Operating System
Windows 10
Infection date and initial symptoms
Something is opening the browser (when closed) and new tabs (when open) and connecting to advertising sites, pretending to be some lottery winning or malware help sites. (of all possible sites... ;)) I can provide some of the links it opens if this helps in any way.
This started a week ago with the same pop-up ad being opened over and over. Did not seem connected to anything particular I did.
Current issues and symptoms
several pop ups every day with changing pages opening up. each day a different ad less or more.
Steps taken in order to remove the infection
- malwarebytes: made my system unresponsive, even after restarts, had to restart into safe mode and deinstalled. Might have to do with Trend Micro being installed as antivir of choice.
Used the following anti-malware scans after that: ESET Online Scanner, Super Anti Spyware, Spybot Search & Destroy and HijackThis (log attached from HijackThis)
System logs
Yes, I've uploaded the FRST.txt logs
Yes, I've uploaded both FRST.txt and Addition.txt logs
Yes and I've also uploaded logs from other scans that I've performed

ActionChip

Level 1
Hello everyone

Having multiple pop ups each day since a week, nothing helps.
Tried several anti-malware programs. Sometimes it seemed like the pop-up ads are gone just to be back on the next day.
Checked my installed software and deinstalled everything that seemed fishy or unnecessary.
This Windows 10 installation is from Decemeber 2017 (clean install on new harddisk). No pirated software.
I attached everything asked for but I can provide more.
I have not reinstalled Firefox yet but as this malware opens Firefox when it's closed it seemed to be something else than an extension (I also checked them).

Not sure what else i can do, that's why I am here.
Hope you can help me,
Martin
 

Attachments

  • Like
Reactions: oldschool

ActionChip

Level 1
Hello, so far it is. But I haven't opened Chrome or any other browser in the last weeks.
Firefox is the only browser that got opened when closed and the only one that got new tabs when open.
 
  • Like
Reactions: oldschool

ActionChip

Level 1
Should I do an additional Malwarebytes Scan in safe mode? I did try to scan in normal environment which led to an unresponsive or at least very slow system (as described above).
 
  • Like
Reactions: oldschool

ActionChip

Level 1
Something was found and quarantined. Not sure if this is the solution. Will restart into normal mode now.
Had no popups in safe mode but I only have around 5 a day so it can take a while. Since yesterday the popups direct to a website that reads out loudly (!!) about a price won with a robotic voice.
It is driving me insane :D
Malwarebytes said a logfile was saved to the log folder, but I can't find it? Where it that log folder?
The attached file is what I saved afterwards by hand.

Thanks a lot for your help TwinHeadedEagle!
 

Attachments

  • Like
Reactions: oldschool

ActionChip

Level 1
Upon restarting into normal mode my system was again very slow and took ages to load the start programs (outlook, steam...)
I decided to reboot into safe mode again via msconfig.
In safe mode I am trying to deinstall Malwarebytes right now, but the Uninstall Status bar is stuck and nothing happens since 10 minutes.
Attached is a screenshot of what it looks like.
I did close Malwarebytes before uninstalling.

Any idea what I can do?
 
  • Like
Reactions: oldschool

ActionChip

Level 1
Ok so two other guys who are in the same network here have the same ad popups but they are using chrome.
I have no idea if this is of any help but all three of us are still using the old Skype version. (Skype Version 7.41.0.101)
 
Last edited:
  • Like
Reactions: oldschool

ActionChip

Level 1
One of the guys had no pop-ups since installing the skype update.
I had no pop-ups since doing the safe mode malwarebytes scan.

We have not yet resetted the router.
 

ActionChip

Level 1
Like this:

Screenshot_72.jpg

Why was this thread marked as solved?
It's sadly not.

But my colleagues had no new pop-ups after installing the newest Skype version.
Wasn't there a case of Malware brought by Skype ads?
Is that the reason Skype is trying to push its updates on every system start?
 

ActionChip

Level 1
Infection date and initial symptoms:
Something is opening the browser (when closed) and new tabs (when open) and connecting to advertising sites


This particual one opened a tab yesterday. No pop-ups today so far.
 

ActionChip

Level 1
My coworker had the same pop-ups (leading to the same pages) but were using chrome (and that's the browser that opened itself for them) while I am on Mozilla and never had another browser opening.
 
Last edited: