Jump to content
Sign in to follow this  
louisng114

Pop-up/fake update virus

Recommended Posts

As my morning routine, I was browsing YouTube. As I clicked post to post a reply, some ads start popping up. I closed them quickly and ran a scan with SUPERAntiSpyware, but it did not spot any major threat. I then openned my browser to check again. Sure enough, ads start popping up when I visit sites. Below are some pictures I took. Does anyone know what virus it is and how I can remove it?

https://imageshack.us/i/potnzmpGj

that is how the normal page looks like

https://imageshack.us/i/pmxe6WUDj

now ads start showing up

https://imageshack.us/i/plabJmVVj

a fake (most likely) update notice appears

Share this post


Link to post
Share on other sites

Hi louisng114

 

It's a bit difficult to tell from those pics as to what particular browser hijacker it may be. Probably an unknown / unwanted download ( check those boxes aren't ticked when installing things, and always select Custom install when offered).

 

The fake flash player image is just that.....a fake.

 

You should check in your browsers extensions for anything not needed and remove it.

 

And to make sure download adwcleaner and select Scan, uncheck what you want to keep and select Clean.

 

After machine reboots please attach the txt log back here, it may also help to see what the issue was and whether or not it can be incorporated in SAS in future.

 

https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Share this post


Link to post
Share on other sites

I do not see anything in the extension, unlike when my computer was affected by dnsunlocker before.

When I download adwcleaner, it says "windows smartscreen prevented an unrecognized app from starting. running this app might put your pc at risk". Is this normal? Did the virus redirect the download? Should I run the program anyway?

Share this post


Link to post
Share on other sites
Yay! It worked! Thanks <3

 

 

 

# AdwCleaner v5.102 - Logfile created 16/03/2016 at 12:46:18

# Updated 13/03/2016 by Xplode

# Database : 2016-03-16.1 [server]

# Operating system : Windows 8.1  (x64)

# Username : Louis - LOUIS-PC

# Running from : C:\Users\Louis\Downloads\adwcleaner_5.102 (2).exe

# Option : Clean


 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\Program Files\amztab

[-] Folder Deleted : C:\Program Files (x86)\sushileads

[-] Folder Deleted : C:\ProgramData\sushileads

[-] Folder Deleted : C:\ProgramData\333a93e2-4eb3-1

[-] Folder Deleted : C:\ProgramData\333a93e2-5361-0

[-] Folder Deleted : C:\ProgramData\bd14958f-30e5-0

[-] Folder Deleted : C:\ProgramData\bd14958f-4a15-0

[-] Folder Deleted : C:\ProgramData\bd14958f-5501-0

[-] Folder Deleted : C:\ProgramData\bd14958f-5b05-0

[-] Folder Deleted : C:\ProgramData\bd14958f-5b41-0

[-] Folder Deleted : C:\ProgramData\bd14958f-7e85-1

[-] Folder Deleted : C:\ProgramData\{139aee63-612c-1}

[-] Folder Deleted : C:\ProgramData\{180aee92-312c-0}

[-] Folder Deleted : C:\Users\Louis\AppData\Roaming\Nosibay

[-] Folder Deleted : C:\Users\Louis\AppData\Roaming\Store

[-] Folder Deleted : C:\Users\Louis\AppData\Roaming\WTools

[-] Folder Deleted : C:\Users\Louis\Documents\DailyPCClean

 

***** [ Files ] *****

 

[-] File Deleted : C:\END

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_nps.pastaleads.com_0.localstorage

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_nps.pastaleads.com_0.localstorage-journal

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.eshopcomp.com_0.localstorage-journal

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.eshopcomp.com_0.localstorage-journal

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage

[-] File Deleted : C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal

[-] File Deleted : C:\Users\Louis\AppData\Roaming\Bubble Dock.boostrap.log

[-] File Deleted : C:\Users\Louis\AppData\Roaming\Bubble Dock.installation.log

[-] File Deleted : C:\Users\Louis\AppData\Roaming\Selection Tools.installation.log

[-] File Deleted : C:\Users\Louis\AppData\Roaming\WindApp.boostrap.log

[-] File Deleted : C:\Users\Louis\AppData\Roaming\WindApp.installation.log

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1

[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0435A820-C65F-448A-B282-B0BA9396FFE5} [NameServer]

[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{33E343A9-2349-4E23-A09E-3CFCC72E4B5C} [NameServer]

[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{372276FC-17CB-4C37-A9D4-87B5D95C0E23} [NameServer]

[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8468D42A-356C-4032-B246-9C28206ADDB0} [NameServer]

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bestpriceninja.com

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nps.pastaleads.com

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pastaleads.com

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pstatic.bestpriceninja.com

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggSJQkPVw1JRBhFJFgPTA1AR1MOeAAOWBRDFgwUIQhbUQEUQwEFIk0FA1oDB0VXfV5bFElXTwhqNEpqBEoETUFQCExa

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

 

*************************

 

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [6116 bytes] - [16/03/2016 12:46:18]

C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [6027 bytes] - [16/03/2016 12:43:24]

 

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [6302 bytes] ##########

Share this post


Link to post
Share on other sites

For some reason, cleaning the computer, I am not able to post comments on YouTube as the comment box does not expand upon clicking, even though the cursor still turns into a finger when hovering over the box.

 

EDIT: the problem is gone after I reset my browser setting a second time.

Share this post


Link to post
Share on other sites

Try a different browser as it may be an issue with IE.

 

You should also do a clean up with CCleaner free version https://www.piriform.com/ccleaner/download

 

You may also want to run Farbar Scan & Recovery tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

 

Select Scan and post the txt log back here (if you wish).

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×