Persistant Virus/Malware/Adware that keeps comming back

Cr1tical

Honorable
Aug 20, 2013
3
0
10,510
So i need help getting rid of a malware/adware.
What ever I do it stays on my pc.
let me explaint it to you.

I downloaded Microsoft Toolkit from some random page on Google.
Turned out to be an adware bundle.

It's located here: http://i.imgur.com/ntD9VEE.png (Airstrong and Airstrongs)

As far as i can tell, it keeps on injecting itself in my web browsers by doing this at browser startup: http://i.imgur.com/4RyOFC7.png

and adds a custom command: "%SNF%" line into my browsers shortcuts:
http://i.imgur.com/OzrH5Mh.png

sets my homepage to: http://i.imgur.com/QWez2S8.png

and keeps me from accesing certain web sites such as tom's Hardware and many others. I can use YouTube, FaceBook etc perfectly normal:

http://i.imgur.com/jrlnfjL.png (It says: Connection not possible.
The connection attempt with tomshardware.com has been rejected etc, try again)
It adds Search engines to my browsers. Yahoo and many more.

So far i have tryed:

Reinstaling Mozzila and Chrome, Searching my pc with AVG. results found a virus but it keeps comming back.:
http://i.imgur.com/f52hm3H.png

I've tryed deleting %SNS% from shortcuts, deleting folders called Airstrong and ending Airstrong Process in Task Manager and changing my homepage from C:\\file.airstrong bla bla to Google. Nothing helped this far.

This is a fresh Windows copy. Help me pls.
ty


 
Solution
Airstrong service is running you can disable that and after disable . force stop the process airstrong.
After that go to the C;\Program Data\ delete airstrong and airstrongs folder.
After that remove the entry from environment variable.
Als try to remove from registry.
then reset the browsers

this solution might help in get rid of that virus.

toddybody

Distinguished
Dec 13, 2010
27
0
18,610


Based on the complexity of the malware and the developers behind it...you may want to go through the entire process of:

1. Re-Formatting (C:) HDD
2. Fresh Windows Install
3. Motherboard BIOS re-flash

If I had persistent malware, I'd take a "scorched earth approach" at the chance there are persistent re-installs (hidden disk space, bios based, etc). Worse thing is to take the time to "clean" and re-install Windows...and find it's still there.
 

Cr1tical

Honorable
Aug 20, 2013
3
0
10,510
True but it's allready synced like 50Gigs of games from my steam account, (my DL speed is 6Mbit/s. arround 750Kb.) it is going to take along time to redownload it all and i play csgo on a competetive level so i can't missout any time from pracc ) and this custom theme took 1 hour to install everything. It was a pain i wouldn't really go trough it again if i really dont need to.. I will wait to see if someone has some solutions if not i will be forced to reinstall yes.
 

USAFRet

Illustrious
Moderator


OK, so NOT a 'fresh Windows copy'.

What else have you tried? Malwarebytes? HitmanPro?

Do you have another drive handy?
 

Cr1tical

Honorable
Aug 20, 2013
3
0
10,510


I tried some adwcleaner. Didn't help.

So Now I Reinstalled mozzila after avg did a scan and found and isolated the adware.. maybe that helps.. for now I'm able to enter pages normaly from firefox like before. I will keep you up to speed just in case someone else has the same problem as i do.

I installed windows 3 days ago.. that is fresh in my book :D
 

Wayfall

Honorable
Dec 27, 2013
164
0
10,660
Just for future reference I have found the best/safest way to find and destroy virus, adware or malware was to go into safe mode and go to where I know it is (of course before doing this I find it location in normal setup) then delete it best I can then use a scan.

For so some reason that fixes my malware problems if there is a persistent one, but as long as you have a good firewall like Norton your safe as *uck.

Please be more careful with what sites you go on.
 

dextermat

Distinguished
Sep 21, 2007
634
0
19,010
Hi,

Before reinstalling I would boot in safe mode with networking goto bleepingcomputer.com
download and run JRT ==> roguekiller ==> adwcleaner
reboot and run malware byte antimalware

if the problem persist you will need to reinstall

You should install unchecky, malwarebite anti exploit free, but also adblock plus addon in firefox or chrome to prevent that kind of junk
 

USAFRet

Illustrious
Moderator


The reason I asked about another drive, is to just move your Steam games over to that drive, wipe and reinstall the OS, and then move them back.
Yes, 3 days IS a fresh install.

Given the problems you mentioned initially, I know what I would do.
 

aford10

Distinguished



Run through the link in my signature. That will clear up most infections. If you still have issues beyond that, we can address them.
 

rockey36

Commendable
Feb 29, 2016
1
0
1,520
Airstrong service is running you can disable that and after disable . force stop the process airstrong.
After that go to the C;\Program Data\ delete airstrong and airstrongs folder.
After that remove the entry from environment variable.
Als try to remove from registry.
then reset the browsers

this solution might help in get rid of that virus.



 
Solution