Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adchoices Wrecking Havoc - Please Help!

adchoice adchoices ad choices malware spyware malicious adware spam harmful laptop

  • Please log in to reply

#31
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
I don't know so lets skip it for now. Can you run a Malwarebytes scan for me when ever you get time.

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop

Post that log

Thanks
Joe :)
  • 0

Advertisements


#32
vidhya24

vidhya24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Joe, thank you! 

I managed to scan again with ESET Online Scanner - this time I stayed online, made sure I didn't go inactive for the screensaver to come on.

It took 2 and a half hours (from 11:00 - 1:30 am :( ) and detected the following:

( I unchecked everything you asked me to).

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Users\Vidya\Downloads\aolccusetup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Vidya\Downloads\gimp-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Vidya\Downloads\WinZip175.exe a variant of Win32/OpenInstall potentially unwanted application
C:\Windows\Installer\5b855ed.msi a variant of Win32/Systweak.L potentially unwanted application
 
As you can see, all are "potentially unwanted" save for 1 which is the Ask toolbar - which I choose not to install so wonder why it's showing up?
 
I have Malwarebytes on my system, use it virtually every day.
Here's the log of a scan I just ran:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/30/2014
Scan Time: 6:01:10 PM
Logfile: Malware.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.30.13
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Vidya
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340405
Time Elapsed: 25 min, 20 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
There seems to be NO MALWARE detected by Malwarebytes but it showed up yesterday. So far none today but I'm afraid it will rear its ugly head tomorrow
IMPORTANT QUESTION:
Should I reset my modem like an online malware removal expert told me to? Would it make any difference at all?
Also, how do you prevent java script errors? They seem to pop up more in firefox.
 
Thank You! :)

  • 0

#33
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Hello,

Yes, try resetting the modem / router if the problem reoccurs.

On the Java script errors those can be caused by Firefox extensions / add ons. That's the first place to start.

To test to see if extensions or add ons are causing problems you start Firefox in Safemode, not to be confused with windows Safemode Firefox has its own

See Here

There are some minor things in your online scan that should be removed.

delete files
  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
    rd /s /q "C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
    rd /s /q "C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
    rd /s /q "C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
    rd /s /q "C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
    rd /s /q "C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
    rd /s /q "C:\Users\Vidya\Downloads\aolccusetup.exe"
    rd /s /q "C:\Users\Vidya\Downloads\gimp-setup.exe"
    rd /s /q "C:\Users\Vidya\Downloads\WinZip175.exe"
    rd /s /q "C:\Windows\Installer\5b855ed.msi"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.
Let me know how things are,

Thanks
Joe :)
  • 0

#34
vidhya24

vidhya24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Thank you, Joe!

 

The delfie.bat window disappeared. 

 

Sorry I got a little busy with Halloween. Will run firefox in safe mode tomorrow and let you know.

So far, no AdChoices.... fingers crossed.  :happy:


  • 0

#35
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,085 posts
Sounds good !



index_zpsf3f416be.jpg



Thanks
Joe :)
  • 0






Similar Topics


Also tagged with one or more of these keywords: adchoice, adchoices, ad choices, malware, spyware, malicious, adware, spam, harmful, laptop

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP