Windows 10: I have contracted a Virus that shows many Ads

How to run a FULL scan using Malwarebytes Antimalware - a full scan of drive C and not just a threat scan:

Open MBAM. IN the dashboard, verify your database is current, otherwise click on update.





Click on Settings tab, and verify as shown below.





In the Scan tab, click on Custom





In the Custom Scan Configuration, select all 4 boxes at the left, make sure PUPs and PUMs and "Treat detections as malware". Select all your drives that have been connected to the computer (internal and external) but not DVDs for scanning, and click Start Scan.






Please upload that log file when finished. You can paste it right in this thread.

I will be gone again now for another 1-2 hours.

 

I downloaded the "Malwarebytes Anti-Exploit" software; however, when I click on "Run as Administrator," a window comes up, but nothing happens. A very small tab on the window says "running" in bold with green highlite. At the bottom, there are two tabs: one says "buy now" the other says "activate."

Below "Running," there are two tabs: one says "Stop Protection" the other says "Close."

At the very top, it says: Malwarebytes Anti-Exploit Free

At the top there are six tabs, they read: General - Shields - Logs - Exclusions - Settings - About (General is the Default setting.)

When I click on "Activate," it asks me to "Register License:" it asks for my license ID and a License Key

There is no tab to prompt me to begin the Scan.

 

Anti-exploit is not an antivirus. It blocks exploit attacks on internet browsers, plugins, PDF readers, etc.

Exploits are anything that takes advantage of a security problem in a program (vulnerability) to download viruses onto a computer without the intervention of the user.

Are looking for Malwarebytes Anti-Malware?

 

Thanks @You.

We want anti-exploit. There is nothing to run....it stays resident in the background to prevent infection. There is just one setting we need to make to get rid of annoying reminders....I am not at a computer now so that will have to wait until I get back.

All is fine. Please proceed to the next step.

 

I don't think Adobe would sneak anything that bad into Flash, maybe McAfee Security Scan or Google Chrome. There are plenty of fake installers - just search for Firefox on Bing.

If guys can't figure this out (Simrick is already helping , obviously), don't forget about Dr. Web CureIt!

(I'm not sure if this has already been suggested) Try HitmanPro 3, too. It is premium software but there is a 30 day trial that still removes malware.

And last but not least, HerdProtect. (made by Reason Software, who also made the Should I Remove It, Reason Core Security, and Unchecky programs) This program is really interesting. It's a cloud scanner that uploads files and scans them with every antivirus in existence, sorta like Virustotal, Anubis or Jotti. It only performs quick scans, but it should be able to catch what's plaguing .

 

Just note that the risk of false positives with HerdProtect is very high (that's a problem if r av uses 68 antivirus engines). Just post a list of the detection details here, or a screenshot.

HerdProtect tries to hide false positives but that could mean that very new viruses which are detected by only 1-2 AVs may not be detected. may want to disable that option.

 

Thanks @You. Will keep those in mind if we need them. We still have a few things to accomplish before I could say we're at a standstill. So far, we are progressing as expected.
@Writer: here is the one setting I would like you to make on the Malwarebytes anti-exploit (MBAE)





Untick the box to tooltips - they get annoying.

Let me know when the SuperAntiSpyware (SAS) scan has completed. I will be available now for about an hour. Thanks.

 

Eset does not turn this program off, one of the malware progs has done this.
It will need to be reset manually.

Roy

 

I ran the Scan for SuperAntiSpyware; here is the Scan log: it is long: the Trojan files are at the very end:
It requested that I "Reboot" afterward, so I did.

SUPERAntiSpyware Scan Log 11-17-2015 4.35 pm.docx

Concerning the Malwarebytes Anti-Exploit: Now I can't find the window with all of the tabs at the top. When I go to downloads and bring it up, it has me go through the installation process again. I'll continue to look for it.

 

Thanks, I will have a look at the log.

The MBAE icon is probably hidden. Look in the bottom right-hand corner of your screen - see all the icons? There will be a little "UP" arrow, and if you click that, a lot of other running icons will show - MBAE will be a shield there. Hover over the icon and right-click and select SHOW.

 

I found the Icon for Malwarebytes Anti-Exploit in the bottom-right corner. I unchecked the "Show system tray notification tooltips."

After the SuperAntiSpyware Scan, It requested a Reboot, so I did one.

 

Great!

Trojan.Agent/Gen-Qbot: Qbot is a very nasty backdoor trojan that "hooks" into the API system. It's very difficult to get rid of, but SuperAntiSpyware should have done the trick.

Zeus/Zbot: Trojan.Agent/Gen-Zbot
Trojan.Zbot | Symantec

@Writer I am not happy to see this. As a result, I will advise that you change all your passwords including email, online shopping, credit card accounts, online banking accounts, online retailers, etc. Start with email and work on from there. Hackers will target email to impersonate you, and begin the identity theft procedures. If your information has been compromised, it will be all over places like Pastebin, for the whole world to see.

I'm really sorry about that. I will help you set up Firefox with a password manager when we are sure you are clean. For now, when changing passwords, DO NOT let your browser store them. Stored passwords in browsers are too easily stolen.

Just write them down in a little notebook for now as you change them.

 

updating the RECAP list:

So, to recap,
DONE-Set another restore point,
DONE-Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
DONE-Run Malwarebytes Anti-Exploit (see post #17)Download and install Malwarebytes Anti-Exploit
This will help protect your browsers against zero-day attacks. DONE-Run SuperAntiSpyware ( see post #49)

(a lot of instructions with pics - I will not paste here.)

Please run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (see my instructions in previous post #75)

I will be unavailable now for 1-1/2 to 2 hours. Please be patient with me. I will be back later.

 

One question - when you rebooted last time, did you still receive the bad DLL call error?

 

Yes, I still received the exact same error.

I'm running the Malwarebytes Antimalware Scan now, it has been running for 41 minutes so far. It's now 6:09 pm EST. It's now been running for one hour and six minutes; it's 6:33 pm EST.

MWAM has been running for 1 hour & 32 Minutes now: it is 7:00 pm EST. So far, there are 16 detected objects.

I plugged in the Flash Drive that I have been using, and I checked the E Drive on MWAM. Will MWAM also Scan the Flash Drive?

Concerning your recommendation not to use Microsoft Edge: Is it OK to use Internet Explorer as well as FireFox?

That's bad news about the Trojan malware. I'll start changing my passwords as soon as possible.

Question: What is the API System the the Trojan.Agent/Gen-Qbot infects? What does API stand for?

The viruses have been on my computer since Monday, November 9, 2015, at about 2:00 pm; that's nine days total. The viruses made using the infected computer so difficult that I didn't use it very much. I used another computer I have that has Windows 7 Professional on it during several days after Nov. 9. Hopefully, the Trojan viruses did not have much success in collecting information. It's lucky that I heard about Windows Ten Forums, otherwise I would have been in real deep trouble.

It has been very worthwhile to run a variety of Scans; I'm glad that you have made these recommendations.