Got a virus, need help.

[Golden Triangle]

Hi all, I'm hoping you may be able to help, it seems I picked up a virus a few weeks ago, I have a very good friend who is an absolute whizz with computers but even he seems to be stumped at the moment by this one.

 

It seems to be a redirect virus, I am running Windows 10, apart from the redirect it also seems to be preventing other applications from loading fully, I will try to explain as best I can, I am not at all techie so please bear with me on this, I thank you all in advance for your help.

 

Windows defender is running and the laptop has also been scanned by the latest fully updated version of SpyHunter4, nothing is being picked up.

 

I had Google Chrome set up to open 3 tabs on start up, No.1 Google Chrome (from there I open my G mail account) No.2 BBC News, UK page & lastly FaceBook.

 

Within FaceBook I play only one game, Criminal Case and my Mrs has her Candy Crush bit but that is all, maybe 6 weeks ago I opened FaceBook and clicked on the link to open Criminal Case (CC) a window opened telling me that I needed to install Flashpayer ( no mention of Adobe) there was no way to close the window apart from click on install, which foolishly I did. Now, when ever I click on BBC news and a couple of other sites I get a redirect window opening which is really really annoying.

 

I will try and get a copy of the screenshot requesting the flash player and I will also get a screenshot of a ThaiVisa window that shows not all the ads and stuff have loaded correctly.

 

Windows 10 has been uninstalled and reinstalled I don't know how many times as has Google Chrome, it seems that as soon as I enter my profile the bloody thing comes back again, could it have something to do with my router ?, internet provider, TMN fiber optic ? Anything at all, hoping you guys & gals can help, as the saying goes "many hands make light work".

 

I'll put the screenshots under this initial post, thanking you in advance peeps 

 

 

 

 

 

 

[Golden Triangle]

[Slip]

Do a quick scan with malware bytes and post what it picks up.

 

https://www.malwarebytes.com/mwb-download/

Edited November 17, 2017 by Slip

[petermik]

ADWCleaner....its a free download by Malawarebytes searches out unwanted ads   

[Golden Triangle]

Just ran another scan with SpyHunter 4, this time after it it update definitions it found this "search.funsafetabsearch.com" I have removed it and have just run Malwarebytes.com, it found something so gonna go and have a look at the results.

[Here It Is]

Sorry, but glad my UK computer is a Mac.  Never have these issues, ever.

[Golden Triangle]

This is getting above my pay grade now, I have my mate monitoring this thread so any further help is welcome, I cleaned with SpyHunter 4 and also with Malwarebytes but the beech is still their 

[maxpower]

You mention that when you enter a profile it triggers the events after installing Windows.

Can you be more explicit. Are you saying you can browse the web without issue before entering this profile. What about when you use Edge

[Slip]

Please post a report from MWB.

[Golden Triangle]

40 minutes ago, Slip said:

Please post a report from MWB.

Hi Slip, I tried to but can't find it now, I think I exported it to note pad but cannot recover it, I will try again. 

[Golden Triangle]

46 minutes ago, maxpower said:

You mention that when you enter a profile it triggers the events after installing Windows.

Can you be more explicit. Are you saying you can browse the web without issue before entering this profile. What about when you use Edge

Hi maxpower, within Google Chrome, Gmail etc you have your own profile with all your e mail addresses etc as you know, my mate had my laptop at his place, cleared it out, re installed stuff and then checked the BBC news page, MSN etc etc, all links were clean without opening a redirect, he was using his ISP and his own id, he brings it back to me, as soon as I log into Google Chrome and Gmail up it comes as bold as bloody Brass 

 

I don't know if the above makes sense to you (I hope so) as you can see from the screen shot above, that is NOT an Adobe window, and earlier today we actually went in and down loaded Adobe Flash player and that window still appears.

[Golden Triangle]

10 minutes ago, Golden Triangle said:

Hi Slip, I tried to but can't find it now, I think I exported it to note pad but cannot recover it, I will try again. 

[Meljames]

2 hours ago, Golden Triangle said:

 

Windows defender is running and the laptop has also been scanned by the latest fully updated version of SpyHunter4, nothing is being picked up.

 

I'd run the Malwarebytes like the above says, if that doesn't get it, run  adwcleaner, superantispyware and hitman pro. You can down load free versions of them in a matter of minutes. If it's a malware problem one of them should catch it.

[maxpower]

Do you know how to change your DNS servers in Win 10. I ask this because when you move this PC back home your problems begin.

[Jdietz]

Read this article about the cause and removal:

 

https://malwaretips.com/blogs/remove-fake-flash-player-update/

 

And for the Mac guy on his high horse:

 

https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/

[Here It Is]

4 minutes ago, Jdietz said:

And for the Mac guy on his high horse:

 

https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/

No high horse needed.  I merely stated you don't have this nonsense on a Mac.  Up to you.

 

 

Edited November 17, 2017 by Here It Is

[Golden Triangle]

6 minutes ago, maxpower said:

Do you know how to change your DNS servers in Win 10. I ask this because when you move this PC back home your problems begin.

No I don't but my mate probably will.

 

[Golden Triangle]

And to add insult to injury, malwarebytes is now blocking SpyHunter 4 if it wasn't so funny I would cry 

 

I did restore it, but every time I go to use SpyHunter it just blocks it again.

Edited November 17, 2017 by Golden Triangle

[Meljames]

1 minute ago, Golden Triangle said:

And to add insult to injury, malwarebytes is now blocking SpyHunter 4 if it wasn't so funny I would cry 

 

If you go into settings, you should be able to turn off 'real time' protection on the spyhunter. Then you can run the malwarebytes

[Slip]

14 minutes ago, Golden Triangle said:

 

PUPs are not necessarily a huge problem.  I see you have some other advice here, so will leave you to follow up on that.  If it doesn't work we can always revisit.

[maxpower]

At this point I think you should at least eliminate the DNS servers at the adapter level and make sure they keep the setting you give them.

 

Whats crazy about this is the fact that you have re-installed the OS. I just hope you are not re-infecting the machine by introducing an infected file or device after you have installed Windows.

 

 

[Jdietz]

22 minutes ago, Here It Is said:

No high horse needed.  I merely stated you don't have this nonsense on a Mac.  Up to you.

 

 

You didn't read the link, did you?

[RichCor]

Looks to me like your Windows 10 is infected with Windows 7, (at least that's what you posted in the screenshot).

[Here It Is]

Just now, RichCor said:

Looks to me like your Windows 10 is infected with Windows 7, (at least that's what you posted in the screenshot).

LOL.

[Slip]

3 minutes ago, maxpower said:

At this point I think you should at least eliminate the DNS servers at the adapter level and make sure they keep the setting you give them.

 

Whats crazy about this is the fact that you have re-installed the OS. I just hope you are not re-infecting the machine by introducing an infected file or device after you have installed Windows.

 

 

Yes, thanks Maxpower- I missed this.  This problem lives through a clean install?

[maxpower]

Just now, RichCor said:

Looks to me like your Windows 10 is infected with Windows 7, (at least that's what you posted in the screenshot).

 

I was wondering about that too. Maybe he got the shot from a Win7 machine. If not then the wheels have really fallen off.

[Peterw42]

OP, spyhunter 4 is a rouge antivirus program (false results so you buy it), thats why malwarebytes is blocking it.

Google it, lots of reputable malware removal sites say its rubbish. 

 

Remove it, malware bytes then hitman pro.

[RichCor]

Logging into a GMAIL or G-Suite account using Chome Browser will automatically load the chrome extensions normally used by that account on any computer with no warning.  It's a pain in the arse, especially if I log into someone else's account to fix something for them ...then end up having to uninstall the stuff from my machine afterwards.

 

So take a look at all the Add-Ons or Extensions your chrome browser has installed while logged into the google account.

[Slip]

4 minutes ago, Peterw42 said:

OP, spyhunter 4 is a rouge antivirus program (false results so you buy it), thats why malwarebytes is blocking it.

Google it, lots of reputable malware removal sites say its rubbish. 

 

Remove it, malware bytes then hitman pro.

I'm kicking myself.  My assumption was of course that 'a user' would know this, but I am entirely wrong in that.  Full marks to you Peterw42 and 0 to me.

[Peterw42]

Just now, Slip said:

I'm kicking myself.  My assumption was of course that 'a user' would know this, but I am entirely wrong in that.  Full marks to you Peterw42 and 0 to me.

Technically its a legit program but when you install it you say yes to lots of crap and redirects etc. If malwarebytes doesn't like it thats a good recommendation to get rid of it.