Solved Ads still persist even after removal

[Jgor]

Yes, still getting malware warning popup on this page using Opera. I'm running a full system scan right now (it's deep into my backup drive right now) and I'll run a fresh malwarebits scan once this is done.

I did something I forgot I was not supposed to do while figuring out current issues, and that is install new software. Avast was feeling bloated, not sleek like 5 years ago, and seemed most responsible for the amount of fragmentation that was slowing my HD. It was coming up for renewal, so I uninstalled it and replaced it with BitDefender. What I didn't realize is BD would take out Spybot S&D on installation.

I also got a surprise tab opening when I opened Opera to repy here, a baking recipe I looked at briefly several days ago that's never popped up before. Considering I've opened and closed Opera many times since, including with different re-start options, that just seems buggy. That's yet another program that doesn't seem as slick as when I first used it.

One final system tweak is switching my default defrag program from IObits Smart Defrag to Defraggler. I'd been manually running the latter for the past couple of weeks, and my machine just seems much faster on this program. No install or uninstall for this change, however.

 

[TwinHeadedEagle]

Can you reinstall Opera?

 

[Jgor]

Why not? I did that perhaps a week before finding this forum, I can do it again. Would that have any effect on the spiessummarizing warning also in Firefox though? Currently 3:30am, Bitdefender still scanning the backup drive on USB 3. Hopefully that will be done when I get up again in a few hours.

 

[Jgor]

This is interesting .... I went to the Opera forum, and someone else is having some of the same issues (not the spyware though) that I have with Opera, and we both have version 30.0.1835.146, which was pushed as an update by Opera and is listed as stable. However, the official release on the website is ver. 30.0.1835.125! I've downloaded that one, and will do the reinstall as soon as I have time.

 

[TwinHeadedEagle]

Okay, keep me updated.

 

[Jgor]

Will do. Bitdefender still scanning the backup drive (24 hrs so far for 3 drives, and backup has large image files of the first 2). Probably won't finish till tomorrow morning at earliest. If you don't hear from me in the next day or two, it's because I'll be pretty busy running around until late this weekend. I'll squeeze in computer time as I can.

I'm wondering, with the persistence of some Opera behaviors, plus Firefox doing the same, if this is something embedded in a default user profile that isn't specific to the browser. Any thoughts on that? It seems to be triggered by Opera.exe, and probably the same with FF. Why not with Chrome or IE? Any way to track what might link to that exe? Some kind of batch file? If it's not actually in Opera, reverting the version might not fix the issue. Whatever is causing it isn't cool. Today I've had popups for some kind of (alleged) microsoft partner online fix service (http://immediatereponseforcomputer. /pc-support/) that I suspect is phishing.

I still plan to reinstall Opera with the .125 download, then run malwarebits again, but want the scan to complete first. It wouldn't do to clean C drive and have the backup still contaminated. Of course with recent software changes, I'd like to do a fresh image and delete the older ones, but after this spyware is resolved.

 

[TwinHeadedEagle]

I think there was some malicious extension within Opera and Firefox.

 

[Jgor]

I ran Malwarebytes again this morning; nothing detected. However, that screenshot shows that Bitdefender's scan found two infections that Malwarebytes missed. I need some follow-up with them about their scan and have opened a ticket there (they marked a lot of files as password protected, but there are no passwords for things like my CAD/CAM installation file, for example). Once I shoot an email response to them about that, I'll remove Opera. Last time I did it, I believe I saved settings. This time I guess I need to remove all traces before reinstalling.

 

[Jgor]

OK, I think, after weeks of trying one program after another and going through various tech supports (got my refund from Microsoft when they couldn't figure things out) I think things may be resolved, and so simple I'm surprised it took this long. First, BitDefender found those infections. I don't know if "password protected" files are infected, and I know some of those files are just downloaded installation files for known software. After deleting those infected files, I uninstalled Opera and then did some extensive housekeeping, finishing with a complete defrag of my main HD. I then rebooted and opened Firefox, and the same Malwarebytes warning popped up. I then created a new FF profile, and - voila! - no more popup warnings! I then reinstalled Opera, and that now seems to be working without problems too. Hopefully nothing changes in the next couple of days, and I can declare victory! Meanwhile I should shoot a new backup image and delete my old ones. Thanks for your help along the way; you certainly helped steer me towards this resolution. If anything new turns up on your end related to any of the scan files, I'm certainly still on guard.

 

[TwinHeadedEagle]

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself

Recommended reading:
​

MUST READ - security tips:

• Computer Security - a short guide to staying safer online.
• Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance:

• What to do if your Computer is running slowly?

The Importance of Software Updating:
​

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.​

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

• How to configure and use Automatic Updates in Windows
• How to update Java
• How to update Adobe Reader

Recommended additional software:
​

CCleaner - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

Adblock - to surf the web without annoying ads!

Post-cleanup procedures:​

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle