VideoHelp Forum
+ Reply to Thread
Results 1 to 14 of 14
Thread
  1. Member
    Join Date
    Mar 2015
    Location
    melb
    Search Comp PM
    Here is a screenshot of what usually comes up, only thing to do is kill the process in task manager, its characterised by opening tabs to other sites when clicking in most areas of a certain webpages, mostly ones withs ads, & some online buying stores.
    I have ran a handful of free programs like spybot s&d, malawarebytes, ccleaner & virus scan. Still this problem happens after whatever is found is cleared. Seems to take a while after first running chrome before the problems show.

    I would like to have some idea what this is called if anyone knows so I can try remove it. Or if there is a program online that can scan your browser for bad stuff?

    thanks
    Quote Quote  
  2. Member hech54's Avatar
    Join Date
    Jul 2001
    Location
    Yank in Europe
    Search PM
    Try RogueKiller, ComboFix(read directions CAREFULLY) and HiJackThis, and also run all of the others while windows is in SAFE MODE.
    Quote Quote  
  3. Член BJ_M's Avatar
    Join Date
    Jul 2002
    Location
    Canada
    Search Comp PM
    "Each problem that I solved became a rule which served afterwards to solve other problems." - Rene Descartes (1596-1650)
    Quote Quote  
  4. Member
    Join Date
    Mar 2015
    Location
    melb
    Search Comp PM
    Originally Posted by hech54 View Post
    Try RogueKiller, ComboFix(read directions CAREFULLY) and HiJackThis, and also run all of the others while windows is in SAFE MODE.
    Thanks, ill give them a try.

    thanks ill look into it
    Quote Quote  
  5. Member
    Join Date
    Mar 2015
    Location
    melb
    Search Comp PM
    Hoping someone knows what results I should delete with roguekiller. I don't really understand what is dangerous and should be deleted.

    here is a screen of the results:
    Quote Quote  
  6. Member
    Join Date
    Mar 2015
    Location
    melb
    Search Comp PM
    I still don't know if you are suppose to delete the rootkit in the MBR? Could this damage something preventing the OS from starting up?
    Quote Quote  
  7. Member hech54's Avatar
    Join Date
    Jul 2001
    Location
    Yank in Europe
    Search PM
    Originally Posted by Gurd99 View Post
    I still don't know if you are suppose to delete the rootkit in the MBR? Could this damage something preventing the OS from starting up?
    When my son "found" something like this while using MY computer, the computer was almost un-useable so I had these programs kill everything. I don't believe I ever found a root kit on my computer but my son found several browser hijackers. I guess it depends on your pain threshold and the faith you have that most of your important data is backed up elsewhere.
    If you are afraid of RogueKiller.....try HiJackThis first. It has better "get rid of this" type of info available. I believe there is still a website online where you copy and past your log and it will tell you what to kill.
    Quote Quote  
  8. Member
    Join Date
    Mar 2015
    Location
    melb
    Search Comp PM
    Originally Posted by hech54 View Post
    Originally Posted by Gurd99 View Post
    I still don't know if you are suppose to delete the rootkit in the MBR? Could this damage something preventing the OS from starting up?
    When my son "found" something like this while using MY computer, the computer was almost un-useable so I had these programs kill everything. I don't believe I ever found a root kit on my computer but my son found several browser hijackers. I guess it depends on your pain threshold and the faith you have that most of your important data is backed up elsewhere.
    If you are afraid of RogueKiller.....try HiJackThis first. It has better "get rid of this" type of info available. I believe there is still a website online where you copy and past your log and it will tell you what to kill.
    I think I will leave it, apart from chrome my system seems pretty stable. Don't wont to risk ruining it.
    Quote Quote  
  9. It's not that freaking hard, you just need to do a little work, and that thing will almost definitely affect your other browsers over time. Kill it NOW.

    You have to get it all, both the visible payload AND the re-infection vector. Run CCleaner, BOTH the broom and the blocks, temp files and registry, after a reboot to safe mode after each clean.

    Etdriv.sys listed in first screenshot looks suspicious. Google it. Mountmgr.sys also, though this may be part of anydvd. Google it. Do thiese first, they run as services and must be the first elimination if necessary. Delete both the service entry and the actual file. If indicated, do this first after initial boot to safe mode.

    Boot to safe mode. Rkill, ccleaner, malwarebytes. MANUALLY EMPTY ALL TEMP DIRECTORIES. Reboot in normal mode for malwarebytes to finish, do NOTHING else, reboot in safe mode, ccleaner, Malwarebytes AGAIN, repeat if necessary, repeat manual deletion of temp directories, google the above sys files, delete if indicated, repeat safe mode boot and cleaner, malwarebytes, manual temp file check.

    Note the directories malware is found in, if questionable, delete after googling and/or rename directories, ccleaner afterwards. Check for re-appearance of these directories and suspicious files in temp directories. If in doubt, Google it. These are your first indications that the virus process is still active. You MUST eliminate the re-infection vectors as well as the final payload, otherwise you are just wasting your time.

    Also check all appdata directories for suspicious or related entries. Be alert for new entries appearing after commencing the cleaning process. Remove them.

    You should also have at least one more virus scanner, I have found the free version of AVG to be effective and less problematic than most other alternatives. Add this secondary scanner, in full scan mode, to the above rotation.
    Quote Quote  
  10. Member
    Join Date
    Mar 2015
    Location
    melb
    Search Comp PM
    Originally Posted by Nelson37 View Post
    It's not that freaking hard, you just need to do a little work, and that thing will almost definitely affect your other browsers over time. Kill it NOW.

    You have to get it all, both the visible payload AND the re-infection vector. Run CCleaner, BOTH the broom and the blocks, temp files and registry, after a reboot to safe mode after each clean.

    Etdriv.sys listed in first screenshot looks suspicious. Google it. Mountmgr.sys also, though this may be part of anydvd. Google it. Do thiese first, they run as services and must be the first elimination if necessary. Delete both the service entry and the actual file. If indicated, do this first after initial boot to safe mode.

    Boot to safe mode. Rkill, ccleaner, malwarebytes. MANUALLY EMPTY ALL TEMP DIRECTORIES. Reboot in normal mode for malwarebytes to finish, do NOTHING else, reboot in safe mode, ccleaner, Malwarebytes AGAIN, repeat if necessary, repeat manual deletion of temp directories, google the above sys files, delete if indicated, repeat safe mode boot and cleaner, malwarebytes, manual temp file check.

    Note the directories malware is found in, if questionable, delete after googling and/or rename directories, ccleaner afterwards. Check for re-appearance of these directories and suspicious files in temp directories. If in doubt, Google it. These are your first indications that the virus process is still active. You MUST eliminate the re-infection vectors as well as the final payload, otherwise you are just wasting your time.

    Also check all appdata directories for suspicious or related entries. Be alert for new entries appearing after commencing the cleaning process. Remove them.

    You should also have at least one more virus scanner, I have found the free version of AVG to be effective and less problematic than most other alternatives. Add this secondary scanner, in full scan mode, to the above rotation.
    Thanks, I tried all this, but when using roguekiller in safe mode it says need to restart & apon restart I get a BSOD. After start os normally the infection didn't get deleted. I don't wont to keep trying unless there is a way to undo the changes to mbf. I sometimes get bsod when plugging in usb drives or after swapping sata drives around.
    Quote Quote  
  11. I had a problem just like this with Chromium on Linux. It told me Windows had a virus and I must call this phone number for technical assistance, bla bla. This popup-tab even had a female voice recording on it, to sound "technical". And ad popup tabs would happen as well.

    What I did to solve the problem was un-install all my extensions, and the problem was solved.

    It ended up that my specific problem was an extension to download flash videos (from youtube and sites like that).

    So I would suggest you uninstall all your extensions in Chrome, and see if that solves your problem. If it does, then I would suggest being very careful which extensions you install, like for example, only install extensions that have over 1000 reviews or something like that, and that you know for sure is legitmate.
    Quote Quote  
  12. Originally Posted by deadmeow View Post
    I had a problem just like this with Chromium on Linux. It told me Windows had a virus and I must call this phone number for technical assistance, bla bla. This popup-tab even had a female voice recording on it, to sound "technical". And ad popup tabs would happen as well.
    Yeah, I ran into a similar pop up that mimicked a blue screen and told me that my Windows installation was messed up and that it needed to be repaired by calling a number and paying them a nominal fee. Another time I had a pop up that said that all my files on my Windows computer had been encrypted and that I had to pay a fee in order to have them unencrypted. One other time I had a pop up telling me that the FBI had locked my Windows computer and that I needed to pay a fine of x amount in order for my computer to be unlocked.

    The best part about all of those times was that I was running Linux Mint from a thumb drive (I decided to give it a test drive for a while before making the switch to Linux). The "fix" was to shut down the pop up and all was fine.
    Quote Quote  
  13. Hi, last month i have faced the same issue. My computer affected by CTB locker. And i unable to do anything. Then i followed below steps to fix it.
    http://www.pccaretips.com/blog/how-to-get-rid-of-adf-ly-virus-step-by-step.html
    Quote Quote  



Similar Threads

Visit our sponsor! Try DVDFab and backup Blu-rays!