Windows 10: I have contracted a Virus that shows many Ads

I just got started at about 9:30 am
Thanks for all of the new Information.

I created another System Restore Point: "11-17-2015 Tuesday"

Concerning lx07's query about Defender: I just checked, and it says the same as yesterday: "This app is turned off by Group Policy." So, I don't know if it is still incapacitated from the virus. Thanks for the question, @lx07.

When I booted up this morning, the following message appeared: I don't know it's significance:

Concerning my not finding "Open Proxy Settings": I looked again, and this option is not there. You show it as being just above "Privacy and Services." On mine, just above "Privacy and Services" is "Always use caret browsing." However, as you write, we may not need to reset Edge since www-searching.com is now gone.

I'll download ESET now and run the Scan. I don't know if I can use the computer for other matters when the Scan is running, so I'll probably be occupied with the Scan for at least an hour.

Malwarebytes did an automatic Scan this morning at 9:09 am; here is the Scan Log:
One file was removed: PUP.Optional.CrossRider

 

You still have to be careful of the genuine article, Adobe has been sneaking in stuff for a while & it seems as if they have escalated the effort to put crap on your OS in order to get some extra $$$$. Not surprising since flash seems to be on the way out & under heavy fire. They have to make up lost revenues somehow.

 

Question about ESET:

When I go to their Website, there are a few options: At the top it says: Run ESET Online Scanner;

below, on the left, there are two options: Online One-Time Scan or Unlimited 30-Day Scanner

Which one of these options should use?

 

Yes, and it will normally be disabled because you have the free trial of ESET on there now, right? So it's difficult at this point to know if it is a legitimate disabling or not. We will address that in the future. You can only have one active anti-virus running on a system at a time. Running multiple active/real-time antivirus programs will cause conflict, and reduce their effectiveness. MBAM is designed to run in conjunction with your active anti-virus - they play nice together.

This is caused from a leftover of one of the malware. It is trying to call a DLL file (Dynamic Link Library file), which was set to run automatically. But, the file it's looking for has been deleted/quarantined, so it's failing, and you see the error. As you can see, we still have some work to do. I wouldn't worry about it at this point, but good you let us know it's happening.

You can try getting to the same page from Settings, or you could search for Proxy Settings in the search bar at the bottom left. I am not at my W10 rig right now, so I can't give you exact steps. I assume there is no difference between Home and Pro in this setting, but I can't be sure, and I don't know which version you have.

Sounds good.

Again, Rootkit detection is turned off - need to turn that on in the setting of MBAM. It must default to that setting because you're on the trial of that too, right? No matter. You'll be running Malwarebytes Anti-Rootkit (MBAE) soon anyway. And yes, we may find leftovers cropping up yet in some of the scans. Sometimes, you have to get rid of some of the layers of infections before the others are found.

You're doing a great job! Keep up the good work! *Biggrin

I am in and out of the forum today, so I will try to keep up here. Please follow my "RECAP" a couple posts back, and report in. Thanks.

 

The one-time scanner as in my first photo.

 

So true!

 

Settings>Network and internet>Proxy

 

Great help on this simrick, +1

 

Cheers @Borg 386. Unfortunately, I will be unavailable for much of today - in and out - so, if you could assist @Writer with my "RECAP" of what's to be done today if I am not answering, I would greatly appreciate it! *Smile

 

Will do if I get back later soon enough, I have a doc appt today & so does my Wife. Busy day for both of us eh?

 

Right! Thanks.

 

I ran the ESET Scan; here is the Scan Log: This was the first Scan; I did a second Scan, the Scan Log of which is posted below. I forgot to click on Advanced Settings for the first Scan.

I was able to get to the "Proxy Settings." The Automatically Detect Settings" is "On." I accessed the Proxy Settings via "start > search > Proxy."

 

I did a second Scan with ESET because I forgot to click on the Advanced Settings the first time: Below is the Scam Log:
There is a check-box at the bottom that asks if you want to "Delete Quarantined Files." Should I check that box?

 

Moment please - I have just returned.

EDIT:
Based on what I see here, yes - go ahead and delete. Some of it is from ADWCleaner, but that's not a problem. We can always reinstall that if we need it.

 

I'm pasting the RECAP notes here, to keep things simple - this thread is getting a little long...

So, to recap,
DONE-Set another restore point,
DONE-Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
Run Malwarebytes Anti-Exploit (see post #17)Download and install Malwarebytes Anti-Exploit
This will help protect your browsers against zero-day attacks. Run SuperAntiSpyware ( see post #49)

(a lot of instructions with pics - I will not paste here.)

Run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (I'll give you those instructions in the next post).


Once this is all done:
Then we'll run SFC /SCANNOW to make sure your operating system files are intact.
Finally, we will have you install CryptoPrevent to stop these nasties from running in the future.

We will then set 2 new restore points, calling them CLEAN1 and CLEAN2.
Then we will install Ccleaner (free version), open the list of existing restore points, and we will delete all old ones, because they contain infection remnants and we don't want to have them available for a restore. We will also have a look at your startups and autoruns, and your installed programs from here.

Then, I will suggest you put a couple add-ons into Firefox and adjust some settings for safety, and ONLY use Firefox to browse the web, until Edge has extension support (sometime next year).

Okay?