • Close Internet Explorer/Firefox/Chrome if they are open
  • Click "Immunize"
  • Wait for the progress meter to complete
  • Click the "Immunize" button with the plus sign next to it towards the top of the window
  • Wait for the progress meter to complete
  • Close the program
And one last program to add additional protection is Panda USB vaccine. This program disables the autorun rile on removable devices. You can vaccinate both a computer and a removable device. To download and run refer to here.

Another important thing to have installed is a firewall to secure communications to and from your computer. The firewall prevents inbound communications from the Internet to your computer that could be malicious in nature. Some firewalls also regulate outbound communications from your computer to the Internet that could be malicious as well. Inbound communications can take advantage of security holes in software running on your computer to gain control of your computer and infect you with malware. Outbound communications can be from malware on your computer to malicious websites on the Internet, containing information about your computer usage and even your passwords. For these reasons it is essential to the security of your computer to install a firewall. Make sure to only install one firewall as any more than that would prove to be redundant - one firewall is just as effective as multiple ones. Also more than one firewall could cause software conflicts. This applies to the Windows firewall as well - if you use a third-party firewall make sure to disable the Windows firewall. I recommend ZoneAlarm Free Firewall or Comodo Firewall.

Besides these measures, an equally important step to take to protect your computer from malware is to update all programs regularly including Windows Updates. Windows, Java, Adobe Flash, PDF readers, and other programs have security holes in them that leave your computer vulnerable to malicious code from hackers that could infect your computer with malware when taken advantage of. Updates close these holes. For this reason it is important to always update programs when prompted. Windows Updates is enabled by default in Windows and Java, Flash, and others have auto-update programs enabled by default as well. You will not have to worry about setting up the auto-update feature for these programs unless you altered the settings to begin with. Make sure as well to never update a program via e-mail - companies will never send e-mails to update their products. In order to help you update programs you might want to download and run FileHippo.com Update Checker from here. This program will tell you which programs need to be updated.

One last thing to consider is to exercise caution when browsing the web and viewing e-mails. Try to stay away from non-reputable websites including websites for software piracy and pornography. By staying away from these websites you decrease your chances of malware infection significantly. To help you exercise caution in your browsing habits you can download and install Web of Trust into your web browser here. This program will install in your browser and color code the website you are viewing to inform you if it is safe or not; green means safe, yellow means proceed with caution, and red means danger. Viewing e-mails should also be done with caution. If you don't recognize an email as one from a known or requested source then you will be safer to avoid opening it. File attachments should be opened only with extreme caution as they can contain files that exploit security holes on your computer and infect you with malware. Never open an attachment unless you are expecting it or you verify that the sender intended to send it to you. Also make sure to scan the attachment before opening it.

You might want to use an alternate browser than Internet Explorer. Firefox and Google Chrome are excellent candidates. They are more secure than Internet Explorer and are just as functional. You can download Google Chrome here and Firefox here.

Something just as important as preventing infection by malware is to backup your data. You can read about different methods here.

Some articles you might be interested in reading to reiterate points I have addressed in this post as well as make new points follow:
By following these steps you should ensure that you most likely will never get infected with malware again. Good luck and safe browsing!

-Josh
  • 0

#24
Canary

Canary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
Hi - sorry about the radio silence.

I'm still waiting to get access to the computer in question again.

Thanks.
  • 0

#25
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
NP will wait :)
  • 0

Advertisements


#26
Canary

Canary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
Hi again,

I'm not going to get access to the computer in question until next weekend.

Can we keep this thread open until then, or would you rather we closed it now?

Thanks
  • 0

#27
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
We can keep it open NP.
  • 0

#28
Canary

Canary

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 159 posts
Hi,

I've now done all the things you suggested, and made sure the computer is protected. I've opted for Microsoft Security Essentials, as it's the one I use on my own computer and I've never had a problem with it.

Here's the final OTL log:


========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06282013_115144



Just one other thing - you said you thought that TV Genie might have been deliberately installed. But what alerted me to it when I checked the Firefox add-ons was that earlier in the process, when you asked me to run an ADW Cleaner scan, the log stated the following: "Folder Deleted : C:\Program Files (x86)\TVGenie"

So I figured that if ADW Cleaner didn't like TV Genie, for whatever reason, then there was a good chance that it was that add-on that was causing problems.

Anyway, sorry once again for the delay in getting back to you. Is this process now complete?

Thanks for all your help.
  • 0

#29
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts

So I figured that if ADW Cleaner didn't like TV Genie, for whatever reason, then there was a good chance that it was that add-on that was causing problems.

ADWCleaner cleans adware/spyware which isn't as bad as viruses and rootkits and other malware but can still cause problems like in this situation.

Anyway, sorry once again for the delay in getting back to you. Is this process now complete?


Yes it is! We win :) Let me know if you have any questions. I will now close the topic.
  • 0

#30
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP