Malwarebytes and AVG keep finding the same virus over and over again

Kentonwa

Estimable
Aug 26, 2014
3
0
4,510
I've been using both AVG and Malwarebytes to scan my computer regularly for virus' now and recently the same two files keep popping up on the detected files list.
Here is a pic of them found by Malwarebytes
http://i.imgur.com/r2Fygwa.png

It says they're in my Program Files, but when I check there I don't see them. I've looked everywhere from my programs files to my programs list to see if I can uninstall it, still can't find it.
Here is a pic of my Program Files (x86) and the file is nowhere to be seen.
http://i.imgur.com/VuBQDII.png

If anyone can help me it would very much appreciated. Any and all suggestions are welcome.
 
Solution

BACK UP your registry before touching anything in it.

Try scanning in safe mode, the virus won't be able to run unless you manually trigger it. Since it isn't showing up anywhere it might be a rookit. If that's the case, download a rootkit scanner/remover.

Math Geek

Estimable
Herald
google turns up zero hits on that filename but the vendor shows up. here's a page that walks through removing it http://malwaretips.com/blogs/ads-by-obrona-blockads-removal/

it seams to be mostly a browser plugin going by many names. see if anything on these lists appears on your system.
 

Kentonwa

Estimable
Aug 26, 2014
3
0
4,510
I've pretty much done everything that page suggests
It doesn't show up in my programs files for uninstilation, and it isn't on my extensions list for chrome. I'm scanning with Malwarebytes again and it found the same files again even after i deleted them. I still have adware popping up everytime i go to newegg or amazon. Its even popped up here.
 

Kentonwa

Estimable
Aug 26, 2014
3
0
4,510


I found the detected files in the msconfig and when I uncheck them and restart my computer and open up chrome it says it can't connect to the Proxy server. So naturally I looked up how to fix that and none of those solutions worked. It doesn't work until I re-select the detected file in msconfig here are a couple more pictures to show you
http://i.imgur.com/MSXMhvD.png
The Sdronsliolity file is the one that is being detected by malwarebytes and AVG. I have to keep that box checked or else I can't get online.

Heres the Obrona Ads file in the Startup list of msconfig
http://i.imgur.com/G5je3QK.png
 

Math Geek

Estimable
Herald
ok so next step is to track down that file. the start-up foler will tell you where the registry key is that is loading. run regedit, navigate to this key and delete the key and any others associated with it. hopefully on the next reboot, even if it tries to start up the reference will be gone and it'll just skip it. may also be a file path as well you can follow and delete next.

how long has this been on the pc? another option to try if it's only been a week to 10 days or so would be to use the system restore to take the computer back in time to before this thing got there. this works some of the time if it's recent enough. restore should have back-ups going back over a month or more if needed. it won't mess with any personal files but will set programs and such back in time. any program newer than the restore date will be removed. when reinstalling anything be VERY careful that it's not putting this thing back on again. never use the "express" or "recommended" install choice. always chose the advanced or custom method so you can check for bloatware. honestly if the program tries to sneak this type of malware on me i will find something else to use.
 

joshhussey

Estimable
Nov 30, 2014
3
0
4,520
When all else fails for me I use a boot-time scan... Seems to do the trick when I have any issues that seem impossible to resolve.

I believe Avast antivirus offers a boot-time scan even in the free version!
 

modernwar99

Estimable
Jul 9, 2014
40
0
4,610

BACK UP your registry before touching anything in it.

Try scanning in safe mode, the virus won't be able to run unless you manually trigger it. Since it isn't showing up anywhere it might be a rookit. If that's the case, download a rootkit scanner/remover.

 
Solution