whoof - computer caught a bad cold (malware, virus, idk) - any ideas?

So yesterday I was looking for the Saab WIS and EPC (workshop information system and electronic parts catalog) stuff to download onto my computer.

Before I found the right link, I found a bad one that something bad had attached itself too, or was just bad to begin with. Of course I was looking for a program (WIS and EPC) to download and install, so I gave this bad guy essentially the warmest welcome to my system possible. DOH!!!

I know there is an issue because now I get lots of popups (none before) in chrome and Microsoft 'edge'. Chrome has a new 'toolbar'. Both browsers take a long time to load pages even though my internet speed is fast. Computer takes longer to boot than it did before. If I just open chrome and wait, it takes me to a default page that beeps and pings and yells at me that my computer is infected and that I should call some fake Microsoft service center number to resolve. Yeah, right. Grrr. I even started to get suspicious that it was changing my google search results when I started to search for anti-malware ideas and it didn't seem like the results were consistent with my cell phone searches.

so, I have run rkill, and it finds 4 processes and stops them. I have run a standard malwarebites scan, and found a deleted a few things, but problem not solved. Ran avast, it finds nothing (but it also completes a "full scan" in like 2 seconds so I almost think it is flawed - whether related or not to the original problem). found a few bad files with hitman pro and deleted. Still had issue. So ran a full scan overnight last night with malwarebites. took 16 hours but found one bad file. Deleted. Still have issue. Microsoft defender found nothing on quick scan and I'm running a full scan now.

I have also booted to safe mode and used the windows disk cleanup utility to remove a bunch of temp files and partial files. I am not going to any websites on my computer that require password entry.

Anything else I can try? I know there are some really good computer folks out here. (Windows 10, Lenovo laptop t420 - pretty old).

Try removing the toolbars manually, they're probably the source of the popups and they antivirus tools aren't recognizing them.

GameboyRMH wrote: Try removing the toolbars manually, they're probably the source of the popups and they antivirus tools aren't recognizing them.

Good point, thanks.

I forgot to mention that I did do an uninstall + remove all related files and reinstall on chrome, and still had issue. This morning, I tried "reseting" chrome and the toolbar itself went away for about 30 seconds before magically coming back.

I'll get rid of the toolbars manually if I can and report back.

Have you tried booting to safe mode before running rkill and malware bytes?

That's usually the special combination that works for me. While in safe mode, go through and manually uninstall the tool bars as well.

I don't know if "HiJack This" is still around, but I used them some back when I ran Windows. Very effective, but not especially N00B friendly.

The fact that the toolbars are coming back after a browser reinstall tells me that there's still a conventional piece of malware running on the PC. HiJackThis is a good analysis tool but not much help to anyone who isn't an expert. Maybe try ComboFix, it specializes in removing particularly stubborn bits of malware.

So I checked combofix, but it appears it does not support win10.

I did run TDSSKiller though, and it got rid on one potentially bad file. THEN I tried AdwCleaner, which identified 25 threats, including a few folders, bunch of registry items, and one hidden chrome extension called : aaaaojmikegpiepcfdkkjaplodkpfmlo

Berk you: mike g pie

I think I may have eliminated the bad stuff for now. Thanks all for the help!

update: not all gone. GRRR!

now I (often, not always) get a new tab when I click any link in the internet, and the existing tab turns into a redirect to a popup ad trying to get me to call windows support at their number. I will lock google chrome if you navigate to the tab. It emulates a BSOD and stuff.

I wonder if I can go back to a restore point before the virus...

You are sure its not just Google Chrome and Microsoft Edge? They are both the devils work, even when they come from a legitimate source.

Google the infection warning and follow instructions for removal.

Compare a few of the results and choose well.

There is very little out there that has not been analyzed and a solution posted.

Streetwiseguy wrote: You are sure its not just Google Chrome and Microsoft Edge? They are both the devils work, even when they come from a legitimate source.

Maybe, except I have been using chrome for years every day, and I've had windows 10 for months, and never seen behavior like this. it is noticeably different than usual.

bentwrench wrote: Google the infection warning and follow instructions for removal. Compare a few of the results and choose well. There is very little out there that has not been analyzed and a solution posted.

This is how I normally fix just about everything, except this time all the solutions posted don't seem to be working. any ideas what to search for?

(the error messages I get and the pages I get taken too are different everytime... its like it is programmed to send you randomly to one of how ever many spammy websites.)

so, here is new news.

I completely uninstalled chrome, ran rkill, nothing. ran malware bytes, nothing. ran adwcleaner, nothing. Ran tdsskiller, nothing. ran windows defender, nothing.

thought it was fixed. but no. Now, on about every 7th click I make, the click automatically opens the link in a new tab, and the old tab redirects to some spammy page. If I do not close the spammy page within a few seconds, it will lock my browser.

If I had to GUESS, I would GUESS that something took over your TCPIP stack thing. That is, it overwrote your OS programs that actually connect to the internet.

There is a windows command thing to put all your system files back to the factory configuration. I don't do 10 (I worked really hard NOT to install 10), but I know that 7 has it and I would assume that 10 does as well. Anyone know how to do it? It puts all the OS files back to as it was shipped but shouldn't affect programs.

So, I would uninstall chrome, then you need to go into the program files directories and delete anything that says google or chrome (it leaves crap in there) and then reset your OS files back to stock. I think.

^A decent possibility, especially if the redirects are happening when there are no unknown toolbars or plugins present. Here's how to do the reset:

http://www.thewindowsclub.com/reset-tcp-ip-internet-protocol

ok. I did a system restore point back to Monday, which should be two days previous to when I got the virus.

Seemed ok at first, but she's back.

I'm at my wit's end (and frankly time's end - I have spent about 20 hours on this so far). What are my next steps?

Should I try to pay someone to fix? Buy someone's anti-malware software (with the success of all the free ones I have low confidence that would work). Should I do a full re-install of windows? Buy a new computer?

I do need to access info that I do not want someone else to have, so I really need to make sure I am using a computer that is not maliciously tracking me.

I wouldn't recommend a commercial antivirus...maybe not even if you were rich, in fact

If you need to access the info and be sure nobody else can get it, one option is to disconnect the computer from all networks and then access it, and don't reconnect the computer until you're sure the virus is gone.

You've just about exhausted the reasonably easy options for getting rid of this thing, you might want to consider backing up your files, wiping the computer and reinstalling windows at this point.

In reply to GameboyRMH:

ok, makes sense. I think win10 makes the wipe and reinstall thing pretty easy, for backing up info would you recommend like a flash drive? or google drive? does it matter?

(i'd really hate to accidentally bring the bad guy along with the backedup files)

Try resetting the winsock thing like GB linked to. Do it with chrome uninstalled and deleted, like I said. If that doesn't work, then try the stuff on this page:

https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options

and in particular 'Use installation media to reinstall Windows 10'. If that doesn't work, back up your document files (not the whole directory structure, as the thing may be living in one of the hidden folders), wipe the drive and start over with a clean install.

You have used a good process monitor software like Process Explorer to try to find it first, right? You run that and start googling each process and service until you find the bad one, then you can find where it is running from, kill it and delete it.

Dr. Hess wrote: Try resetting the winsock thing like GB linked to. Do it with chrome uninstalled and deleted, like I said. If that doesn't work, then try the stuff on this page: https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options and in particular 'Use installation media to reinstall Windows 10'. If that doesn't work, back up your document files (not the whole directory structure, as the thing may be living in one of the hidden folders), wipe the drive and start over with a clean install. You have used a good process monitor software like Process Explorer to try to find it first, right? You run that and start googling each process and service until you find the bad one, then you can find where it is running from, kill it and delete it.

I did try the reset. I have also been using task manager, google, and add or remove programs and just deleting stuff left and right. I have probably deleted more necessary stuff at this point, but I figure I can always redownload or reinstall something I need when something isn't working.

So far it seems I am not seeing the issue again yet, but only time will tell.

Google the website it tries to send you to and see if a fix comes up.