Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infectected with adware in search engines


  • Please log in to reply

#1
noluiz

noluiz

    New Member

  • Member
  • Pip
  • 8 posts

My search engine Microsoft edge is often very slow so installed google chrome on windows 10, which is better and was a pain to say the least to install this.

I keep getting popups when I use my search engines usually adware or saying I'm infected by other internet security and I need to update eg .NET Framework 3.5 (includes .NET 2.0 and 3.0) etc.

 

I'm not very technical but always unsure what I do need to update or what is a Trojan so I always reject them.

 

I'm currently using Bitdefender 2016 but my computer was infected before I installed this and the issue still remains I was thinking about installing Norton instead but I'm not sure if this would rectify this.

 

Please can anyone help ?

 

I have attached the results from the Farbar recovery scan tool.

 

 

 

 

 

Attached Files


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Uninstall:

 

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
 
 
The Desktop Weather 2.0.1.11332 (HKLM\...\WeatherTool) (Version: 2.0.1.11332 - ShenZhen Enode Techology co,.Ltd) <==== ATTENTION
 
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     

     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     

    • 0

    #3
    noluiz

    noluiz

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Hi, Thank so much RKinner for replying.

    I have attached the 2 reports but I'm still getting some popups, do I need to change my internet security?

    Attached Files


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

     

     

    Which browsers do you get popups in?


    • 0

    #5
    noluiz

    noluiz

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Google via Explorer

     

    If this helps the popups are, PC KEEPER, PS4. but mainly from gad.ridculesdamningly.com. when they pop up there's no decline only Allow once and Always but I have to close the tabs and restart.


    • 0

    #6
    noluiz

    noluiz

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Attached File  Addition 3.txt   37.77KB   164 downloadsAttached File  FRST 3.txt   120.87KB   158 downloads


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
     
    Download the attached fixlist.txt to the same location as FRST
     
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
    Reboot if it doesn't automatically do it.
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
    I'm leaving on my trip now.  May be on line this evening.  Depends on the hotel
     
     
     

    • 0

    #8
    noluiz

    noluiz

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Attached File  Fixlog.txt   16.4KB   115 downloadsAttached File  FRST 4.txt   119.42KB   139 downloadsAttached File  Addition 4.txt   33.79KB   164 downloads


    • 0

    #9
    noluiz

    noluiz

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Thank you once again, have a nice trip.


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    OK.  I'm back.  Any improvement after the last fix?  You were running a DNS that was serving up ads. The fix took it out but sometimes they come back.  Did you reboot before running the new FRST scan?  

     

    Please download MiniToolBox, save it to your desktop and run it.
     
    Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
     
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

    • 0

    #11
    noluiz

    noluiz

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Its so much better, just had the odd popup. To be honest I cant really remember if I reboot before running the new FRST scan.  

    Attached Files


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    You are now using your router as the DNS server so that's as it should be.  

     

    I see a lot of Bonjour errors.  Don't really think it's compatible with WIndows 10 so I would uninstall it.  It's not something you really need.

     

    Let's see if we can fix some of the other errors:

     

    Open an elevated command prompt:
     
     
    If you open an elevated command prompt it will by default open in c:\Windows\system32
     
    Once you have an elevated command prompt:
     
    Now Type(with an Enter after each line):
     
     
    DISM  /Online  /Cleanup-Image  /RestoreHealth
     
     (I use two spaces so you can be sure to see where one space goes.)
    This will take a while to complete.  Once the prompt returns:
     
    Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
     
    sfc  /scannow
     
     
     
    This will also take a few minutes.  
     
    When it finishes it will say one of the following:
     
    Windows did not find any integrity violations (a good thing)
    Windows Resource Protection found corrupt files and repaired them (a good thing)
    Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
     
    If you get the last result then type:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 
     
    Hit Enter.  Then type::
    
     notepad  \junk.txt. 
     
     Copy the text from notepad and paste it into a reply.
     
     
    After you finish SFC, regardless of the result:
     
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     
    Which browser did you get the pop up in?
     
    You might want to try adblock plus
     
    just go to
    with your browser and get the add-on.  (For IE it's an actual program you have to download and install)

    • 0

    #13
    noluiz

    noluiz

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Sorry for the delay, there were no integrity violations, which was good.

     

    The popup was in google, it opens another tab which says ps4 something,  it redirects me to another page but I close the tab before it loads and restart the computer. but it hasn't popped up since I last messaged you. hopefully its sorted.

     

    Will it keep the computer clean or do I have to run certain ones when an issue surfaces?

     

    Attached Files


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    You posted the system log twice.  Can you post an Application log?

     

    AdBlockPlus will remove most ads before you see them.  Some ads have been found to be infected so that's a good thing plus the pages usually load faster without the ads.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP