So I can't even believe I'm making this forum right now. I actually have adware on my pc, and I can't get rid of it. It seems like it only does anything to me on chrome though, sometimes if I simply click on any sort of link in chrome, it will open in a new tab, but the tab I was just on gets redirected to some dumb Ad like for some "sexiest online game" or something like that. I'm so frustrated because I have Malwarebytes on my pc and it cannot find anything, I've used Chrome Cleaner, I've looked through my extensions and I can't find anything. I've tried installing other anti-adware / anti-spyware and literally none of these programs have been able to detect anything on this computer. I'm honestly considering doing a system restore to about 2-3 weeks back at this point because I'm so sick of this. I'm getting so angry because sometimes when i try to google something on chrome, it starts to load the result then it just changes my search engine to Yahoo or some other garbage. I'm pretty sure the Adware I have is called Cydoor. I saw one of the scanning softwares I downloaded scanning a service called Cydoor, I googled it and found out it was adware, yet the scanning software I used didn't think it was wrong. Can't find it anywhere in my pc either.
Solution
Dark Lord of Tech
Retired Moderator
- Aug 18, 2009
- 3,991
- 11
- 27,115
In all honesty it might be something that is well hidden or difficult to remove. Like Blackbird said, run Hitman and on top of that I would run Super Anti Malware as well. May want to run Kasperskys root kit tool as well. Also, I don't know how familiar you are with autoruns but I would consider running that if possible and see if it's a hidden process in the background or see if its running through a program with a different name. Be sure to check msconfig as well to look at your startup items and services running in the background as well.
Ran the trial of hitman pro, it found and removed some "adware" but literally nothing has changed. I still get popups on chrome. Hitman said I had malware and a lot of Hijacking files which were removed. I looked at the Rootkey tool and it found nothing, super anti malware also found nothing.
Dark Lord of Tech
Retired Moderator
- Aug 18, 2009
- 3,991
- 11
- 27,115
http
/www.majorgeeks.com/files/details/herdprotect.html
Download and run HerdProtect uses 68 scanning engines.
https/malwaretips.com/blogs/remove-cydoor-spyware-popups/
Also look over this.
/www.majorgeeks.com/files/details/herdprotect.htmlDownload and run HerdProtect uses 68 scanning engines.
https
/malwaretips.com/blogs/remove-cydoor-spyware-popups/Also look over this.
Dark Lord of Tech :
http/www.majorgeeks.com/files/details/herdprotect.html
Download and run HerdProtect uses 68 scanning engines.
https/malwaretips.com/blogs/remove-cydoor-spyware-popups/
Also look over this.
/www.majorgeeks.com/files/details/herdprotect.htmlDownload and run HerdProtect uses 68 scanning engines.
https
/malwaretips.com/blogs/remove-cydoor-spyware-popups/Also look over this.
Alright so HerdProtect found nothing, I have already looked at that article but it seems like that article describes how to remove a different variant of the adware. I do not get the same popups that are described in the article. However something I did not think about before was that it isn't its own program or process, but a registry value. I just searched "Cydoor" in my registry and not only did I find it, but along with it I found an enormous list of sketchy website and ad names. So naturally I deleted all the values. I did also try Hijack this, but when I tried to run it, it said my pc denied access to write to host files, so i ran it in elevated privileges and the program was just weird about it, didn't let me do the same sort of scan as before. I'll leave an update with a highlighted solution for anyone who stumbles upon this thread in the future. Hopefully deleting those registry values did the trick.
Quoting CWEric from tomsguide.com
"Remove the malware yourself. Be THE antivirus:
For your registry:
Go to start and on the search bar type regedit and open it.
Go to edit and click find and type all of your malware name AdsAlert into the find what textbox.
Click find next and delete the entry it find, keep doing this until it cannot find anymore of your malware."
This is what I did to fix it.
Here is also a rundown of the symptoms I experienced.
-Upon clicking links at times, a new tab is opened with the link I clicked, where the original tab is redirected to an Advertisement, usually for an online game.
-Sometimes upon opening chrome and typing a search and hitting enter, my search results would be displayed in a search engine I never use such as Yahoo, DuckDuckGo, and Bing. (I never added these search engines, I actually removed them when I first saw them in chrome, reopened chrome this morning and they came back on their own. This happened multiple times.)
-Chrome browser performace was overall slower, but nothing major.
-Anti-Malware scans continued to show Cookies coming from internet explorer and firefox that needed to be removed. These would get deleted and simply come back, likely being regenerated by the adware.
Bottom line is, if you use a bunch of different Anti-malware programs to try and stop this, more than likely it won't, because this annoying adware resides in the registry of your computer. Simply follow the steps I pasted above and you should be ok.
"Remove the malware yourself. Be THE antivirus:
For your registry:
Go to start and on the search bar type regedit and open it.
Go to edit and click find and type all of your malware name AdsAlert into the find what textbox.
Click find next and delete the entry it find, keep doing this until it cannot find anymore of your malware."
This is what I did to fix it.
Here is also a rundown of the symptoms I experienced.
-Upon clicking links at times, a new tab is opened with the link I clicked, where the original tab is redirected to an Advertisement, usually for an online game.
-Sometimes upon opening chrome and typing a search and hitting enter, my search results would be displayed in a search engine I never use such as Yahoo, DuckDuckGo, and Bing. (I never added these search engines, I actually removed them when I first saw them in chrome, reopened chrome this morning and they came back on their own. This happened multiple times.)
-Chrome browser performace was overall slower, but nothing major.
-Anti-Malware scans continued to show Cookies coming from internet explorer and firefox that needed to be removed. These would get deleted and simply come back, likely being regenerated by the adware.
Bottom line is, if you use a bunch of different Anti-malware programs to try and stop this, more than likely it won't, because this annoying adware resides in the registry of your computer. Simply follow the steps I pasted above and you should be ok.
Avast-Team
Estimable
- Mar 3, 2017
- 225
- 1
- 5,165
Another step you may want to try, if you haven't already, is a browser cleaner. This kind of hijacking/adware can often be caused by unwanted or potentially malicious extensions.
I already checked, I don't have any unwanted extensions so that isn't it. I've also used numerous browser cleaners, none worked. I'm still getting popups, but now its just one. Its this same one that tells me to spin a wheel to claim my prize. It rarely comes up, but it still happens sometimes. What also rarely happens is I get directed to Yahoo but thats it. All the other popups are gone. I've deleted all bad registry values and stuff still comes up.
JoshRoss
Estimable
- Jul 11, 2017
- 228
- 0
- 5,260
Just a theory, since you tried pretty much everything. Have you booted in Windows "Safe mode with networking" used RKill to kill any malicious processes and services and then proceeded to do the scans with Malwarebytes, Hitman Pro, AdwCleaner, and Zemana? Afterward used CCleaner to clean up Cache and Registry files.
Or even RKill in normal mode and then try to clean it up.
Sometimes, it's hard to clear everything up in Windows normal mode, but Safe Mode solved that issue.
Or even RKill in normal mode and then try to clean it up.
Sometimes, it's hard to clear everything up in Windows normal mode, but Safe Mode solved that issue.
JoshRoss
Estimable
- Jul 11, 2017
- 228
- 0
- 5,260
I am glad to hear that everything is sorted out at least for the time being. If anything comes up, keep us posted. I am also curious as to what pest manages to avoid that many anti-malware solutions and still cause damage. Would be useful to know for future reference, if someone gets infected. Good luck!
DBAN is for destroying/erasing data securely to prevent recovery, as in... TOTALLY utterly erasing it, writing over it 3-8 times, preventing forensic recovery, DNC/Hillary-style...; it is somewhat pointless compared to simply deleting a partition/quick reformatting in 2 seconds....unless trying to destroy old evidence of emails, etc...
Assuming no rootkits are present, deleting a partition pretty quickly gets rid of malware as well...
JoshRoss
Estimable
- Jul 11, 2017
- 228
- 0
- 5,260
This is where "assuming" comes in. It could be one. I do a couple runs of DBAN when I want to do a thorough and clean reinstall, feels that much safer knowing that any potential remains of data are not there. While I might agree that it is a complete and total overkill to do so. I have had a rootkit before, and it was not fun dealing with it at all.
Similar threads
- Question
TRENDING THREADS
-
-
-
-
-
-
Question Transferring iPhone 8 (iOS 14.5) to new 15: Upgrade 8’s iOS & best method of transfer
- Started by autozonejawana
- Replies: 0
-
Question Honor Magicbook 14/ Huawei D14 suddenly turned off and won't start again- Started by Az guardian
- Replies: 0
Facebook
Twitter