Windows 10: I have contracted a Virus that shows many Ads

Nice! It worked!

OUCH! You had 3 different trojans, two of which were re-spawning themselves over and over.
Trojan.Downloader, Trojan.Symmi and Trojan.Agent

A ton of adware, gazilions of PUPs (Possibly Unwanted Programs).
Most of it is gone, but ESET will ferret out most of the leftovers, I think.

Run ESET from Firefox browser as I instructed above please. When it's finished, you will have an option to see what it has found, and copy to a text file. Then you can copy and paste the text file in here.

 

Two Victories!

I just did a "Restart" and now, when I click on Edge, www-searching.com does not appear!

Also, I was able to "uninstall" "NowUSeeIt Player."

I'll download FireFox first and then run the ESET Scan.

 

Instructions to run ESET from BC:

ESET Online Scanner
§ Click here to download the installer for ESET Online Scanner and save it to your Desktop.
§ Disable all your antivirus and antimalware software - see how to do that here.
§ Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
§ Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
§ Select Enable detection of potentially unwanted applications.
§ Click Advanced Settings, then place a checkmark in the following:
o Remove found threats
o Scan archives
o Scan for potentially unsafe applications
o Enable Anti-Stealth technology
§ Click Start to begin scanning.
§ ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
§ When the scan is done, click List threats (only available if ESET Online Scanner found something).
§ Click Export, then save the file to your desktop.
Click Back, then Finish to exit ESET Online Scanner.

 

I ran the ESET Scan, but I didn't do it properly. It took about an hour. At the end, it gave me the option to "purchase" or for a "30-day free trial." I clicked on the "30-day free trial," thinking that I had to click on one or the other. It is possible that I didn't have to choose. I also had the option of deleting the ESET software or keeping it on my computer. I chose the option to keep it on my computer.

Then it went down to the task-bar. I brought it back up, but there was no tab to copy the Scan Log that I could see. ESET flagged about 170 files as potential threats; possibly some of them were definite threats, but I didn't get a chance to look at the whole list.

I downloaded FireFox, by the way, but I don't know if ESET was downloaded and the Scan run with FireFox. It'll probably take another hour. We'll likely have to continue this tomorrow. Thanks for all you help, as usual.

I just read the instructions in your post above this one. I'll try to run the ESET Scan again closely following the instructions.

 

Yes, that sounds about right.

No, you didn't have to chose either - I think at that point you can just close the window...can't remember; haven't run it in a while myself.

Yes, good, in case we need it again, that's fine.

So, were you able to have it quarantine everything it found?

If you were able to get through the screens to the point where it "cleaned" everything, you should be fine. I think, if you got to the point where it offers the trial, you were successful.

What browser did you use to go to the online scanner? Firefox? If so, then it was run with Firefox. I don't think it works with Edge yet; I could be wrong on that though...I'll have to give it a try.

Please try Edge> Settings>Advanced Settings>Open Proxy Settings and see if there is anything in there. If so, get rid of it. Below is a picture of the way mine looks - yours should match. If there are any differences, let me know what they are, and then change them.







To get here, click on the three dots in the top right-hand corner of Edge, then Settings, then scroll down to View Advanced Settings, then select Open proxy settings.


If you want to do just a little more tonight, I would set a new restore point "Prepare to reset browsers", and then follow the instructions to reset them, including Edge. But, if you've had enough for today, we could wait until tomorrow to do that. It's up to you. I will be around for a while, if you want to do it now.

Reset Internet Explorer
To open, type iexplore.exe in the search box
https://support.microsoft.com/en-us/kb/923737
Reset Edge
How to reset Microsoft Edge in Windows 10 when things are broken | Windows Central


Once your browsers have been reset, you will want to download and install SuperAntiSpyware. Open the program, update the virus definitions, and run a scan of drive C.

I will update this post with screenshots just as soon as I capture them for you.

BE SURE TO UNCHECK the GOOGLE CHROME INSTALL BOXES DURING INSTALL. (UGH! I hate when they do that!)







Install "for anyone who uses this computer".







Decline the Trial






Update the virus definitions






Then click Scan This Computer. Select Custom Scan.





Make sure all the boxes are checked at the top, and then click on the big plus sign, to tell it where you want it to scan.





Select This PC, then local disk (C : )





If selected properly, it should look like this:






Click Start Scan.







Tracking cookies are nothing to worry about, but they should be cleaned every now and then.

 

I do not wish to derail the thread, but what "Adobe" was downloaded? Was it Flash, or Acrobat?

 

I suspect it was not an authentic Adobe download.

 

I'm sure that I did not do ESET properly. I'll do it again tomorrow. I'll uninstall it or delete it from my downloads and download it again; this time I won't choose between "Purchase" and "30-day Free Trial."

I went to Edge > three dots > Settings > View Advanced Settings but I couldn't find an option called "Open Proxy Settings." Is it hidden under one of the other options?

I did not use FireFox to go to the ESET Online Scanner, but I'll be sure to do that tomorrow.

I'll also create the new System Restore Point that you suggest tomorrow. This sounds as though it will take some time.

I'm going to call it a day for now; it's approaching 11 pm here in Florida, and I've had a long day.

If you're not on Microsoft's payroll, I think you should be. Thanks again for all you help.

 

Yeah, but was the lure. I'm curious, and it helps others to be aware.

 

HURRAH! NOW we're talking! I think, based on this news, we may be able to skip resetting the Edge browser. Let's leave that for now.

It's a bit tricky at the end. I will try to post some screen shots for you to follow tomorrow.

Yes, tomorrow is fine.

So, to recap,
Set another restore point,
Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
Run Malwarebytes Anti-Exploit (see post #17)
Run SuperAntiSpyware
Run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (I'll give you those instructions tomorrow).
Then we'll run SFC /SCANNOW to make sure your operating system files are intact.
Finally, we will have you install CryptoPrevent to stop these nasties from running in the future.

We will then set 2 new restore points, calling them CLEAN1 and CLEAN2.
Then we will install Ccleaner (free version), open the list of existing restore points, and we will delete all old ones, because they contain infection remnants and we don't want to have them available for a restore.

Then, I will suggest you put an add-on in Firefox and adjust some settings for safety, and ONLY use Firefox to browse the web, until Edge has extension support (sometime next year).

Good night! *Smile

 

I often see "Your flash is out of date click here to install", don't do it...


@Writer, did you get your Windows Defender running again? It was mentioned earlier in this thread that it had been disabled, wasn't sure if it was fixed. Sorry if you and @simrick have covered this already...

 

@Writer
Instructions for running ESET in Firefox and grabbing the info:
(I have to do this in several posts, as there is a limit to attachments in each one.)

 

ESET Part 2










You may also want to scan archives. I don't show that checked here.
Be sure to check all external drives to be scanned as well, if they were connected to the computer at any time when it was infected. DVD is not scanned.














Click list of found threats. Select Export to text file or copy to clipboard.














Click Back. Select Manage Quarantine. This is where you restore any false positives. You don't have to worry about that..





Don't restore anything on your system!





Click Back.





Click Finish. Your computer has been cleaned. Now the BUY or Trial box shows. You can just close that.

 

Since he took the free trial of ESET, I'm sure Defender will be disabled, but legitimately this time.

 

Cool *Smile