Solved Aggressive Malware - cdncache-a and "Ads by Notification" POP UPS

[AshleySue]

Last week, I messed up and tried downloading something via BitTorrent, which I also had freshly downloaded. Big mistake, and frankly, I'm kicking myself for having known better. Immediatly, I knew I had inadvertantly given myself the gift of malware.

Within a day, occasional targeted popups would come in the next browser tab. If I visited my bank website, another tab would come up saying Wells Fargo wanted me to click to receive my credit score. If I visited Discover Card, a tab would pop up saying Discover Card needed to give me my credit score. If I went to Adobe.com, a pop up tab would claim to be adobe, needing me to take a survey. Now that I'm trying to straighten this out, I keep getting pop ups tabs looking helpful, saying they are pchelpdesk.co or such giving me "malware tips and removal service", but I know better. In about a 24 hour period, it became rampant. It's killing my browsers (Chrome and Firefox), and now I don't even have to visit a new website for them to come. Just being on this page, about every five minutes a new one pops up.

Further, I've run a ton of anti-virus services, all of which keep saying it's clean. Except malwarebytes did notice that a pup kept trying to run. I've realized my browsers are being demolished by cdncache-a. somethinganother. It keeps taking every page. But I don't know what it is or how to stop it. I can't find it in the system, which is driving me nutso.

Then - I found here. And threads that have my problem (after googling cdncache-a.). And hope that this can be eliminated by your awesomeness and knowledge.

Please say you can help, or let me know if my only hope is to reformat. I know this is clearly a dangerous malware going after financial information, and I already fear they may have my bank login info.

 

[argus]

Avira
Kaspersky Internet Security
avast! Antivirus


Can be only one!!!
Uninstall what you want.

 

[argus]

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Task: {21B86AD6-AB68-4BB3-8EE0-C136CCD54814} - \GPUP No Task File <==== ATTENTION
HKU\S-1-5-21-58989595-945218553-2854008374-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-58989595-945218553-2854008374-1001\...\MountPoints2: {5878ba59-3d01-11e3-be7e-78e3b5c23cea} - "G:\HPLauncher.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
EmptyTemp:

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.




================= Next==============



Please download Malwarebytes Anti-Malware [size=8pt]ver. 2.0[/size] and install the application.

Double-click on mbam-setup.exe and follow the prompts to install the program. Upon installation, click Finish
Note: A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish..
On the first launch, you'll get an "Update" notification. Click the 'Update Now >>' link or button to complete update.

• Configure the scanner. On the Settings tab, Detection and Protection adjust the following options:
- subtab Detection Options, tick the box 'Scan for rootkits'.
- subtab Non-Malware Protection, for PUP detections, from 'Warn user abaut detecion' select 'Threat detections as malware'.

• Preform the Scan. Click on the Scan tab, then click on Scan Now >> for Threat Scan.
If an update is available, click the 'Update Now' button, then continue to Scan.
Note: only with some infections, you may see this message box 'Could not load DDA driver'
In this case, click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.

When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes.

• Post the logs. Click on the History tab > Application Logs. Double click on the Scan Log which shows the date and time of just performed scan.
- Click Export button at the bottom, and then select the 'Text file (*.txt)'
- In the Save File dialog box which appears, click on Desktop.
- In the File name: box type "mbam" (without quotes) for your scan log name and click Save.
- A message box "Your file has been successfully exported" should appear, click Ok and close the windows.


Please attach the exported/saved log named as mbam.txt to your next reply.

 

[AshleySue]

Thank you so much.

I chose one anti-virus and deleted the others. I chose Kaspersky.
I did all the steps exactly as you said.
When I ran the scan for Malwarebytes, it came up a clean scan. Obviously, problem still exists.
Files uploaded.

 

[AshleySue]

Hi Guys!

I'm not trying to pester you. I just wanted to make sure this thread doesn't get marked as solved. I haven't heard from anyone in about close to 48 hours, so I thought I would just make sure I'm not totally lost in the chaos of things.

Thank you SO much for the work you do. People like me would be completely up the creek without you and your expertise.

Thank you!

 

[AshleySue]

I found more information be of help to what my computer is doing -
Not only is the cdncache-a keep popping up, BUT
I am noticing that every single browser tab has odd ads - and even my Google searches were looking different to me, and then I noticed "Ad by Notification" on ALL of the ads on EVERY page. I'm assuming that is something major here, as it is clearly connected to the hijacking of my browsers (FF and Chrome). Even this page is infiltrated with many photo/flashing ads with "Ad by Notification" in small text under them.

I sincerely pray you can help. I'm ready to run what you tell me to run, and to remove this malware and be vigilant in whatever advice you have to never let this happen again.

Thank you!

 

[AshleySue]

Hi!

In about 12 hours, it will have been one week exactly since anyone replied to this thread. @argus and I started a dialogue to try to fix this dibilitating malware. It interrupts use of even typing on this forum. I cannot log in to pay my bills, the virus won't allow us to check gmail, hanging us in a loop, the virus pops up new browsers targeting to get us to enter credit and banking info every 10 minutes, and the virus seems to be getting SIGNIFICANTLY worse as the days go on and nothing is done about it. I wanted to bump the topic to see if @argus or @TwinHeadedEagle can be of service.

Again, I apologize, sincerely, and do not intend to bother you. I simply hope we can work on cleaning this system, and if we do the work and realize there is no hope, you can just direct me to start reformatting.

Thank you.
Ashley Sue

 

[AshleySue]

Hi guys!

Again, I hope I'm not bothering you too much, but I am wondering if there is a specific reason no one is working with me? I'm SO ready to buy a round of beers for you, but I cannot get anyone to assist me in the malware removal. I'm not trying to sound pushy, I promise. But it has been a week and a half since the one and only reply I got from you guys. @argus @TwinHeadedEagle please? Someone? Is it normal to wait a couple weeks before having someone assist you because you guys are busy, or did I do something to end communication? I am honestly desperate and am about to lose the only computer I have to this attack, and while I can pay to have someone help me fix it, I do not have the money to replace my year and a half old computer.

Please? Truly. I have gone through your pages and found the page on removing "Ads by Notification", and I have tried so much in the day or two before I found you guys, and you guys seem like the ONLY people out in the world that truly understand malware and how to clean it. I have been SO impressed with how you handle other threads with stubborn malware. Please please help me.

Thank you,
Ashley Sue

 

[AshleySue]

PS. The SECOND I hit "Post Reply" to add my message of begging, a pop-up window in the same browser came up. This is one of literally hundreds I am getting when I use the computer, and because I'm here on a malware removal site, begging, this pop-up focuses on that. Screenshot attached. Please notice in the bottom left corner, the cdncache-a address (constantly running on EVERY tab, though, and killing my browsers), and in the bottom right corner the "Ad by Notification" area. Thank you.

Correction - two attached screenshots. When I clicked "Upload a File", a NEW pop-up window in my browser came up. Same purpose, same idea, different "company" trying to help me, and same information in the bottom corners of my browser.

Please, PLEASE, I cannot beg of you enough, please help. And if it's normal for those of us begging for help to wait a couple weeks to be helped and I'm in a queue, then I understand. I just don't right now, and I feel a bit pathetic.

Thank you!

 

[AshleySue]

I had no choice and had to go to my bank's website (and hope this malware isn't stealing any of my information!), and immediately got this pop-up in my browser. These are the things I'm talking about. Attached screenshot.

 

[NullPointerException]

I have reported your thread for you.

 

[argus]

Sorry I did not see this post. I do not receive mail.





Download

Malwarebytes Anti-Rootkit to your desktop.

• Double-click the icon to start the tool.
• It will ask you where to extract it, then it will start.
• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Click in the introduction screen "next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[AshleySue]

Thank you SO much. I am sorry I sounded so pitiful, but I canNOT express enough how thankful I am for your coming to this thread and helping me!!!

I have attached all requested files. Indeed, though I clearly have a malware problem, the Malwarebytes Anti-Rootkit came up clean. :/

Here are all three files:

THANK YOU SO, SO MUCH!

 

[AshleySue]

Hi again!

It is past six days from the last that anyone tried to help me. Is there a way for me to contact you @argus that will let you know I have sent the tests and files that you asked for in trying to clean this cpu of the malware?

Our internet is almost unusable, and I have no idea what to do except for beg for your help. I am sorry to have to do that!

Thank you,
Ashley Sue

 

[argus]

Scan with Farbar Recovery Scan Tool
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[AshleySue]

Thank you so much, @argus! Here are both requested logfiles from scan I just now ran!

 

[AshleySue]

Also, I noticed that the (ever-increasing) ads showing up all over webpages have "by notificatoin" there. Mispelled. I Googled it, and actually came back here to another thread of someone you helped with the same issues. I cannot believe the frustration of this malware!

http://malwaretips.com/threads/notificatoin-making-me-insane.37934/

 

[argus]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[AshleySue]

Thank you @argus! Fixlog.txt attached!

 

[argus]

How is your PC now?