Spyware or Malware, getting bad, personal information could be comprom
#16
Posted 08 November 2015 - 01:02 PM
#17
Posted 08 November 2015 - 04:05 PM
Here it is.
Attached Files
#18
Posted 09 November 2015 - 08:39 AM
#19
Posted 09 November 2015 - 05:24 PM
Sadly even in incognito mode I still get them.
#20
Posted 10 November 2015 - 08:37 AM
I will need to check the IP further as it appears to be in the US
#21
Posted 10 November 2015 - 03:16 PM
I still get everything, malware bytes blocking warning and pop ups, sometimes it opens a new window sometimes on the page i'm on and sometimes it opens a new tab and redirects the current tab i was on as well. It always requires me to click somewhere, anywhere on the browser page. It's random when it happens, not always, sometimes constantly 0.0 sometimes just a little.
#22
Posted 10 November 2015 - 03:30 PM
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5.Now reboot and use IE to get online is the alert still occuring ?
#23
Posted 10 November 2015 - 09:29 PM
Yeah still, before I was using chrome I got them in Firefox and Microsoft Edge then switched over to chrome because i liked it's settings better. I was using both firefox and Microsoft Edge at the same time comparing the two browsers since ME is new and was learning it's pitfalls.
#24
Posted 11 November 2015 - 08:14 AM
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
Reg: reg delete "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg add "HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
#25
Posted 11 November 2015 - 10:53 PM
0.0 . . . . . Thus far no popups . . . . no malware bytes blocking things . . . . so far so good.
Attached file.
So when it's within the network config, where exactly has it been working from within that? And how was it doing that? I'm curious as to how this thing worked.
And i'm guessing from all other scans, i had nothing else hiding on my laptop running in the background?
Thank you sooo much for your help thus far!
Blessings!!!
Attached Files
#26
Posted 12 November 2015 - 08:18 AM
#27
Posted 12 November 2015 - 04:19 PM
Note sure if you had more to say above or not as it seemed like your sentence got cut off there.
I'm getting some redirects, rarely but is happening. This time thus far is only when when in incognito mode in chrome.
Edited by Destiny000, 12 November 2015 - 05:05 PM.
#28
Posted 13 November 2015 - 06:35 AM
Hmm there does appear to be something missing, any ways
What redirects are you getting in Chrome ? Has MBAM been keeping quiet
#29
Posted 13 November 2015 - 09:41 AM
Malware Bytes is quiet. the redirect I keep getting is from this one which then redirects a different tab to various different pages where when you x out of the tab it asks if your sure you want to leave this page. The page that seems to do the redirect is this url: http://www.utrack.pw/sh/
#30
Posted 13 November 2015 - 11:51 AM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users