Common fixes not working against redirects, hijacks, and popups

Capt Peaches

New Member
Thread author
Mar 5, 2014
4
I went to free tv project to stream the prison war episode of Walking Dead this
season (1 month ago), and got trapped in an endless stream of malicious windows, 99%
sure this is the source of my computer's issues. Initially the symptoms were hijacked
windows and pop-ups, but now the computer has ad-ware, coupons, and other weird
windows popping up non-stop.

Hijacked windows, hijacked pop-ups (for instance, a log-in form for my bank or a
store locator for my grocery store search gets hijacked by an advertisement),
redirects, and coupons/price matching/best deals/etc. chilling out in all-too
convenient pull out windows.

I followed the instructions here on MalwareTips to remove nym1 ib adnxs com because
my Chrome browser identified that virus, but none of the software in that guide found
any malicious files. I have also checked the extensions in Chrome for the Right
Coupon pop-outs I saw on a trusted retail site, but Right Coupon does not appear in
the extensions list. I'm at a loss here. :(
 

Attachments

  • Addition.txt
    34.9 KB · Views: 144
  • aswMBR.txt
    1.9 KB · Views: 68
  • FRST.txt
    43.1 KB · Views: 104
  • JRT.txt
    632 bytes · Views: 77

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi,


Please download zoek.zip or zoek.rar by smeenk (
Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.
  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...
  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:

    Code:
    createsrpoint;
    gpt.ini;z
    C:\Windows\System32\GroupPolicy;v
    C:\Windows\SysWOW64\GroupPolicy;v
    StandardSearch;
    emptyfolderscheck;
    installer-list;
    installedprogs;
    uninstall-list;
  • Click on
    Run%20Script%20by%20zoek.png
    button.
    Please wait until a logreport will open (this can be after reboot)
  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Re-run Zoek again with the script below:


Code:
C:\Windows\System32\GroupPolicy\Machine;fs
C:\Windows\System32\GroupPolicy\User;fs
C:\Windows\System32\GroupPolicy\gpt.ini;f
C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
C:\ProgramData\WiAtchItNoaAds;fs
C:\ProgramData\jmcobkpgedmnhenmdnfgplfbhefkalhn;fs
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
C:\\PROGRA~2\\SSSUPP~1;fs
eeedgkpknpkndjednpfdggfnbgemeebh;chr
jglckfaohijblpfdabondpkogfmbflmh;chr
mijhajnnlekeifpmejceaeebegdcipan;chr
mndnfdhejmmikhmgjloohbodpnbdmldl;chr
jmcobkpgedmnhenmdnfgplfbhefkalhn;chr
autoclean;
emptyalltemp;
emptyclsid;
ipconfig /flushdns;b
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
How is the situation now?

Let's run another tool, for final check:


Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.
  • Press Start Scan
  • If Suspicious object is detected, the default action will be Skip, click on Continue.
  • If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.
 

Capt Peaches

New Member
Thread author
Mar 5, 2014
4
TDSSKiller came back with no threats detected, although it hadn't detected any threats even when they were there prior. HOWEVER, I visited a few retail website and the coupon/deal pop-ups did not come back! Super stoked about that!

Furthermore, I went back to the bank site whose legit pop-up window was being hijacked and that too worked as it should, no takeover there either! Again, very satisfied with these results. :)

Thank you VERY much TwinHeadedEagle!
 

Attachments

  • TDSSKiller.3.0.0.25_17.03.2014_11.16.12_log.txt
    209.3 KB · Views: 66

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Glad to hear it :)

I can recommend you this software to avoid Adware in the future:

http://unchecky.com/

Read here how it works --> http://www.howtogeek.com/179758/how-to-avoid-junkware-offers-with-unchecky/


The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
checkmark.png
Remove disinfection tools
checkmark.png
Create registry backup
checkmark.png
Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top