Windows 10: I have contracted a Virus that shows many Ads

Yes, I still received the exact same error. Okay. I hope to resolve that when we get to the Ccleaner step. Just making sure it's still on the list to fix.

Yes, this is a full scan, not just a threat scan, and it will take some time. But, it is necessary, so we must be patient.

Okay. Please let it finish. I will need the log file when it's done.

If you plugged in the flash drive, and it was assigned a letter, say E:\, and you checked the box to scan E:\ as well, then yes, MBAM will scan it.

Internet Explorer (IE) does not have the add-on & settings capabilities like Firefox does, which I will be recommending for you. In Firefox, we can add several extensions, and also modify certain settings to *not* allow flash and java to run without your input. I'll also recommend a password manager, all of this for your surfing safety. In this case, I would strongly suggest you stick with Firefox, and only use IE if you happen to come across a particular website which does not function in Firefox (FF) (which almost NEVER happens anymore).

Yes, I was afraid of this. That's why I kept pushing for log files. It's important to not only clean the system, but to identify exactly what was on it, so you know just how much and what kind of damage was done. There are some infections which are so bad, your only course of action is a complete wipe of the hard disk, and a fresh install. In some cases, you will even find that a hidden partition has been created by the malware on the hard drive. Even, there are some infections that survive a complete wipe and fresh install.

Yes, well, good that you were using a different computer; bad that the infections got as severe as they did. The problem is, anything existing on the computer could have been compromised: i.e. any passwords saved in browsers are assumed stolen now. Any tax info/social security numbers/other personal ID information that may be stored in documents on the computer are assumed compromised. The Zbot/Zeus infection affords the attacker complete control of the infected computer - you have to assume they had access to everything, and proceed accordingly.

I'm glad we are able to help! I only wish we could have gotten to it sooner....

Thank you for your patience, and following, what can be at times, some very confusing instructions.

 

I ran the Malwarebytes AM Scan (complete); it took a few minutes over 2 hours: below is the Scan Log of items detected:
There were only 16 items.
I notice that "shopperz" is on the list: this is one file that gave me a lot of trouble: it constantly plagued me.

I just clicked on Remove Detected Files. It says that they were all quarantined.

 

MWAM wanted a "Restart," so I just restarted. The same DLL Error message appeared, by the way.

 

Okay, this is a good scan. All of the items were from the quarantine using ADWCleaner, except for one:

--------------------------------------
updating the RECAP list:

DONE-Set another restore point,
DONE-Run ESET from Firefox, save the log file and paste it here, let it delete whatever it finds.
DONE-Run Malwarebytes Anti-Exploit (see post #17)Download and install Malwarebytes Anti-Exploit
This will help protect your browsers against zero-day attacks. DONE-Run SuperAntiSpyware ( see post #49)

DONE-Please run one last scan of Malwarebytes Antimalware - but this time you're going to do a full scan of drive C and not just a threat scan (see my instructions in previous post #75)

sfc /scannow
CryptoPrevent
Set 2 restore points: CLEAN #1 and CLEAN #2
Ccleaner: open the list of existing restore points, and we will delete all old ones, because they contain infection remnants and we don't want to have them available for a restore. We will also have a look at your startups and autoruns, and your installed programs from here.

(I may have a couple of other tools I will add to the list here, if we find they are necessary, so TBD.)

Then, I will suggest you put a couple add-ons into Firefox and adjust some settings for safety, and ONLY use Firefox to browse the web, until Edge has extension support (sometime next year).

--------------------------------------


Please now let's run SFC /SCANNOW to make sure your operating system files are intact.
When you run the tool, we are looking for the answer "No integrity violations found".
If you get something else other than that, please reboot, and run the tool again. You should run this tool at leaast 3 times, to see if we can get the answer we are looking for.


EDIT: USE OPTION #3

Here are the instructions:
SFC Command - Run in Windows 10 - Windows 10 Forums

 

I just completed the sfc/scannow process: The message read:

I used "Option 3."

"Windows Resource Protection did not find any Integrity Violations."

I accessed the Command Prompt via Start > Command Prompt (Admin)

 

Excellent news.

Next:

Let's download and run CryptoPrevent

We will use standard protection. The computer will need to be rebooted after you've applied the protection.

Please give me a few moments to post some screenshots for you.

 

Running CryptoPrevent





Select default protection and click apply.





Check for updates. Please wait a minute or even minute and a half for it to contact the server for updates.





If an update is available, take it.
Please note this is the free version. It will not auto-update, so you could check that once and a while.

This is NOT a scanner. This makes group policy changes to your computer to prevent malicious code from running from within certain locations in your computer (like appdata), from which malware tend to typically execute their payload/code. It is not a "running" program. It simply makes the group policy changes and then does nothing else until you open it up to check for updates or change the settings.






















That's it.

 

The Link that you give in Post 95 brings up a Website that is very busy. It is difficult to determine where to click in order to download the software. Could you tell me what to click on there?

One possibility says: Download Locations. Below that it reads: Download at Author's site

Above this it Reads: CryptoPrevent 7.4.20

 

click here
[link removed]

when you've got it let me know, so I can delete the link, in case it changes in the future, and then we have a broken link in our thread.

 

OK, I installed CryptoPrevent. After the "Restart," a message came up that read: Prevention Successfully applied.

A window came up during the process about "WhiteListing" certain segments. It said that if I wasn't sure that I should click on "No" Do not WhiteList. So I clicked on No.

 

That's fine. Please stand by for my next post.