| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 139248 | 2015-04-01 07:53:00 | Virus popup checklist | Tbird650 (6754) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1397808 | 2015-04-01 07:53:00 | I've been helping a friend battle with annoying popups virus. It attaches ads to Ebay and Trademe. It's driving the guy nuts. Dealspro is one name I recall of the ad-ons. I've dealt with it twice as well as someone more proficient looked but the problem keeps reappearing. I think either he's going back to the same sites or we haven't toally eliminated all the parts of the malware. Steps taken: Disable any suspect startup programs, etc Ccleaner. Uninstall unwelcome/unwanted dealspro etc programs Ccleaner Cleanup temp files Ccleaner Registry clean up Ccleaner Delete folders belonging to popup (in program files). Edited registry of popup entries (by name). Delete system restore points. Empty recycle bin. Reset IE Virus scan Malwarebytes What am I missing from the list? I'm due to revisit the guy and will take a list and systematically approach the issue. Thanks, most appreciate any tips. PS. I must check for any added extensions to IE icon address.. making a note. |
Tbird650 (6754) | ||
| 1397809 | 2015-04-01 08:19:00 | Along with what you already have done, you need to run: Run hitman pro www.bleepingcomputer.com While there, scroll down the bottom of the page, get combo fix and JRT & AdwareCleaner as well. You may also want to run RogueKiller www.bleepingcomputer.com And just for the hell of it EEK in FULL scan mode www.emsisoft.com Also run TFC, similar to Ccleaener but goes deeper where Ccleaner cant www.bleepingcomputer.com That'll keep ya busy for around 4 -5 hours :D |
wainuitech (129) | ||
| 1397810 | 2015-04-01 20:45:00 | Yep it can be incredibly time consuming. If you end up doing this very often for friends you might want to consider imaging it when it's fixed and telling them if you have to fix it again it's going to be a restore from the image losing any un backed up files they've added since. I don't mind helping friends out but losing half a day on a regular basis gets annoying. One time I sold a friend a computer and it lasted 3 days and came back completely unusable thanks to malware. Took me a whole day to fix it and I wish I'd just started over. Another good free tool you can use on a PC that's still accessible is the free online scanner from NOD32. More recently I got You don't mention an anti-virus, I take it they have something? Maybe they need to consider a better one. |
dugimodo (138) | ||
| 1397811 | 2015-04-01 21:58:00 | also .... :) Check the IE , FF shortcuts. Sometimes malware changes the shortcut eg something like C:\Program Files\Internet Explorer\iexplore.exe popups it should be just "C:\Program Files\Internet Explorer\iexplore.exe" Also reset FF & Chrome Use FF or chrome instead of IE Check internet settings for proxies check the DNS ,at a cmd prompt ipconfig /all . Then do a google on that DNS & see who it belongs to. Have a look in scheduled tasks (worth a look, doesnt take long) run hijackthis & see whats wanting to run when Win starts msconfig : see whats trying to load up on startup run rootkit scanners, tdsskiller & another one . Use FF with an addblocker is the best way to put an end to add's (once the PC is cleaned up) |
1101 (13337) | ||
| 1397812 | 2015-04-02 06:12:00 | Thanks team. I applied most of things today. Combofix looked like it worked well. I'd used it before, some years ago and had quite forgotten about it. Java was out of date with 8, 25 and latest is 8, 40. I recall that was a security issue. Also I added all 15+ optional MS updates except Netframework. I'd best follow up with the extra tips shortly. I edited the list to include other suggestions: Boot to safe mode with networking... Virus scan Malwarebytes Combofix Disable any suspect startup programs, entries, etc Ccleaner, MSconfig Cleanup temp files Ccleaner Registry clean up Ccleaner Delete folders belonging to popup (in program files). Edited registry of popup entries (by name). Delete system restore points. Empty recycle bin. Reset IE Uninstall unwelcome/unwanted (dealspro etc) programs Ccleaner Check IE shortcuts for address extensions. Check internet settings for proxies. Check the DNS ,at a cmd prompt ipconfig /all Check scheduled tasks Hijackthis rootkit scanner, tdsskiller Update Windows, Java Have a checkover of the list. Perhaps comment on order of tasks could be helpful too. Thanks. |
Tbird650 (6754) | ||
| 1397813 | 2015-04-02 08:06:00 | I uninstall with revo as it goes deeper. | gary67 (56) | ||
| 1397814 | 2015-04-03 07:21:00 | Good thought on revo. It's better than I remembered. I tried it out on own PC in safe mode.. Could be handy. OK, I rehashed the checklist. The thought is it could help someone about to battle with Pop ups, viruses etc. It could empower victims with a fighting chance! Boot to safe mode with networking... F8 before splash screen at boot. Virus scan, download Malwarebytes Combofix, JRT & AdwareCleaner from Bleeping computer Disable any suspect startup programs, entries, etc Ccleaner, MSconfig Cleanup temp files Ccleaner or TFC Registry clean up Ccleaner Delete folders belonging to popup (in program files). Edited registry of popup entries (by name). Delete system restore points. Ccleaner Empty recycle bin. Reset IE (or swap browser) Uninstall unwelcome/unwanted (dealspro, luckyshopper etc) programs Ccleaner, or with revo Check IE shortcuts for address extensions. Check internet settings for proxies. Check the DNS ,at a cmd prompt ipconfig /all Check scheduled tasks Hijackthis rootkit scanner, tdsskiller Check 'Manage add-ons' is clear of unwanted entries. Check System Restore is 'on'. Update Windows, Java Update resident Antiivirus |
Tbird650 (6754) | ||
| 1397815 | 2015-04-03 07:50:00 | Maybe check his modem firewall is properly configured, as well as a software firewall. | Paul.Cov (425) | ||
| 1397816 | 2015-04-04 10:44:00 | Maybe check his modem firewall is properly configured, as well as a software firewall.Good thought. He has fibre so will be the first time I've seen the modem settings. Windows firewall is a very likely target for unwanted exceptions. Here I'm thinking the registry search step should have sorted them but good call to check. Actually I'm finding it quite helpful to list the steps and tick off the items as I go. This way the job can be more thorough. I know the chap is much more hesitant to click on links now and he needs to be more cautious. Indeed it's not always easy to determine whether a given clickable link is malware in disguise. While I think of it I must educate him on how to view a links' address string. What we might take for granted some folk don't seem to be aware of. Boot to safe mode with networking... F8 before splash screen at boot. Virus scan, download Malwarebytes Combofix, JRT & AdwareCleaner from Bleeping computer Disable any suspect startup programs, entries, etc Ccleaner, MSconfig Cleanup temp files Ccleaner or TFC Registry clean up Ccleaner Delete folders belonging to popup (in program files). Edited registry of popup entries (by name). Delete system restore points. Ccleaner Empty recycle bin. Reset IE (or swap browser) Uninstall unwelcome/unwanted (dealspro, luckyshopper etc) programs Ccleaner, or with revo Check IE shortcuts for address extensions. Check internet settings for proxies. Check the DNS ,at a cmd prompt ipconfig /all Check scheduled tasks Hijackthis rootkit scanner, tdsskiller Check 'Manage add-ons' is clear of unwanted entries. Check modem and windows firewall settings. Check System Restore is 'on'. Update Windows, Java Update resident Antiivirus |
Tbird650 (6754) | ||
| 1397817 | 2015-04-04 20:27:00 | No need to run all of those scans. Get a copy of process explorer and autoruns. You should be able to see where they are running and where from and delete them manually. |
CYaBro (73) | ||
| 1 2 | |||||