My laptop (HP, Windows 7, IE) has some type of malware or adware. My screen in always inundated with ads that aren't suppose to be there. Facebook has extra ads and even Wikipedia has ads. And everything is hyperlinked to ads. 'Educational Foundation' on the 'James Randi Education Foundation' is hyperlinked to some ad. I did a sweep with malwarebytes but that didn't work. This greatly diminshes my JREF experience because I don't dare click on any hyperlink. I don't want to go to a anti-malware forum because I don't trust them. Please help.
Adware Help
- Thread starter Baylor
- Start date
Sam.I.Am
Illuminator
- Joined
- Apr 2, 2009
- Messages
- 4,627
Use a good hosts file. That is all.
lylfyl
Thinker
- Joined
- Sep 17, 2004
- Messages
- 217
I'm not an IT person, but I've struggled through cleaning my PC before.
huh. how are you going to trust any of my links? Does it add text too, or just randomly hyperlink things? I won't make full links, just plain text cut and paste. (just Add two 'W' to the front of the w.URLNAME)
blog.wikimedia.org seems to have noticed it too.
blog.wikimedia.org/2012/05/14/ads-on-wikipedia-your-computer-infected-malware
You'll have to trust some anti-malware forum. I haven't posted on Bleepingcomputer but I've found threads with similar problems that has helped me in the past w.bleepingcomputer.com/virus-removal/
I'm surprised Malwarebytes didn't catch anything. But I have had to do multiple scans with different products to scour away the last refuges of VUNDO. These are the ones I had used.
Mcafee's stinger isn't a full antivirus, but it tends to be updated for the latest virus trends. w.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx
Spybot Search and Destroy from safer-networking w.safer-networking.org/
I don't know if this was necessary, but I also rebooted in safemode when I did my final scans to make sure there wasn't anything hidden in Memory.
Good Luck.
Here's the too-late advice for after you've fixed everything..
Please try Firefox or chrome over IE, and download som extensions. I love Adblock and QuickJava allows you to easily turn off Javascript, cookies, Flash, etc. while you're online (I can easily turn them back when I want to e.g. watch a Youtube video)
Backups! I just lost 18 months of email because my hard drive went out without a more recent backup.
huh. how are you going to trust any of my links? Does it add text too, or just randomly hyperlink things? I won't make full links, just plain text cut and paste. (just Add two 'W' to the front of the w.URLNAME)
blog.wikimedia.org seems to have noticed it too.
blog.wikimedia.org/2012/05/14/ads-on-wikipedia-your-computer-infected-malware
You'll have to trust some anti-malware forum. I haven't posted on Bleepingcomputer but I've found threads with similar problems that has helped me in the past w.bleepingcomputer.com/virus-removal/
I'm surprised Malwarebytes didn't catch anything. But I have had to do multiple scans with different products to scour away the last refuges of VUNDO. These are the ones I had used.
Mcafee's stinger isn't a full antivirus, but it tends to be updated for the latest virus trends. w.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx
Spybot Search and Destroy from safer-networking w.safer-networking.org/
I don't know if this was necessary, but I also rebooted in safemode when I did my final scans to make sure there wasn't anything hidden in Memory.
Good Luck.
Here's the too-late advice for after you've fixed everything..
Please try Firefox or chrome over IE, and download som extensions. I love Adblock and QuickJava allows you to easily turn off Javascript, cookies, Flash, etc. while you're online (I can easily turn them back when I want to e.g. watch a Youtube video)
Backups! I just lost 18 months of email because my hard drive went out without a more recent backup.
This is The End
Penultimate Amazing
- Joined
- Sep 14, 2007
- Messages
- 10,924
Sounds minor, running Kaspersky should fix it:
If I still had it after that I would run mbam (Malwarebytes' Anti-Malware) and then Adaware (With Adaware make sure you uninstall it after you scan with it!)
run kasperskys free virus removal tool:
http://devbuilds.kaspersky-labs.com...11/setup_11.0.0.1245.x01_2012_09_27_22_54.exe
Then maybe do <> that again in Admin mode...
ETA: When I run Kaspersky Virus Removal tool I first go to settings tab (the little gear). On Security Scope side-tab check the box next to Local Disk (which is probably C: ) (leave the first 3 checked), and then on Security Level side-tab put the slider all the way up to High, and then on Actions side-tab check Select action: (and make sure both Disinfect and Delete if disinfection fails are checked).
After all that go back to Automatic Scan tab and hit Start Scanning.
Then find something else to do for about an hour.
ETA #2:
If that last link doesn't work you can always find the current version of kasperskys free virus removal tool at this link:
http://www.kaspersky.com/antivirus-removal-tool?form=1
Because they have kept the version number the same for almost a year now (11.0.0.1245.x01) you have to actually start the download and read the file name (Hit Download next to Version 11) to see if it's definitions have been updated.
For instance, as of typing this the file name ends with: 2012_09_27_22_54
If I still had it after that I would run mbam (Malwarebytes' Anti-Malware) and then Adaware (With Adaware make sure you uninstall it after you scan with it!)
Last edited:
Dancing David
Penultimate Amazing
Well Malwarebytes can become corrupted, especially if you have some sort of rootkit, but the thing I don't get is this:
-are there supposed to be ads there or are they popups?
That does make a difference.
Once you have a rootkit, it becomes more challenging to clean up your machine, since you already have Mbam. and it sounds like it is corrupt , it is a little more tricky.
First
-Rkill (http://www.bleepingcomputer.com/download/rkill/dl/11/) I linked you to one with a different name, download to your desktop
Second:
-TDSSKiller(http://www.bleepingcomputer.com/download/tdsskiller/) download the .exe to your desktop
Now the path you take from there is going to vary but I would boot into safe mode and then run the iexplore.exe file, Rkill is a prewash to stop processes and servivices, then run TDSSkiller.
Now here is the place where your path may vary, you are going to run Rkill after each reboot, especially if it finds some file!
I have a bunch of different programs that I use:
Malwarebytes- probably not this time
Superantispyware-(http://www.superantispyware.com/) free version
Fsecure-(http://www.f-secure.com/en/web/labs_global/removal/easy-clean/faq), sometimes works, sometimes doesn't
Eset Online scanner-(http://www.eset.com/us/online-scanner-popup/) 9goof followup tool)
Now I have some issues with how sloooooow DrWeb is but is is a great tool:
(http://www.freedrweb.com/cureit/?lng=en)
But from what you are describing I would also be sure to start by updating Flash, Java and your Adobe reader (if you use it) and I would probably use a boot disk scanner:
http://www.squidoo.com/the-best-free-antivirus-rescue-cds
Now they all have their pluses and minuses:
I tend to use Kaspersky, but you have to tell it to delete things which is annoying
And then there is always running Combofix in safe mode:
http://www.bleepingcomputer.com/download/combofix/
-are there supposed to be ads there or are they popups?
That does make a difference.
Once you have a rootkit, it becomes more challenging to clean up your machine, since you already have Mbam. and it sounds like it is corrupt , it is a little more tricky.
First
-Rkill (http://www.bleepingcomputer.com/download/rkill/dl/11/) I linked you to one with a different name, download to your desktop
Second:
-TDSSKiller(http://www.bleepingcomputer.com/download/tdsskiller/) download the .exe to your desktop
Now the path you take from there is going to vary but I would boot into safe mode and then run the iexplore.exe file, Rkill is a prewash to stop processes and servivices, then run TDSSkiller.
Now here is the place where your path may vary, you are going to run Rkill after each reboot, especially if it finds some file!
I have a bunch of different programs that I use:
Malwarebytes- probably not this time
Superantispyware-(http://www.superantispyware.com/) free version
Fsecure-(http://www.f-secure.com/en/web/labs_global/removal/easy-clean/faq), sometimes works, sometimes doesn't
Eset Online scanner-(http://www.eset.com/us/online-scanner-popup/) 9goof followup tool)
Now I have some issues with how sloooooow DrWeb is but is is a great tool:
(http://www.freedrweb.com/cureit/?lng=en)
But from what you are describing I would also be sure to start by updating Flash, Java and your Adobe reader (if you use it) and I would probably use a boot disk scanner:
http://www.squidoo.com/the-best-free-antivirus-rescue-cds
Now they all have their pluses and minuses:
I tend to use Kaspersky, but you have to tell it to delete things which is annoying
And then there is always running Combofix in safe mode:
http://www.bleepingcomputer.com/download/combofix/
This is The End
Penultimate Amazing
- Joined
- Sep 14, 2007
- Messages
- 10,924
In my Kaspersky instructions in the post above yours I note that you have to manually set it to automatically disinfect/delete.
I agree that that is annoying, it should be set to do that by default. The default settings makes you tell it OK on every single one...