Nasty Trojan, Avast didn't even see it, please help

misshaversham

It's all my fault. I never do load freebies from Internet but just this one time I was searching for an epub books and a link offered it for free. The link added an app calling itself 'simple downloads' , then pages I opened started changing themselves to sports or betting sites, also competition pages telling me I've won and looking for my details... It also brings up a fake home page and lots of pop up ads. I got rid of the bits via control panel, ran Microsoft essential - it identified a severe threat from the day the thing installed and said it would remove it, but didn't. A friend recommended avast but it didn't even identify it. And the thing seems to be getting worse. I've had it on there ten days now. Very worrying. I feel so stupid. What next?

Thanks!

mass_debater

Install and run Malwarebytes.

AngryDiMaria

You're best off running malwarebytes in safe mode, install, update, reboot into safe mode, scan

misshaversham

AngryDiMaria wrote: »

You're best off running malwarebytes in safe mode, install, update, reboot into safe mode, scan

Thanks guys, I installed and ran malwarebytes last night. It identified and removed six threats but the trojan is still bringing up nuisance pages!!! I didn't run it in safe mode however because the only way I can reach safe mode is by restarting after a power outage? And everything on the screen is blown up large? Is that how it should be in am I approaching it wrong?

So stressed with this. What so I do now?

Thanks so much.

jsa112

post the malwarebytes log

mass_debater

To get into safe mode press f8 before Windows boots, keep pressing it. Safe mode does not load graphics drivers so you will see low resolution and huge icons, what you describe. I think maybe the nasty changed your default search provider or home page, what browser do you use?

misshaversham

jsa112 wrote: »

post the malwarebytes log

Thanks will do.

misshaversham

mass_debater wrote: »

To get into safe mode press f8 before Windows boots, keep pressing it. Safe mode does not load graphics drivers so you will see low resolution and huge icons, what you describe. I think maybe the nasty changed your default search provider or home page, what browser do you use?

Ok cool... Search provider is Google which seems normal and fine, although the nasty has tried to trick me with a fake home page search engine too, which looks nothing like Google. Remove Google as default provider? I need it really, my whole life is filed with Google. Yikes

mass_debater

misshaversham wrote: »

Ok cool... Search provider is Google which seems normal and fine, although the nasty has tried to trick me with a fake home page search engine too, which looks nothing like Google. Remove Google as default provider? I need it really, my whole life is filed with Google. Yikes

Reset your browser to default see if it fixes it

misshaversham

mass_debater wrote: »

Reset your browser to default see if it fixes it

Great I'm in it, will report back

misshaversham

Hi guys, unfortunately I'm back and not with happy news. Ran malwarebytes in safe mode... both avast and malwarebytes initially identified threats and took action but the nuisance pages etc. returned and they were unable to identify them second time round.

Also at one point during the last few days there was a little icon in the bottom right of screen saying 'network 2' - could that mean someone was hooked up to my laptop and looking in???

Went into set browser: the box was ticked for 'current browser' and then chrome, internet explorer, firefox & all the rest were unticked, so we changed the ticked box to chrome & I pretty sure that's when the network 2 thingie went away.... and has stayed away it seems...
But basically everything seems to work for a short while and then its back to the same: we open a page, do a google search, click on the link we want then that goes to a page calling itself esurf.biz, then we go back out of that, click on the desired link again and this time it tends to work. Other pages that can appear include a sports betting one, what I assume is a fake alibaba page & pop up ads.

What next? TIA

MiskyBoyy

Try ADWCleaner: http://www.bleepingcomputer.com/download/adwcleaner/

misshaversham

Ok will give it a shot, thanks

misshaversham

MiskyBoyy, I'm sorry but I just have to ask - is adwcleaner a program you have personal experience of? It's asking if it can make changes to the computer and I'm nervy... considering how I got into this mess in the first place! Cheers

MiskyBoyy

Yeah I've used it multiple times on different pcs. It's the best option for me for browser hijackers & adware.

misshaversham

Hello again MiskyBoyy, I can't seem to paste or attach the adwcleaner log here but it says it has found infected shortcuts which all feature esurf.biz, the 'page' that keeps coming up. Do I clean or uninstall?

Thanks so much.

Thargor

Time to reinstall Windows.

MiskyBoyy

misshaversham wrote: »

Hello again MiskyBoyy, I can't seem to paste or attach the adwcleaner log here but it says it has found infected shortcuts which all feature esurf.biz, the 'page' that keeps coming up. Do I clean or uninstall?

Thanks so much.

Hey there, it's been a while since I've used it but try 'clean' then it should prompt for a system restart. Do a further scan after that.

misshaversham

Reinstall windows yeah? Is it that serious? :-(

How do I do it? And what should I do first? I assume I need to save all files etc.? Uuurgh.

MiskyBoyy

misshaversham wrote: »

Reinstall windows yeah? Is it that serious? :-(

How do I do it? And what should I do first? I assume I need to save all files etc.? Uuurgh.

I wouldn't go that far yet, try run the ADWcleaner a few times, clean once, then if still found, uninstall option. Restart after that, you should be fine.

Browser hijackers are a pure nuisance, ADWcleaner in my experience was the only successful option for fully removing them.

misshaversham

Thargor - think I posted already in response but its not showing - anyway, yikes!, really?

How do I do it? & what should I do in advance - save all files elsewhere I suppose, anything else?

misshaversham

MiskyBoyy wrote: »

I wouldn't go that far yet, try run the ADWcleaner a few times, clean once, then if still found, uninstall option. Restart after that, you should be fine.

Browser hijackers are a pure nuisance, ADWcleaner in my experience was the only successful option for fully removing them.

Ok, thanks Misky (if I may be so casual ;-)

So a browser hijacker is what you would call my problem yeah?

Will try that first.

Thargor

misshaversham wrote: »

Thargor - think I posted already in response but its not showing - anyway, yikes!, really?

How do I do it? & what should I do in advance - save all files elsewhere I suppose, anything else?

Its a good thing to know how to do, you'll need to look up a tutorial the first time but it's not hard, all your files will be wiped so save everything you need to the cloud or USB stick.

Then again it's a massive inconvenience for some people so try the adware removal tools first, personally I wipe everything and reinstall the minute anything dodgy happens but I like the feeling of having a fresh clean pc running at its best. How old is the pc?

mass_debater

It's much easier to get a backup system in place and reinstall Windows than to spend hours trying to hunt down and remove a nasty. I usually get a backup of a clean fresh updated install with Acronis that I can quickly reinstall later

free_man

I have two options you will not like
Option1> Have you enabled system restore on Windows drive. If you know the approx. date of infection, try restoring the windows drive to a date prior to that. Take a backup of your personal folders as restore may overwrite them (shouldn't but depends of what was selected for restore)
Option2 > Reinstall Windows. As mass_debater said you might be still looking for nasty in June as they are very hard to remove.

misshaversham

Hi guys,

It appears all is well :-) what an enormous relief. Adwcleaner seems to have worked. Also yesterday my laptop seemed ill and unable to start... me thinks it was overloaded with avast, malwarebytes and all the rest, anyway, it started eventually in safemode & I belief my other half agreed when it asked to restore settings to a previous date and it now seems perfect. So happy. And thanks for all your help.

Like an idiot though I have been paying for dropbox and barely using it cause I was initially under the impression that when you have files copied in dropbox, they should automatically update if you work on the same files in your docs folder on laptop. Isn't that how it should work? But that doesn't happen & meantime I don't find dropbox very informative on this... I know this is off topic but does anyone know?

Thanks again, you have saved me a lot of money and stress

mass_debater

misshaversham wrote: »

Hi guys,

It appears all is well :-) what an enormous relief. Adwcleaner seems to have worked. Also yesterday my laptop seemed ill and unable to start... me thinks it was overloaded with avast, malwarebytes and all the rest, anyway, it started eventually in safemode & I belief my other half agreed when it asked to restore settings to a previous date and it now seems perfect. So happy. And thanks for all your help.

Like an idiot though I have been paying for dropbox and barely using it cause I was initially under the impression that when you have files copied in dropbox, they should automatically update if you work on the same files in your docs folder on laptop. Isn't that how it should work? But that doesn't happen & meantime I don't find dropbox very informative on this... I know this is off topic but does anyone know?

Thanks again, you have saved me a lot of money and stress

Dropbox only syncs the Dropbox folder, your files will be synced there of Dropbox is running. Not sure what location, could be in the root of the c drive if not in your user folder

free_man

misshaversham wrote: »

Hi guys,

It appears all is well :-) what an enormous relief. Adwcleaner seems to have worked. Also yesterday my laptop seemed ill and unable to start... me thinks it was overloaded with avast, malwarebytes and all the rest, anyway, it started eventually in safemode & I belief my other half agreed when it asked to restore settings to a previous date and it now seems perfect. So happy. And thanks for all your help.

Like an idiot though I have been paying for dropbox and barely using it cause I was initially under the impression that when you have files copied in dropbox, they should automatically update if you work on the same files in your docs folder on laptop. Isn't that how it should work? But that doesn't happen & meantime I don't find dropbox very informative on this... I know this is off topic but does anyone know?

Thanks again, you have saved me a lot of money and stress

Hi, The dropbox has an app to install on Windows machine which sets the folder which auto syncs to your dropbox account. You can set it to your 'my documents' folder if you wish.