Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Nasty Trojan, Avast didn't even see it, please help

  • 14-03-2016 7:37am
    #1
    Registered Users, Registered Users 2 Posts: 51 ✭✭


    It's all my fault. I never do load freebies from Internet but just this one time I was searching for an epub books and a link offered it for free. The link added an app calling itself 'simple downloads' , then pages I opened started changing themselves to sports or betting sites, also competition pages telling me I've won and looking for my details... It also brings up a fake home page and lots of pop up ads. I got rid of the bits via control panel, ran Microsoft essential - it identified a severe threat from the day the thing installed and said it would remove it, but didn't. A friend recommended avast but it didn't even identify it. And the thing seems to be getting worse. I've had it on there ten days now. Very worrying. I feel so stupid. What next?

    Thanks!


Comments

  • Closed Accounts Posts: 3,072 ✭✭✭mass_debater


    Install and run Malwarebytes.


  • Users Awaiting Email Confirmation Posts: 489 ✭✭AngryDiMaria


    You're best off running malwarebytes in safe mode, install, update, reboot into safe mode, scan


  • Registered Users, Registered Users 2 Posts: 51 ✭✭misshaversham


    You're best off running malwarebytes in safe mode, install, update, reboot into safe mode, scan

    Thanks guys, I installed and ran malwarebytes last night. It identified and removed six threats but the trojan is still bringing up nuisance pages!!! I didn't run it in safe mode however because the only way I can reach safe mode is by restarting after a power outage? And everything on the screen is blown up large? Is that how it should be in am I approaching it wrong?

    So stressed with this. What so I do now?

    Thanks so much.


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    post the malwarebytes log


  • Closed Accounts Posts: 3,072 ✭✭✭mass_debater


    To get into safe mode press f8 before Windows boots, keep pressing it. Safe mode does not load graphics drivers so you will see low resolution and huge icons, what you describe. I think maybe the nasty changed your default search provider or home page, what browser do you use?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 51 ✭✭misshaversham


    jsa112 wrote: »
    post the malwarebytes log

    Thanks will do.


  • Registered Users, Registered Users 2 Posts: 51 ✭✭misshaversham


    To get into safe mode press f8 before Windows boots, keep pressing it. Safe mode does not load graphics drivers so you will see low resolution and huge icons, what you describe. I think maybe the nasty changed your default search provider or home page, what browser do you use?

    Ok cool... Search provider is Google which seems normal and fine, although the nasty has tried to trick me with a fake home page search engine too, which looks nothing like Google. Remove Google as default provider? I need it really, my whole life is filed with Google. Yikes


  • Closed Accounts Posts: 3,072 ✭✭✭mass_debater


    Ok cool... Search provider is Google which seems normal and fine, although the nasty has tried to trick me with a fake home page search engine too, which looks nothing like Google. Remove Google as default provider? I need it really, my whole life is filed with Google. Yikes

    Reset your browser to default see if it fixes it


  • Registered Users, Registered Users 2 Posts: 51 ✭✭misshaversham


    Reset your browser to default see if it fixes it

    Great I'm in it, will report back


  • Registered Users, Registered Users 2 Posts: 51 ✭✭misshaversham


    Hi guys, unfortunately I'm back and not with happy news. Ran malwarebytes in safe mode... both avast and malwarebytes initially identified threats and took action but the nuisance pages etc. returned and they were unable to identify them second time round.

    Also at one point during the last few days there was a little icon in the bottom right of screen saying 'network 2' - could that mean someone was hooked up to my laptop and looking in???

    Went into set browser: the box was ticked for 'current browser' and then chrome, internet explorer, firefox & all the rest were unticked, so we changed the ticked box to chrome & I pretty sure that's when the network 2 thingie went away.... and has stayed away it seems...
    But basically everything seems to work for a short while and then its back to the same: we open a page, do a google search, click on the link we want then that goes to a page calling itself esurf.biz, then we go back out of that, click on the desired link again and this time it tends to work. Other pages that can appear include a sports betting one, what I assume is a fake alibaba page & pop up ads.

    What next? TIA


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 8,799 ✭✭✭MiskyBoyy




  • Registered Users, Registered Users 2 Posts: 51 ✭✭misshaversham


    Ok will give it a shot, thanks


  • Registered Users, Registered Users 2 Posts: 51 ✭✭misshaversham


    MiskyBoyy, I'm sorry but I just have to ask - is adwcleaner a program you have personal experience of? It's asking if it can make changes to the computer and I'm nervy... considering how I got into this mess in the first place! Cheers


  • Registered Users, Registered Users 2 Posts: 8,799 ✭✭✭MiskyBoyy


    Yeah I've used it multiple times on different pcs. It's the best option for me for browser hijackers & adware.


  • Registered Users, Registered Users 2 Posts: 51 ✭✭misshaversham


    Hello again MiskyBoyy, I can't seem to paste or attach the adwcleaner log here but it says it has found infected shortcuts which all feature esurf.biz, the 'page' that keeps coming up. Do I clean or uninstall?

    Thanks so much.


  • Registered Users, Registered Users 2 Posts: 18,063 ✭✭✭✭Thargor


    Time to reinstall Windows.


  • Registered Users, Registered Users 2 Posts: 8,799 ✭✭✭MiskyBoyy


    Hello again MiskyBoyy, I can't seem to paste or attach the adwcleaner log here but it says it has found infected shortcuts which all feature esurf.biz, the 'page' that keeps coming up. Do I clean or uninstall?

    Thanks so much.

    Hey there, it's been a while since I've used it but try 'clean' then it should prompt for a system restart. Do a further scan after that.


  • Registered Users, Registered Users 2 Posts: 51 ✭✭misshaversham


    Reinstall windows yeah? Is it that serious? :-(

    How do I do it? And what should I do first? I assume I need to save all files etc.? Uuurgh.


  • Registered Users, Registered Users 2 Posts: 8,799 ✭✭✭MiskyBoyy


    Reinstall windows yeah? Is it that serious? :-(

    How do I do it? And what should I do first? I assume I need to save all files etc.? Uuurgh.

    I wouldn't go that far yet, try run the ADWcleaner a few times, clean once, then if still found, uninstall option. Restart after that, you should be fine.

    Browser hijackers are a pure nuisance, ADWcleaner in my experience was the only successful option for fully removing them.


  • Registered Users, Registered Users 2 Posts: 51 ✭✭misshaversham


    Thargor - think I posted already in response but its not showing - anyway, yikes!, really?

    How do I do it? & what should I do in advance - save all files elsewhere I suppose, anything else?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 51 ✭✭misshaversham


    MiskyBoyy wrote: »
    I wouldn't go that far yet, try run the ADWcleaner a few times, clean once, then if still found, uninstall option. Restart after that, you should be fine.

    Browser hijackers are a pure nuisance, ADWcleaner in my experience was the only successful option for fully removing them.


    Ok, thanks Misky (if I may be so casual ;-)

    So a browser hijacker is what you would call my problem yeah?

    Will try that first.


  • Registered Users, Registered Users 2 Posts: 18,063 ✭✭✭✭Thargor


    Thargor - think I posted already in response but its not showing - anyway, yikes!, really?

    How do I do it? & what should I do in advance - save all files elsewhere I suppose, anything else?
    Its a good thing to know how to do, you'll need to look up a tutorial the first time but it's not hard, all your files will be wiped so save everything you need to the cloud or USB stick.

    Then again it's a massive inconvenience for some people so try the adware removal tools first, personally I wipe everything and reinstall the minute anything dodgy happens but I like the feeling of having a fresh clean pc running at its best. How old is the pc?


  • Closed Accounts Posts: 3,072 ✭✭✭mass_debater


    It's much easier to get a backup system in place and reinstall Windows than to spend hours trying to hunt down and remove a nasty. I usually get a backup of a clean fresh updated install with Acronis that I can quickly reinstall later


  • Registered Users, Registered Users 2 Posts: 161 ✭✭free_man


    I have two options you will not like
    Option1> Have you enabled system restore on Windows drive. If you know the approx. date of infection, try restoring the windows drive to a date prior to that. Take a backup of your personal folders as restore may overwrite them (shouldn't but depends of what was selected for restore)
    Option2 > Reinstall Windows. As mass_debater said you might be still looking for nasty in June as they are very hard to remove.


  • Registered Users, Registered Users 2 Posts: 51 ✭✭misshaversham


    Hi guys,

    It appears all is well :-) what an enormous relief. Adwcleaner seems to have worked. Also yesterday my laptop seemed ill and unable to start... me thinks it was overloaded with avast, malwarebytes and all the rest, anyway, it started eventually in safemode & I belief my other half agreed when it asked to restore settings to a previous date and it now seems perfect. So happy. And thanks for all your help.

    Like an idiot though I have been paying for dropbox and barely using it cause I was initially under the impression that when you have files copied in dropbox, they should automatically update if you work on the same files in your docs folder on laptop. Isn't that how it should work? But that doesn't happen & meantime I don't find dropbox very informative on this... I know this is off topic but does anyone know?

    Thanks again, you have saved me a lot of money and stress :)


  • Closed Accounts Posts: 3,072 ✭✭✭mass_debater


    Hi guys,

    It appears all is well :-) what an enormous relief. Adwcleaner seems to have worked. Also yesterday my laptop seemed ill and unable to start... me thinks it was overloaded with avast, malwarebytes and all the rest, anyway, it started eventually in safemode & I belief my other half agreed when it asked to restore settings to a previous date and it now seems perfect. So happy. And thanks for all your help.

    Like an idiot though I have been paying for dropbox and barely using it cause I was initially under the impression that when you have files copied in dropbox, they should automatically update if you work on the same files in your docs folder on laptop. Isn't that how it should work? But that doesn't happen & meantime I don't find dropbox very informative on this... I know this is off topic but does anyone know?

    Thanks again, you have saved me a lot of money and stress :)

    Dropbox only syncs the Dropbox folder, your files will be synced there of Dropbox is running. Not sure what location, could be in the root of the c drive if not in your user folder


  • Registered Users, Registered Users 2 Posts: 161 ✭✭free_man


    Hi guys,

    It appears all is well :-) what an enormous relief. Adwcleaner seems to have worked. Also yesterday my laptop seemed ill and unable to start... me thinks it was overloaded with avast, malwarebytes and all the rest, anyway, it started eventually in safemode & I belief my other half agreed when it asked to restore settings to a previous date and it now seems perfect. So happy. And thanks for all your help.

    Like an idiot though I have been paying for dropbox and barely using it cause I was initially under the impression that when you have files copied in dropbox, they should automatically update if you work on the same files in your docs folder on laptop. Isn't that how it should work? But that doesn't happen & meantime I don't find dropbox very informative on this... I know this is off topic but does anyone know?

    Thanks again, you have saved me a lot of money and stress :)

    Hi, The dropbox has an app to install on Windows machine which sets the folder which auto syncs to your dropbox account. You can set it to your 'my documents' folder if you wish.


Advertisement