Persistant Malware problem

Gavin_26

Prominent
May 12, 2017
10
0
560
Hi,

I would be very appreciative if someone could take a look at my issue and give me some fresh idea's because I am a little lost at this point.

For the last few weeks I have been having an issue where my system opens up a secondary tab/window at random when browsing the internet. It doesn't seem to be fixed to any particular site and the contents of the site it goes to are always blocked by Malwarebytes as being a risk. It almost always has Ad or Advert in the address listed on Malwarebytes and so it seems to be some sort of persistent malware that is becoming increasingly frustrating.

I have full and active licenses for ESET smart security, Malwarebytes Anti Malware, and Hitman Pro and all are ran on an almost daily basis at this point to try and resolve the issue although they seem to never find anything new at this point. I have also used Adwarecleaner and JRT everytime I have ran my scans too (and always download the latest version!).

As this routine hasn't resolved my issue I have also recently downloaded and ran CCleaner and Spybot as well and added those into my little routine.

I have reset my browser settings (using Google Chrome) and have cleared my Java cache too, but still the problem persists.

I have never had a form of malware be so persistent before and my usual programs (Eset, Malwarebytes and Hitman) are normally enough to keep me bug free.

Unfortunately I do not have a restore point that I can go back too (as the earliest one I had seemed to also be affected) and so that is not an option for me.

I would be very grateful if anyone could give any advice as to how to remove this seemingly random window/tab opener as it is literally driving me crazy at this point.

System Specs:-

Windows 10 64 bit
Eset Smart Security version 10.0.390.0
Malwarebytes version 3.0.6.1469
Hitman pro 3.7.18
Intel I7 Skylake 6700k 4Ghz
32gb Corsair Vengeance LPX Memory
Zotac Amp Extreme Nvidia Geforce 1070 8Gb
Gigabyte Z170X Gaming 7 Motherboard
 
Solution
Have you downloaded /installed a game/prog lately . check in control panel add/remove programs for suspects and remove.
Check startup progs in task manager and disable 1 by 1 untill thing stops .

Herc08

Respectable
Aug 6, 2016
236
0
1,910
Does it only happen in Chrome? Or is it every browser? I would check to see which extensions you have. Also it could be certain sites that causes those tabs to open as well. Try running in Incognito mode and see if you get the same results. If not, then most likely it's an extension.

Again, my recommendation is taht it's probably tied to some site you are visiting.
 

Gavin_26

Prominent
May 12, 2017
10
0
560
I haven't used any other browsers in the last 5 or so years so I would say it is only chrome as to my knowledge I don't even have any others installed at this point.

Also extension wise, I have disabled them all and still get the same issue. I only use Adblock/Adblock Plus and Facebook purity
 

Gavin_26

Prominent
May 12, 2017
10
0
560
Also, when you reset the browser settings it disabled all of the extensions. I have reset the settings numerous times in the last few days and have stilled had the issue.
 

Gavin_26

Prominent
May 12, 2017
10
0
560
As for site visiting - It seems to happen randomly and have noticed it so far on yahoo e-mail, Facebook and Twitter. I don't really do much browsing other than those because it is my games machine.
 

Gavin_26

Prominent
May 12, 2017
10
0
560
Hi Herc08,

Thanks for your suggestions. I have just opened an incogneto window and opened 4 tabs (Facebook, Yahoo, Twitter and Santander banking) and suddenly it opened a tab that was flagged by malwarebytes again. This time the partial info read as "demo.codefuel", although this seems to have been different almost every time it occurs.

I am truly stumped as to how to get rid of this.
 

Herc08

Respectable
Aug 6, 2016
236
0
1,910
Ok, so this is a defnitely a computer problem. Honestly, the best way to get rid of it is re-installing Windows. I know you don't wanna hear it, but unless you wanna keep doing it, that's truly the only way. In fact, you want to use DBAN if it's hiding somewhere else.
 

Yamitime

Estimable
Sep 4, 2014
66
0
4,610
Try to open properties on the shortcut to which ever browser your problem is and check the malware startup isn't present in the executable line.

Right click on Chrome / select properties / it should look something like this "C:\Program Files (x86)\Google\Chrome\Application"

If there is any code beyond that its probably malware. just delete that bit.


 

Gavin_26

Prominent
May 12, 2017
10
0
560
Hi guys,

I have just booted in safe mode and tried to run Malwarebytes and it will not run in safe mode. Every time you try it says "Unable to connect to service" even if booting in safemode with networking (I tried both with and without). If you try to start the service (in services.msc) then it simply says that it will not run in an admin account and to try in an alt account.

I did run Hitman, ADWCleaner and JRT as admin and deleted anything they found, which ADWcleaner did find Search.ask.com and it seems to find that one every time it runs. This could be the culprit.

I have checked the shortcuts, and there is no extra code.

I should add that I had previously checked all of these things too as well, just as an fyi.

I've got to say that reinstalling windows seems like a heck of a drastic move at this point and is only something I will do as a complete last resort as there is usually some sort of workaround to sort these types of issues out. I do appreciate the advice, so please don't think I am complaining - I am just not ready to take such a drastic action when I think there may be another way.
 

Herc08

Respectable
Aug 6, 2016
236
0
1,910
I understanding, OSRIs can be painful. If you want to use another browser, you can try that as well. Again, not sure what is causing. It's strange it's not picking it up like it should.
 

Gavin_26

Prominent
May 12, 2017
10
0
560
Totally strange, that's for sure.

Not trying to be a know it all (because I am far from it) but I am usually quite well enough informed to be able to avoid situations like this as my browsing habits are pretty tame and I hold accounts and regularly use stringent cleansers. I haven't had an issue like this to be completely honest with you since I used to use windows xp so it's between 5 and 10 years as a minimum lol.

This just seems to be a stickler for some reason.
 

Yamitime

Estimable
Sep 4, 2014
66
0
4,610
Have you downloaded /installed a game/prog lately . check in control panel add/remove programs for suspects and remove.
Check startup progs in task manager and disable 1 by 1 untill thing stops .
 
Solution

Gavin_26

Prominent
May 12, 2017
10
0
560
Hi Yami

The one program that I did download which I did initially suspect was Magix Fast cut, though I have uninstalled and reinstalled it due to the problem persisting when it was gone. Also, it was a part of the Humble Streaming bundle, and so I would assume that Humble Bundle are trustworthy enough lol.

It was well worth checking though, that is for sure.
 

Gavin_26

Prominent
May 12, 2017
10
0
560
Windows 10 (or mine anyway) doesn't have a startup section like past versions of windows. It was something i looked for initially but there is no startup tab in the "S" section of the alphabetized start menu.
 

Gavin_26

Prominent
May 12, 2017
10
0
560
Hi guys,

I am sorry for the late reply but I have been a little ill and also wanted to test my solution.

For some reason when I ran ADWcleaner on windows 10, it would not remove the malware that was affecting me. I tried running the program several times and every time it had the same results and I had the same issue afterwards.

I had previously decided to install windows 7 ultimate onto a drive as a secondary boot device for modding games like Skyrim, and did so during the time of having this issue. As I own multiple PC licenses for my spyware products, i installed them on my windows 7 bootup too and obviously ran them there as well. On the first run through of the programs it seemed to find and fix the issue for me. I have been browsing on both win 7 and 10 for the last few days and do not seem to have the issue any more. I have e-mailed Malwarebytes with my system details (and logs) to hopefully find out a little more about the issue and what caused it in the first place.

As of writing this though, I seem to now be bug free again. Thank you to the people who offered advice, I really do appreciate it.