Malware and junk programs keep coming back after removing them with malwarebytes

bwalsh17

Estimable
Jun 9, 2015
7
0
4,510
0
I've got some malware and junk programs that keep coming back. Every day I'll uninstall them with malwarebytes only to have them come back the next day. It's always the same programs too, "BoBrowser", "EyePerform", "I Cinema". What should I do? Thanks in advance.
 

CWEriuc

Estimable
Jun 13, 2015
1
0
4,520
1
You need to get aggressive utilizing every scanner that exist on the internet to get rid of most of bad stuff as you can. This will take awhile and can break some of your legit programs so you will probably need to reinstall them again. Do this at their exact order from top to bottom:

First need to get rid of the rootkits that hide Malwares:
http://www.bleepingcomputer.com/download/tdsskiller (check all and restart computer to take advantage of setting)

2nd opinion anti-rootkit:
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware

Now for the deep Malware scanner, powerful stuff, will find false positive. Might break your antivirus and browser extensions. Just reinstall them later to repair them:
http://www.bleepingcomputer.com/download/combofix

http://www.bleepingcomputer.com/download/junkware-removal-tool

http://www.bleepingcomputer.com/download/roguekiller

http://www.bleepingcomputer.com/download/adwcleaner

At this point the hidden program that keep resurrecting the malware is hopefully gone. Now to run the more familiar consumer friendly scanners:

68 anti-virus scanner in one scan (beware of false positive, if not sure then just quarantine it):
http://www.herdprotect.com

2nd opinion antivirus scanner:
http://www.bleepingcomputer.com/download/hitmanpro

And Malwarebytes Anti-Malware:
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware

You may now uninstall all of this programs except for Malwarebytes Anti-Malware (on demand scanner) and HerdProtect Anti-Malware (free auto schedule scan). Can also download Malwarebytes Anti-Exploit Free for extra proactive protection. http://downloads.malwarebytes.org/file/mbae

Now to clean up any damage left by the malware
I recommend you reset all of your browsers to revert any setting that malware could had change to your browsers: http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

You can optionally run Ccleaner after running and uninstalling all the scanners to fix the holes in your registry and delete some trace left behind from malwares.

If you then get a popup error every time you shutdown your computer, you need to repair your Microsoft .Net Framework by going to your uninstall program list and select repair.

If the malware is still persistent after all this, that mean all the scanners are finding the program legit and you will need to kill it yourself. This is risky so have your OS backup disk ready just incase. If you know the company name of the malware try to find it on your computer registry. Click start, search for regedit and click that program. Click Edit and click find and type the company name, and delete the registry it find and keep searching until it can't find anymore.

This long list probably defeat the purpose of just do a full reinstall your OS but oh well at least you get to keep your stuff.
 

bwalsh17

Estimable
Jun 9, 2015
7
0
4,510
0


Not really, the programs install themselves even when I don't have any internet browsers open

 

rgd1101

Polypheme
Moderator
check your programs and features install history, usually is something that your install recently.
also try http://www.bleepingcomputer.com/download/adwcleaner/
and http://www.surfright.nl/en/hitmanpro/
 

bwalsh17

Estimable
Jun 9, 2015
7
0
4,510
0


I've tried adwcleaner several times and it didn't stop the programs from coming back, but I'll try hitmanPro
 

clutchc

Distinguished
Apr 22, 2009
418
1
19,215
93


If you pay the 25 bucks and get Malwarebytes licensed, you can have it run in the background real-time like your virus pgm. I have mine running full time along with Microsoft Securities Essentials and have never had a virus or Malware since. (years and years). But man! It has caught a ton of crap on some of the ... let's say, less safe... sites.

And that license allows it to be on any and all machines you have at the same time.
 

eatmypie

Honorable
Sep 12, 2013
139
0
10,710
27
It's called use Ccleaner after you remove an infection. Malwarebytes does a terrible job of removing leftover parts of viruses and malware in the registry which are enough to become infected again.
 

bwalsh17

Estimable
Jun 9, 2015
7
0
4,510
0


I use glary utilities after removing them with malwarebytes which is more or less the same thing from what I've heard, but I'll try Ccleaner.

 

clutchc

Distinguished
Apr 22, 2009
418
1
19,215
93


If you're not running Malwarebytes "real time protection" you can expect it to come back the next time you visit the site that you got it from. That's why I said you need to license it so it can run real-time. Like your virus pgm does.
 

eatmypie

Honorable
Sep 12, 2013
139
0
10,710
27
You should make sure the PPID and child processes are terminated. you want to use something like Process Monitor to get better details about what is spawning what. It most likely is some type of software or program that you installed that is doing this. If you leave a child processor or parent process not terminated properly they can rebuild whatever process it wants back from its own. Just do some of your own forensics work and figure out what processes look unusual and figure out which ones are spawning off of it. Just note that Malicious code executable s can spawn off of legit process IDS, but do some research and use your best judgement. Also navigate to your %APPDATA% folder and look under your browsers and look at for example your chrome extensions folder. If you have those PUP's saying they are installed in your browser match the ID of that extension in chrome developer mode and remove the folders in chrome if they match. Once you do that run Ccleaner again or you will just have the same folders spawn again from registry once you reboot.
 

bwalsh17

Estimable
Jun 9, 2015
7
0
4,510
0


I don't go on the same website though. It installs even when my internet browser isn't open.
 

Sophiasoni

Estimable
Apr 15, 2015
19
0
4,570
2
Firstly Unpin all unwanted program from your taskbar.
Open your Systems Control Panel and delete all suspicious programs that cause annoying pop-up ads.
Open your Windows Task Manager and stop all the unwanted related processes
Delete all add ons from your browser and reset you browsers setting.
Remove all unsuspicious files from your system
Open your systems run box by pressing windows+R
Type regedit command in run box and press OK
Remove all related programs from Registry Editor.
Open your window file search and type %localappdata% into the location bar. Then a file related to BOBrowser occur delete It
Run any other strong antivirus program like Immunet, Avira or avast to remove the rest.
 

CWEriuc

Estimable
Jun 13, 2015
1
0
4,520
1
You need to get aggressive utilizing every scanner that exist on the internet to get rid of most of bad stuff as you can. This will take awhile and can break some of your legit programs so you will probably need to reinstall them again. Do this at their exact order from top to bottom:

First need to get rid of the rootkits that hide Malwares:
http://www.bleepingcomputer.com/download/tdsskiller (check all and restart computer to take advantage of setting)

2nd opinion anti-rootkit:
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware

Now for the deep Malware scanner, powerful stuff, will find false positive. Might break your antivirus and browser extensions. Just reinstall them later to repair them:
http://www.bleepingcomputer.com/download/combofix

http://www.bleepingcomputer.com/download/junkware-removal-tool

http://www.bleepingcomputer.com/download/roguekiller

http://www.bleepingcomputer.com/download/adwcleaner

At this point the hidden program that keep resurrecting the malware is hopefully gone. Now to run the more familiar consumer friendly scanners:

68 anti-virus scanner in one scan (beware of false positive, if not sure then just quarantine it):
http://www.herdprotect.com

2nd opinion antivirus scanner:
http://www.bleepingcomputer.com/download/hitmanpro

And Malwarebytes Anti-Malware:
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware

You may now uninstall all of this programs except for Malwarebytes Anti-Malware (on demand scanner) and HerdProtect Anti-Malware (free auto schedule scan). Can also download Malwarebytes Anti-Exploit Free for extra proactive protection. http://downloads.malwarebytes.org/file/mbae

Now to clean up any damage left by the malware
I recommend you reset all of your browsers to revert any setting that malware could had change to your browsers: http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

You can optionally run Ccleaner after running and uninstalling all the scanners to fix the holes in your registry and delete some trace left behind from malwares.

If you then get a popup error every time you shutdown your computer, you need to repair your Microsoft .Net Framework by going to your uninstall program list and select repair.

If the malware is still persistent after all this, that mean all the scanners are finding the program legit and you will need to kill it yourself. This is risky so have your OS backup disk ready just incase. If you know the company name of the malware try to find it on your computer registry. Click start, search for regedit and click that program. Click Edit and click find and type the company name, and delete the registry it find and keep searching until it can't find anymore.

This long list probably defeat the purpose of just do a full reinstall your OS but oh well at least you get to keep your stuff.
 
Thread starter Similar threads Forum Replies Date
S Antivirus / Security / Privacy 1
DCB007 Antivirus / Security / Privacy 4
N Antivirus / Security / Privacy 5
Nighty_z Antivirus / Security / Privacy 5
Ginko-san Antivirus / Security / Privacy 37
K Antivirus / Security / Privacy 2
A Antivirus / Security / Privacy 1
L Antivirus / Security / Privacy 1
N Antivirus / Security / Privacy 6
E Antivirus / Security / Privacy 1
TheSwedishMrBlue Antivirus / Security / Privacy 4
M Antivirus / Security / Privacy 2
L Antivirus / Security / Privacy 5
T Antivirus / Security / Privacy 6
A Antivirus / Security / Privacy 2
L Antivirus / Security / Privacy 12
G Antivirus / Security / Privacy 5
cornerhawaii Antivirus / Security / Privacy 8
G Antivirus / Security / Privacy 6
techguy911 Antivirus / Security / Privacy 3

ASK THE COMMUNITY