Active Now

WelbyQuentin
Discussion » Questions » Computers and the Internet » Computer gurus: What's my next step in removing sneaky malware?

Computer gurus: What's my next step in removing sneaky malware?

I have malware on my Windows 7 laptop that hijacks web pages and either inserts ads onto them or takes over the ads that are there. It also disables most of the page's functions.

Proior to this, I had not installed any new programs on my computer in months, though I was on a site looking up "Hamlet" quotes the other day and got one of those annoying pop ups that said I was infected. I closed the window and went on with life.

I run MacAffee and it didn't catch this. It still doesn't realize there's something there.

Because I use Chrome, I cleaned that. I also removed all cookies from the last week and all of my cache. Nada.

I ran Malwarebytes, which found and eradicated four files. I rebooted and enjoyed a couple hours of peace before the ad hijacker started again. Now, Malwarebytes sees nothing in repeated scans.

I deleted Chrome and switched to FireFox. Within about 5 minutes, the malware took FF over too.

I then switched to ESET scanner, which found and eradicated one file. I rebooted and the malware is still active. Repeated ESET scans show nothing.

i have researched every program, application, and process that's running. They all appear to be legit. I even started killing non-essential processes to see where the little b**tard might be hiding. No luck.

I'm about to throw my laptop through a window. What programs or checks should I try before I do that?

Posted - February 4, 2017

Responses


  • 2658
    Hitman Pro recently worked for me. I downloaded the 30 day trial version..ran the program and removed a malware that my malware (malwarebytes free version) wouldn't remove.

    It took about 15 minutes. I then removed the hitman pro from my hard-drive and have been OK since.

    http://www.techspot.com/downloads/1278-hitman-pro.html
      February 4, 2017 11:56 AM MST
    3

  • 7939
    Thanks. I gave it a go. Hitman Pro didn't catch it either.
      February 5, 2017 11:22 AM MST
    0

  • 2658
    Maybe this, if you haven't tried it.    https://www.microsoft.com/en-us/safety/pc-security/malware-removal.aspx
      February 5, 2017 12:32 PM MST
    1

  • 7939
    Thank you. I appreciate the idea. I gave it a go and my system crashed while using it. The bug was eating a lot of my memory and couldn't run it. 
      February 5, 2017 11:38 PM MST
    0

  • 5835
    First run the scan in your anti-virus software. Ok, you did that.
    Then run CCleaner http://www.piriform.com/ Poke around in the menus. There is one page where you tell it what cookies to keep and what to delete, and a separate page where you tell it to delete them.
    Next run Spybot https://www.safer-networking.org/dl/ 

    At some point you might have gotten a hint to the name of the hijacker. You can google that and get instructions to remove it.
      February 4, 2017 12:00 PM MST
    2

  • Restart in safe mode and run rkill,tdsskiller and Unhide.

    Then run malewarebytes and avast! again.   Might want to try Stinger as well.


    MacAffee sucks.
      February 4, 2017 12:02 PM MST
    3

  • 7939
    Thank you. I ran all of those. No dice. :/
      February 5, 2017 11:25 AM MST
    1

  • Bup, bup,bup????

    Ummm try what Rooster said in addition.  If that don't work Try Kaspersky scan to identify it.   When these types of things don't work I usually just try and find all associated files and then boot into a LInux distro and use that to delete and uninstall them. You can make a live disk or flash drive and set your BIOS to boot from them. If you have a UEFI you need top disable secure boot first though.


    Is your search bar or start up page being hijacked?   Is it Linksicle by any chance?
      February 5, 2017 11:36 AM MST
    2

  • 7939
    You are about 10 levels more technical than I am. Lol 

    This one is sneaky in that it's not obvious. It only takes over ads that are already there or it adds them to the top of the page. So, I come to AM and see our regular ad at the top for maybe 10 seconds and then it gets replaced by a rotating slideshow of ads- crappy ones about dating Brazilian women and stuff, but it executes poorly and locks up all JavaScript and overwhelms Chrome with memory needs, so it crashes with only 2 tabs open. If they had written cleaner code, I'd have no idea I was infected. (aside from knowing what ads I permit here)
      February 5, 2017 12:43 PM MST
    0

  • 2960
    Buy a superior Apple laptop.
      February 4, 2017 12:08 PM MST
    2

  • Not anymore, I've had my browser hijacked on my Mac. At one time, you needed to go through the directories and kill the files. Now, Malwarebytes.
      February 4, 2017 12:21 PM MST
    2

  • 2960
    Must be user error. Apple is never wrong.
      February 4, 2017 12:23 PM MST
    1

  • Of course it's user error, but I'm human, and there's certain things I might want to look at, I shouldn't look at, but I'm looking anyways. One wrong click and...
      February 4, 2017 12:28 PM MST
    2

  • Malwarebytes and Hijack This will usually get rid of it. Avast is good to have running to block viruses. Might need to do a boot scan to truly eliminate. Usually you can find the offensive file based on the site it's going into if neither work, it's been a while, but the last time I did this, needed to comb thru add-ons, etc. or they come back. Make sure you aren't connected to the 'net when you do this. Pesky things.
      February 4, 2017 12:19 PM MST
    2

  • 7939
    Thank you. I don't see anything abnormal running at startup or during use of the laptop.
      February 5, 2017 11:36 AM MST
    0

  • Maybe check the add-ons, extensions, and plug-ins in the browser.
      February 5, 2017 12:33 PM MST
    1

  • Well, first off, MacAffee is a crummy anti-virus program which causes more harm than good. I suggest Webroot SecurityAnywhere as it's quick and efficient. Then run Malwarebytes Premium on a free trial program. Then run HitmanPro as it really does the number. Then if you have enabled Windows Defender? Set it for a full scan, which might take a couple of hours but it will find and fix anything. I use these tools remotely for people and have had great success with cleaning out junk. You'll notice a healthy speed pick up with Webroot also. Trust me, these will work! Malwarebytes is a great program but using Malwarebytes Premium free trial is the best. I run all these programs on my PC's and never had any trouble again.

    One other option I might mention for you as these guys are nationwide. Call 1-800-979-NERD and one of their online Techs will remotely connect to your unit and help you out and find and clean out your unit. Really good Techs and they have a monthly plan for $25.00 a month that gives you remote access for any kind of problem. It's worth the call. I used to work for them and they know their stuff. This post was edited by Benedict Arnold at February 5, 2017 11:40 AM MST
      February 4, 2017 12:26 PM MST
    6

  • 7939
    Windows Defender won't run alongside other antivirus programs, so I haven't run it yet. I'll give that and WSA a go next.

    I looked at the helpline you mentioned and only saw an $89 fee. My laptop is old. I'd do better applying money to a new laptop if i'm getting that expensive. (I already dropped $40 to renew Malwarebytes.)  Will keep it in mind though.

    Thank you.
      February 5, 2017 11:47 AM MST
    1

  • That's odd as WD runs along side mine just fine.
      February 5, 2017 11:48 AM MST
    2

  • 7939
    I wonder if macaffee shut it off then. I can't even open it. It tells me I'm using another program to monitor and that I should check its status when I click on it. 
      February 5, 2017 12:02 PM MST
    1

  • MacAfee will do that! It's a clunker of an anti-virus program and I have a feeling it's part of your problem too.
      February 5, 2017 12:05 PM MST
    1

  • 7939
    I've run through a bunch of tutorials on turning defender back on  and none of them work, so I may end up uninstalling it and trying again. I just ran webroot and it found a bad file, but not whatever is triggering this. Bah. Thank you for the tips. I will keep working them.
      February 5, 2017 12:53 PM MST
    1

  • Hopefully my Tech friend expands his online tech support system to other states as he would log into your Laptop and go through it for free. That guy really knows his stuff! 
      February 5, 2017 2:16 PM MST
    1

  • 7939
    All your tips were awesome, though, so thank you for that. I think I tried 15 different programs in all and none of them worked. I had a mostly recent backup of my files, so I just reset everything to the factory settings and started from scratch. This was one heck of a persistent bug.
      February 5, 2017 11:44 PM MST
    0