Solved Operating system pop-ups non-stop

[juanb]

I've had a similar problem before which I believe was solved thanks to the Windows 10 update. Now it's back and I really don't know where it's coming from or what to do about it. Barely used this operating system for anything but 3D-design and similar stuff. Apple computer so Windows is installed on a 50gb partition. No problems in OS X. Pictures of the pop-ups, these are all the different kinds I've seen so far:

Imgur: The most awesome images on the Internet

 

[TwinHeadedEagle]

Hello,


Please download Zemana AntiMalware and save it to your Desktop.

• Install the program and once the installation is complete it will start automatically.
• Without changing any options, press Scan to begin.
• After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​

• Open Zemana AntiMalware again.
• Click on
  
  icon and double click the latest report.
• Now click File > Save As and choose your Desktop before pressing Save.
• The only left thing is to attach saved report in your next message.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyclsid;
  emptyalltemp;
  ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

[juanb]

Thank you!

Here are the results:

 

[TwinHeadedEagle]

How is the situation now?

 

[juanb]

Unchanged, pop-ups still appearing (

 

[TwinHeadedEagle]

Is it happening on all websites?
Is it happening in all browsers?
Do you have home router/modem?

 

[juanb]

- The popups appear no matter if I'm running a browser or not, they seem unrelated to any browser or internet activity
- The appearance of the popups is that of a system warning - like "your disk is almost full!" - not that of a browser popup
- I only use Chrome
- I've uninstalled Internet Explorer
- I've only run Edge once (to check if Edge was causing the problem)
- I have a home router connecting to an incoming cable (I live in a student accommodation so I have no control beyond my own router)
- The popups only appear when running the Windows partition of this computer
- Mac OS X has no problems

I've attached another example (I have no idea what is says).

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[juanb]

Also attached the current popup. Pressing OK on this one opens up an identical one immediately.

 

[juanb]

According to Google Translate it's something along the lines of:

"Warning you have excessive pop-up. Windows is please contact [number] for support of immediate that might have been infected!"

Sounds like that Windows Support-scam.

 

[juanb]

Ran AdwCleaner another time. No results.

Restarted and connected to another network in case it was my router or connection. Still more of the same.

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[juanb]

I forgot to run FRST as admin though, is that a problem? Ran it a second time as admin. Let it restart both times.

Still getting popups even after both. Here's the fixlog from the first run.

 

[TwinHeadedEagle]

I still don't understand where are you getting these warnings. Reports doesn't indicate obvious malware infection on your PC. You'll need to help me more than with two 240x320 images.

 

[juanb]

Sorry about that! I'm baffled as well.

I don't think it will help but there's another 7 examples or so in my original post (though via imgur-link).

Here's what it looks like on the desktop:

They seem to appear no matter what program I'm running. Sometimes appearing in focus and sometimes just making the Windows sound for a popup and appearing behind the active window / program.

Could they come from my router but appear even after a restart + connection to another network? On the school network today I got two shortly after I arrived, but after that I was without for half an hour or so. Unfortunately I couldn't stay longer and wait to see if one would eventually appear.

Generally they're very unpredictable. Sometimes I'm stuck with them non-stop for a whole session, and sometimes I only see a few all afternoon.

 

[TwinHeadedEagle]

You had Google Chrome opened. Do they happen without Google Chrome opened?

 

[juanb]

They do.

This is immediately efter restart / startup without opening or doing anything:

 

[TwinHeadedEagle]

Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
• Your machine may appear very slow and unusable after that - it's normal.
• TDSSKiller will run automaticaly. Click on Change parameters and click OK.
• Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:

• If a suspicious object is detected, the default action will be Skip, click on Continue.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  If Cure is not available, please choose Skip instead.
• Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.

 

[juanb]

Thanks a lot for all the help. I really appreciate it.

I haven't run the program yet but I disabled two instances of "Google Update Services" from my startup programs and I haven't had a popup since restarting from that yet. Could those have been the problem? Windows has been warning me about being unable to shut down "Google Update Service" when turning off the computer as well. I've had to force quit those from the logout screen to make the computer shut off.

 

[juanb]

Here's the scan (with "Google Update Services" enabled again) --

Right now I'm having popups again. I'll look closer at how the popups behave tomorrow depending on "Google Update Services" running or not (too late here right now).