Stubborn Adware
Moderators: Bakhtosh, EvilHomer3k
- Isgrimnur
- Posts: 82258
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Stubborn Adware
After the Win10 upgrade, I've got an Adware infection that pops up a browser window every few days. Spybot and Malwarebytes haven't found anything, nor has Panda antivirus. With Panda in place, Windows Defender doesn't want to be accessible.
Any newer options that might help out? There's nothing I can see in the ads that would help with identifying the bugger.
Any newer options that might help out? There's nothing I can see in the ads that would help with identifying the bugger.
It's almost as if people are the problem.
- Anonymous Bosch
- Posts: 10514
- Joined: Thu Oct 14, 2004 6:09 pm
- Location: Northern California [originally from the UK]
Re: Stubborn Adware
Try scanning with SUPERAntiSpyware.
In the past, I've found it would catch malware that MBAM or Spybot may not, and vice versa.
In the past, I've found it would catch malware that MBAM or Spybot may not, and vice versa.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
- Pyperkub
- Posts: 23653
- Joined: Mon Dec 13, 2004 5:07 pm
- Location: NC- that's Northern California
Re: Stubborn Adware
I usually go right to HijackThis. It does take a bit of knowledge about what NOT to nuke however.
Since you're on Win10, are the popups in Edge, IE, or another browser?
Since you're on Win10, are the popups in Edge, IE, or another browser?
Black Lives definitely Matter Lorini!
Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
- Isgrimnur
- Posts: 82258
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Re: Stubborn Adware
Chrome.
SAS found a truckload of tracking cookies, and a false positive on Steam's Metal Gear.
SAS found a truckload of tracking cookies, and a false positive on Steam's Metal Gear.
It's almost as if people are the problem.
- Pyperkub
- Posts: 23653
- Joined: Mon Dec 13, 2004 5:07 pm
- Location: NC- that's Northern California
Re: Stubborn Adware
If you change your default browser (and reboot), do you still get the popups? I don't use Chrome, so I don't know much about Chrome pop ups, but this would tell you if it's in the OS, or the browser...
Black Lives definitely Matter Lorini!
Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
- Anonymous Bosch
- Posts: 10514
- Joined: Thu Oct 14, 2004 6:09 pm
- Location: Northern California [originally from the UK]
Re: Stubborn Adware
Good idea.Pyperkub wrote:I usually go right to HijackThis. It does take a bit of knowledge about what NOT to nuke however.
If you're unfamiliar with using HijackThis, I'd suggest pasting the results of your log file into the HijackThis.de automated log file analysis tool to help focus on any suspicious entries. Bear in mind though, automated log file analysis is not always going to be 100% accurate and is intended to be used for reference purposes, so you can seek out further information about suspect entries.
Using HijackThis, you should be able to prevent the malware from launching at startup, and at least develop a firmer notion of exactly what you're dealing with (and, if necessary, seek out more thorough and specific guidance on removal).
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
- Isgrimnur
- Posts: 82258
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Re: Stubborn Adware
It didn't show anything of immediate notice.
It's almost as if people are the problem.
- Anonymous Bosch
- Posts: 10514
- Joined: Thu Oct 14, 2004 6:09 pm
- Location: Northern California [originally from the UK]
Re: Stubborn Adware
In that case, I'd suggest enlisting the help of the Bleeping Computer malware removal boffins. They'll definitely help you figure out what you're iinfected with, and how to get rid of it.Isgrimnur wrote:It didn't show anything of immediate notice.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
- Isgrimnur
- Posts: 82258
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Re: Stubborn Adware
Will do if I see it again.
Default has been changed to Edge. Will let you know if I see any change.Pyperkub wrote:If you change your default browser (and reboot), do you still get the popups? I don't use Chrome, so I don't know much about Chrome pop ups, but this would tell you if it's in the OS, or the browser...
It's almost as if people are the problem.
- Kraken
- Posts: 43771
- Joined: Tue Oct 12, 2004 11:59 pm
- Location: The Hub of the Universe
- Contact:
Re: Stubborn Adware
If it keeps asking you to try Office 365 free for 30 days, that's a feature.
- Max Peck
- Posts: 13742
- Joined: Fri Aug 05, 2005 8:09 pm
- Location: Down the Rabbit-Hole
Re: Stubborn Adware
Check for an installed app called "Get Office" that wants to run in the background. You should be able to uninstall it, or you can just toggle off permission for it to run in the background.Kraken wrote:If it keeps asking you to try Office 365 free for 30 days, that's a feature.
"What? What? What?" -- The 14th Doctor
It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
- Kraken
- Posts: 43771
- Joined: Tue Oct 12, 2004 11:59 pm
- Location: The Hub of the Universe
- Contact:
Re: Stubborn Adware
Thanks! It doesn't show up in the Control Panel's list but CCleaner found and removed it. It was really starting to piss me off.Max Peck wrote:Check for an installed app called "Get Office" that wants to run in the background. You should be able to uninstall it, or you can just toggle off permission for it to run in the background.Kraken wrote:If it keeps asking you to try Office 365 free for 30 days, that's a feature.
- Isgrimnur
- Posts: 82258
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Re: Stubborn Adware
Hopefully that's what's been doing it.
It's almost as if people are the problem.
- GreenGoo
- Posts: 42325
- Joined: Thu Oct 14, 2004 10:46 pm
- Location: Ottawa, ON
Re: Stubborn Adware
Typically I ask Google about whatever it is specifically so that I get a solution targeting the exact issue.
Be careful of malicious sites pretending to help however.
All the advice in the thread has been bang on.
Be careful of malicious sites pretending to help however.
All the advice in the thread has been bang on.
- Grifman
- Posts: 21255
- Joined: Wed Oct 13, 2004 7:17 pm
Re: Stubborn Adware
Stop downloading porn
Tolerance is the virtue of the man without convictions. – G.K. Chesterton
- Isgrimnur
- Posts: 82258
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
- Max Peck
- Posts: 13742
- Joined: Fri Aug 05, 2005 8:09 pm
- Location: Down the Rabbit-Hole
Re: Stubborn Adware
When I was tracking it down, it didn't show up in the old-style "Programs and Features" list, but it was listed in the new-style "Settings/System/Apps & features" interface. I think that's because it is handled as a new-fangled app rather than a traditional program. I've seen claims that it gets reinstalled somehow if you uninstall it, but I haven't observed that to be the case myself. It and "Get Skype" both seem to be installed by default when the OS is installed. I'm not sure I get the point of having apps that only exist to "help" you get other apps, aside from annoying you of course.Kraken wrote:Thanks! It doesn't show up in the Control Panel's list but CCleaner found and removed it. It was really starting to piss me off.Max Peck wrote:Check for an installed app called "Get Office" that wants to run in the background. You should be able to uninstall it, or you can just toggle off permission for it to run in the background.Kraken wrote:If it keeps asking you to try Office 365 free for 30 days, that's a feature.
"What? What? What?" -- The 14th Doctor
It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
It's not enough to be a good player... you also have to play well. -- Siegbert Tarrasch
- Isgrimnur
- Posts: 82258
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Re: Stubborn Adware
MalwareBytes stopped a pop-up through its browser protection. It hasn't found the source through its scans, but at least that's something.
It's almost as if people are the problem.
- Rip
- Posts: 26891
- Joined: Tue Oct 12, 2004 9:34 pm
- Location: Cajun Country!
- Contact:
Re: Stubborn Adware
Make sure you scan for a rootkit in the boot sector. Malwarebytes has a product for that as well.Isgrimnur wrote:MalwareBytes stopped a pop-up through its browser protection. It hasn't found the source through its scans, but at least that's something.
https://blog.malwarebytes.com/malwareby ... i-rootkit/
- Isgrimnur
- Posts: 82258
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
- Isgrimnur
- Posts: 82258
- Joined: Sun Oct 15, 2006 12:29 am
- Location: Chookity pok
- Contact:
Re: Stubborn Adware
Turns out I'd managed to acquire a fake Adblock extension. My extensions contained two listings. The real one had an Options link while the other did not. After deleting the one without an Options link, it tried to take me to a page on the domain that had been popping up.
Panda had been blocking the popup, and handled the uninstall page as well.
Panda had been blocking the popup, and handled the uninstall page as well.
It's almost as if people are the problem.