Stubborn Adware

For general computer discussion & help, come here

Moderators: Bakhtosh, EvilHomer3k

Post Reply
User avatar
Isgrimnur
Posts: 82093
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Stubborn Adware

Post by Isgrimnur »

After the Win10 upgrade, I've got an Adware infection that pops up a browser window every few days. Spybot and Malwarebytes haven't found anything, nor has Panda antivirus. With Panda in place, Windows Defender doesn't want to be accessible.

Any newer options that might help out? There's nothing I can see in the ads that would help with identifying the bugger.
It's almost as if people are the problem.
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Stubborn Adware

Post by Anonymous Bosch »

Try scanning with SUPERAntiSpyware.

In the past, I've found it would catch malware that MBAM or Spybot may not, and vice versa.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: Stubborn Adware

Post by Pyperkub »

I usually go right to HijackThis. It does take a bit of knowledge about what NOT to nuke however.

Since you're on Win10, are the popups in Edge, IE, or another browser?
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
User avatar
Isgrimnur
Posts: 82093
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Stubborn Adware

Post by Isgrimnur »

Chrome.

SAS found a truckload of tracking cookies, and a false positive on Steam's Metal Gear.
It's almost as if people are the problem.
User avatar
Pyperkub
Posts: 23583
Joined: Mon Dec 13, 2004 5:07 pm
Location: NC- that's Northern California

Re: Stubborn Adware

Post by Pyperkub »

If you change your default browser (and reboot), do you still get the popups? I don't use Chrome, so I don't know much about Chrome pop ups, but this would tell you if it's in the OS, or the browser...
Black Lives definitely Matter Lorini!

Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Stubborn Adware

Post by Anonymous Bosch »

Pyperkub wrote:I usually go right to HijackThis. It does take a bit of knowledge about what NOT to nuke however.
Good idea.

If you're unfamiliar with using HijackThis, I'd suggest pasting the results of your log file into the HijackThis.de automated log file analysis tool to help focus on any suspicious entries. Bear in mind though, automated log file analysis is not always going to be 100% accurate and is intended to be used for reference purposes, so you can seek out further information about suspect entries.

Using HijackThis, you should be able to prevent the malware from launching at startup, and at least develop a firmer notion of exactly what you're dealing with (and, if necessary, seek out more thorough and specific guidance on removal).
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Isgrimnur
Posts: 82093
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Stubborn Adware

Post by Isgrimnur »

It didn't show anything of immediate notice.
It's almost as if people are the problem.
User avatar
Anonymous Bosch
Posts: 10512
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Stubborn Adware

Post by Anonymous Bosch »

Isgrimnur wrote:It didn't show anything of immediate notice.
In that case, I'd suggest enlisting the help of the Bleeping Computer malware removal boffins. They'll definitely help you figure out what you're iinfected with, and how to get rid of it.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Isgrimnur
Posts: 82093
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Stubborn Adware

Post by Isgrimnur »

Will do if I see it again.
Pyperkub wrote:If you change your default browser (and reboot), do you still get the popups? I don't use Chrome, so I don't know much about Chrome pop ups, but this would tell you if it's in the OS, or the browser...
Default has been changed to Edge. Will let you know if I see any change.
It's almost as if people are the problem.
User avatar
Kraken
Posts: 43688
Joined: Tue Oct 12, 2004 11:59 pm
Location: The Hub of the Universe
Contact:

Re: Stubborn Adware

Post by Kraken »

If it keeps asking you to try Office 365 free for 30 days, that's a feature.
User avatar
Max Peck
Posts: 13682
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: Stubborn Adware

Post by Max Peck »

Kraken wrote:If it keeps asking you to try Office 365 free for 30 days, that's a feature.
Check for an installed app called "Get Office" that wants to run in the background. You should be able to uninstall it, or you can just toggle off permission for it to run in the background.
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
Kraken
Posts: 43688
Joined: Tue Oct 12, 2004 11:59 pm
Location: The Hub of the Universe
Contact:

Re: Stubborn Adware

Post by Kraken »

Max Peck wrote:
Kraken wrote:If it keeps asking you to try Office 365 free for 30 days, that's a feature.
Check for an installed app called "Get Office" that wants to run in the background. You should be able to uninstall it, or you can just toggle off permission for it to run in the background.
Thanks! It doesn't show up in the Control Panel's list but CCleaner found and removed it. It was really starting to piss me off.
User avatar
Isgrimnur
Posts: 82093
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Stubborn Adware

Post by Isgrimnur »

Image

Hopefully that's what's been doing it.
It's almost as if people are the problem.
User avatar
GreenGoo
Posts: 42239
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Stubborn Adware

Post by GreenGoo »

Typically I ask Google about whatever it is specifically so that I get a solution targeting the exact issue.

Be careful of malicious sites pretending to help however.

All the advice in the thread has been bang on.
User avatar
Grifman
Posts: 21196
Joined: Wed Oct 13, 2004 7:17 pm

Re: Stubborn Adware

Post by Grifman »

Stop downloading porn :D
Tolerance is the virtue of the man without convictions. – G.K. Chesterton
User avatar
Isgrimnur
Posts: 82093
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Stubborn Adware

Post by Isgrimnur »

I switched to streaming years ago. :P
It's almost as if people are the problem.
User avatar
Max Peck
Posts: 13682
Joined: Fri Aug 05, 2005 8:09 pm
Location: Down the Rabbit-Hole

Re: Stubborn Adware

Post by Max Peck »

Kraken wrote:
Max Peck wrote:
Kraken wrote:If it keeps asking you to try Office 365 free for 30 days, that's a feature.
Check for an installed app called "Get Office" that wants to run in the background. You should be able to uninstall it, or you can just toggle off permission for it to run in the background.
Thanks! It doesn't show up in the Control Panel's list but CCleaner found and removed it. It was really starting to piss me off.
When I was tracking it down, it didn't show up in the old-style "Programs and Features" list, but it was listed in the new-style "Settings/System/Apps & features" interface. I think that's because it is handled as a new-fangled app rather than a traditional program. I've seen claims that it gets reinstalled somehow if you uninstall it, but I haven't observed that to be the case myself. It and "Get Skype" both seem to be installed by default when the OS is installed. I'm not sure I get the point of having apps that only exist to "help" you get other apps, aside from annoying you of course. :)
"What? What? What?" -- The 14th Doctor

It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
User avatar
Isgrimnur
Posts: 82093
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Stubborn Adware

Post by Isgrimnur »

MalwareBytes stopped a pop-up through its browser protection. It hasn't found the source through its scans, but at least that's something.
It's almost as if people are the problem.
User avatar
Rip
Posts: 26891
Joined: Tue Oct 12, 2004 9:34 pm
Location: Cajun Country!
Contact:

Re: Stubborn Adware

Post by Rip »

Isgrimnur wrote:MalwareBytes stopped a pop-up through its browser protection. It hasn't found the source through its scans, but at least that's something.
Make sure you scan for a rootkit in the boot sector. Malwarebytes has a product for that as well.

https://blog.malwarebytes.com/malwareby ... i-rootkit/
User avatar
Isgrimnur
Posts: 82093
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Stubborn Adware

Post by Isgrimnur »

Scan Finished: no malware found
It's almost as if people are the problem.
User avatar
Isgrimnur
Posts: 82093
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Stubborn Adware

Post by Isgrimnur »

Turns out I'd managed to acquire a fake Adblock extension. My extensions contained two listings. The real one had an Options link while the other did not. After deleting the one without an Options link, it tried to take me to a page on the domain that had been popping up.

Panda had been blocking the popup, and handled the uninstall page as well.
It's almost as if people are the problem.
Post Reply