Occasional Pop-Up Ads After Clearing Most of a Malware Infection

[2020vision]

PC got infected about one month ago. I had downloaded a file that turned out to be spyware/malware. Initially my computer kept having pop up ads, my browser search engines were changed, my Windows services were affected and a giant Windows 10 ad blocked my desktop and prevented me from doing anything. Since then, I ran several scans through Malwarebytes full version, Hijack This scans, AVG scans, and Spybot scans. They seemed to clear up most of the infection as when I re-scanned twice they could not detect anything. After that I uninstalled all other anti virus programs and just kept AVG and Malwarebytes.

I have noticed the following issues still remain:
- Occasional random pop-up ads, happen around once a day
- Random Windows Power Shell logo pop ups in taskbar, flashes a little then disappears
- Sometimes when opening a program, (e.g. PowerPoint) the window flashes for about 30 seconds - almost as if there are pop up windows trying to come up in front - but then it settles and I am able to use the program - (I think the flashing may be the AVG trying to block the pop-up from coming up)
- I can't seem to run Windows Defender and it seems to be disabled. I tried to run it via services.msc method in terms of enabling service - but I get Error 577 - Cannot verify digital signature (even tried disabling AVG and Malwarebytes services to make sure they weren't blocking it but still no luck)

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

[2020vision]

Thank you so much for taking the time to help me out.

I have run the scan and I've attached the results. I can't seem to upload the original log file as when I do I get the message "uploaded file is empty" from the forum. Therefore I have copied and pasted into notepad to create a new notepad file with the contents of the log. I have attached that file here.

Thanks again.

 

[TwinHeadedEagle]

Very good. How is the situation now?

 

[2020vision]

I still seem to have the problems. No pop ups yet but the flashing of windows happens sometimes whenever opening some programs. I also can't start Windows Defender and get Error 577. No pop up ads or a Windows PowerShell logo showing up in the taskbar yet though.

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[2020vision]

Thanks for staying with it. Here's the latest scan.

 

[TwinHeadedEagle]

Let's try this:

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[2020vision]

Sorry for the delay. The window flashing issue seems to have resolved somewhat. I noticed that the occasional popups that I get come from clicking any link on websites that have a java script component (e.g. Java script to go to previous page). I am still struggling to turn on Windows Defender - I tried uninstalling AVG and Malwarebytes to see if they were blocking it but no luck.

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[2020vision]

Thanks for hanging in there....here you go.

 

[TwinHeadedEagle]

System File Checker

• Press
  
  + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• sfc /scannow

• Windows will begin with system scan.
• When done, please reboot your system.

System File Checker report:

• Press
  
  + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:

• findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

• Attach sfcdetails.txt from your Desktop in your next reply.

Scan with Farbar Service Scanner

Download Farbar Service Scanner by Farbar and save it to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Make sure all of the options are checked!
• Press Scan.
• It will create a log (FSS.txt) in the same directory the tool is run.

Please include that log in your next reply.

 

[2020vision]

Here it is

 

[TwinHeadedEagle]

Okay, let's run one more tool:

Fix with ESET Services Repair

Please download Services Repair by ESET and save it to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• If security notifications appear, click Continue or Run.
• Accept the prompt about restoring services.
• Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
• A log will be saved in the CCSupport folder the tool created on your desktop.

Please include that logfile in your next reply.

 

[2020vision]

Here you go. I still can't open windows defender and keep getting Error 577. No pop ups yet, but they are very occasional so I don't know if that issue is completely solved yet.

 

[TwinHeadedEagle]

Do you now have active Antivirus?

 

[2020vision]

I had seen online that other Antivirus software may be causing the Windows Defender issue. So I uninstalled all the antivirus software that I had including AVG, Malwarebytes, Spybot and Hijackthis. I even went into program files and deleted any remaining folders for these programs after uninstalling. So at the moment, as far as I can tell, I have no other antivirus software.

I am not sure what could be blocking the Windows Defender from turning back on.

 

[TwinHeadedEagle]

Are you able to start Windows Defender now?

 

[2020vision]

No, I still can't start it. I tried some things I read online but I still keep getting Error 577 when I attempt to start the service. My security centre continues to have the message "Windows defender is turned off and is currently being managed by your system administrator. The Turn on Now button is greyed out.

 

[TwinHeadedEagle]

Is this account Administrator?