AdWare Keeps Reinstalling Help!?

TROUS3RS

Honorable
Mar 6, 2012
2
0
10,510
0
Over the past week on Chrome numerous pop up ads and fake service pages are automatically opened when browsing, bypassing 2 adblock extensions. I check the extensions installed and the culprit seems to be Rocket Sales and/or Deal2Deal.
I remove the extension each time and also try and uninstall any unknown software from control panel but there is nothing strange to be seen there. I scan with MBAM (free version) and it finds malicious items every time. I delete them completely of course, from quarantine too. Also after reading up on this online i ran AdwCleaner and that too found malicious files and deleted them.
However, after I while browsing today on youtube mainly, the pop up and redirects started occuring again, the adware/virus seemingly returning from the dead each time.
So my question is-from where is this reinstalling, a file/folder on my PC or from websites i am visiting and how can i stop it from occuring again.

Much obliged/many thanks.
 

CWEric

Estimable
Jun 13, 2015
171
0
4,710
32
Scans are best use in safe mode w/ networking to keep internet access to download the following programs.

http://www.bleepingcomputer.com/download/tdsskiller/
http://www.bleepingcomputer.com/download/roguekiller/
http://www.bleepingcomputer.com/download/combofix/
http://www.bleepingcomputer.com/download/junkware-removal-tool/
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

To kill any remaining malware traces left missed by the scanners before it repairs itself again by recreating its missing parts:
For your registry:
Go to start and on the search bar type regedit and open it..
Go to edit and click find and type all of your malware names including appdataFr3 and appdataFr25 into the find what textbox..
Click find next and delete the entry it find, keep doing this until it cannot find anymore of your malware names.

For you files:
Go to your /C.
On the search bar top right corner type your malware names including appdataFr3 and appdataFr25.
Delete all the files and folders it find for each name you enter. Double check that it isn't a legitimate program. Anything found in your browser folder is safe to delete.

Might have to reinstall some of the programs not working anymore after running your scans like some legit browser extension that you use and are certain it is clean.
 

TROUS3RS

Honorable
Mar 6, 2012
2
0
10,510
0


MBAM detects it as potentially unwanted programs called appdataFr3 and appdataFr25 in Users\appdata\roaming. I assume this is the hijacker?

Edit: After googling this i am getting results for ''Vosteran'' ?
 

CWEric

Estimable
Jun 13, 2015
171
0
4,710
32
Scans are best use in safe mode w/ networking to keep internet access to download the following programs.

http://www.bleepingcomputer.com/download/tdsskiller/
http://www.bleepingcomputer.com/download/roguekiller/
http://www.bleepingcomputer.com/download/combofix/
http://www.bleepingcomputer.com/download/junkware-removal-tool/
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

To kill any remaining malware traces left missed by the scanners before it repairs itself again by recreating its missing parts:
For your registry:
Go to start and on the search bar type regedit and open it..
Go to edit and click find and type all of your malware names including appdataFr3 and appdataFr25 into the find what textbox..
Click find next and delete the entry it find, keep doing this until it cannot find anymore of your malware names.

For you files:
Go to your /C.
On the search bar top right corner type your malware names including appdataFr3 and appdataFr25.
Delete all the files and folders it find for each name you enter. Double check that it isn't a legitimate program. Anything found in your browser folder is safe to delete.

Might have to reinstall some of the programs not working anymore after running your scans like some legit browser extension that you use and are certain it is clean.
 
Thread starter Similar threads Forum Replies Date
2 Antivirus / Security / Privacy 7
L Antivirus / Security / Privacy 3
B Antivirus / Security / Privacy 3
Raydge Antivirus / Security / Privacy 9
C Antivirus / Security / Privacy 7
G Antivirus / Security / Privacy 1
C Antivirus / Security / Privacy 8
V Antivirus / Security / Privacy 5
C Antivirus / Security / Privacy 6
G Antivirus / Security / Privacy 4
J Antivirus / Security / Privacy 6
B Antivirus / Security / Privacy 6
C Antivirus / Security / Privacy 10
I Antivirus / Security / Privacy 9
A Antivirus / Security / Privacy 5
IvakaS Antivirus / Security / Privacy 8
Showiz Antivirus / Security / Privacy 15
M Antivirus / Security / Privacy 17
angelness Antivirus / Security / Privacy 20
S Antivirus / Security / Privacy 35

ASK THE COMMUNITY

TRENDING THREADS